API Reference

Token Validation

Rules

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Edit a zone token validation rule

client.TokenValidation.Rules.Edit(ctx, ruleID, params) (*TokenValidationRule, error)

PATCH/zones/{zone_id}/token_validation/rules/{rule_id}

Edit a zone token validation rule.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Account API GatewayDomain API Gateway

ParametersExpand Collapse

ruleID string

UUID.

maxLength36

minLength36

params RuleEditParams

ZoneID param.Field[string]

Path param: Identifier.

maxLength32

Action param.Field[RuleEditParamsAction]optional

Body param: Action to take on requests that match operations included in selector and fail expression.

const RuleEditParamsActionLog RuleEditParamsAction = "log"

const RuleEditParamsActionBlock RuleEditParamsAction = "block"

Description param.Field[string]optional

Body param: A human-readable description that gives more details than title.

maxLength500

Enabled param.Field[bool]optional

Body param: Toggle rule on or off.

Expression param.Field[string]optional

Body param: Rule expression. Requests that fail to match this expression will be subject to action.

For details on expressions, see the Cloudflare Docs.

Position param.Field[RuleEditParamsPosition]optional

Body param: Update rule order among zone rules.

type RuleEditParamsPositionAPIShieldIndex struct{…}

Index int64

Move rule to this position

minimum1

type RuleEditParamsPositionAPIShieldBefore struct{…}

Move rule to after rule with ID.

Before stringoptional

Move rule to before rule with this ID.

formatuuid

maxLength36

type RuleEditParamsPositionAPIShieldAfter struct{…}

Move rule to before rule with ID.

After stringoptional

Move rule to after rule with this ID.

formatuuid

maxLength36

Selector param.Field[RuleEditParamsSelector]optional

Body param: Select operations covered by this rule.

For details on selectors, see the Cloudflare Docs.

Exclude []RuleEditParamsSelectorExcludeoptional

Ignore operations that were otherwise included by include.

OperationIDs []stringoptional

Excluded operation IDs.

Include []RuleEditParamsSelectorIncludeoptional

Select all matching operations.

Host []stringoptional

Included hostnames.

Title param.Field[string]optional

Body param: A human-readable name for the rule.

maxLength50

ReturnsExpand Collapse

type TokenValidationRule struct{…}

A Token Validation rule that can enforce security policies using JWT Tokens.

Action TokenValidationRuleAction

Action to take on requests that match operations included in selector and fail expression.

One of the following:

const TokenValidationRuleActionLog TokenValidationRuleAction = "log"

const TokenValidationRuleActionBlock TokenValidationRuleAction = "block"

Description string

A human-readable description that gives more details than title.

maxLength500

Enabled bool

Toggle rule on or off.

Expression string

Rule expression. Requests that fail to match this expression will be subject to action.

For details on expressions, see the Cloudflare Docs.

Selector TokenValidationRuleSelector

Select operations covered by this rule.

For details on selectors, see the Cloudflare Docs.

Exclude []TokenValidationRuleSelectorExcludeoptional

Ignore operations that were otherwise included by include.

OperationIDs []stringoptional

Excluded operation IDs.

Include []TokenValidationRuleSelectorIncludeoptional

Select all matching operations.

Host []stringoptional

Included hostnames.

Title string

A human-readable name for the rule.

maxLength50

ID stringoptional

UUID.

maxLength36

minLength36

CreatedAt Timeoptional

formatdate-time

LastUpdated Timeoptional

formatdate-time

Edit a zone token validation rule

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/token_validation"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  tokenValidationRule, err := client.TokenValidation.Rules.Edit(
    context.TODO(),
    "4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7",
    token_validation.RuleEditParams{
      ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", tokenValidationRule.ID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "action": "log",
    "description": "Long description for Token Validation Rule",
    "enabled": true,
    "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")",
    "selector": {
      "exclude": [
        {
          "operation_ids": [
            "f9c5615e-fe15-48ce-bec6-cfc1946f1bec",
            "56828eae-035a-4396-ba07-51c66d680a04"
          ]
        }
      ],
      "include": [
        {
          "host": [
            "v1.example.com",
            "v2.example.com"
          ]
        }
      ]
    },
    "title": "Example Token Validation Rule",
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "last_updated": "2014-01-01T05:20:00.12345Z"
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "action": "log",
    "description": "Long description for Token Validation Rule",
    "enabled": true,
    "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")",
    "selector": {
      "exclude": [
        {
          "operation_ids": [
            "f9c5615e-fe15-48ce-bec6-cfc1946f1bec",
            "56828eae-035a-4396-ba07-51c66d680a04"
          ]
        }
      ],
      "include": [
        {
          "host": [
            "v1.example.com",
            "v2.example.com"
          ]
        }
      ]
    },
    "title": "Example Token Validation Rule",
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "last_updated": "2014-01-01T05:20:00.12345Z"
  },
  "success": true
}