# Devices ## List devices (deprecated) `client.ZeroTrust.Devices.List(ctx, query) (*SinglePage[Device], error)` **get** `/accounts/{account_id}/devices` List WARP devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated**: please use one of the following endpoints instead: - GET /accounts/{account_id}/devices/physical-devices - GET /accounts/{account_id}/devices/registrations ### Parameters - `query DeviceListParams` - `AccountID param.Field[string]` ### Returns - `type Device struct{…}` - `ID string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `Created Time` When the device was created. - `Deleted bool` True if the device was deleted. - `DeviceType DeviceDeviceType` - `const DeviceDeviceTypeWindows DeviceDeviceType = "windows"` - `const DeviceDeviceTypeMac DeviceDeviceType = "mac"` - `const DeviceDeviceTypeLinux DeviceDeviceType = "linux"` - `const DeviceDeviceTypeAndroid DeviceDeviceType = "android"` - `const DeviceDeviceTypeIos DeviceDeviceType = "ios"` - `const DeviceDeviceTypeChromeos DeviceDeviceType = "chromeos"` - `IP string` IPv4 or IPv6 address. - `Key string` The device's public key. - `LastSeen Time` When the device last connected to Cloudflare services. - `MacAddress string` The device mac address. - `Manufacturer string` The device manufacturer name. - `Model string` The device model name. - `Name string` The device name. - `OSDistroName string` The Linux distro name. - `OSDistroRevision string` The Linux distro revision. - `OSVersion string` The operating system version. - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `RevokedAt Time` When the device was revoked. - `SerialNumber string` The device serial number. - `Updated Time` When the device was updated. - `User DeviceUser` - `ID string` UUID. - `Email string` The contact email address of the user. - `Name string` The enrolled device user's name. - `Version string` The WARP client version. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.List(context.TODO(), zero_trust.DeviceListParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created": "2017-06-14T00:00:00Z", "deleted": true, "device_type": "windows", "ip": "1.1.1.1", "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=", "last_seen": "2017-06-14T00:00:00Z", "mac_address": "00-00-5E-00-53-00", "manufacturer": "My phone corp", "model": "MyPhone(pro-X)", "name": "My mobile device", "os_distro_name": "ubuntu", "os_distro_revision": "1.0.0", "os_version": "10.0.0", "os_version_extra": "(a) or 6889 or Ubuntu 24.04", "revoked_at": "2017-06-14T00:00:00Z", "serial_number": "EXAMPLEHMD6R", "updated": "2017-06-14T00:00:00Z", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "version": "1.0.0" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device (deprecated) `client.ZeroTrust.Devices.Get(ctx, deviceID, query) (*DeviceGetResponse, error)` **get** `/accounts/{account_id}/devices/{device_id}` Fetches a single WARP device. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated**: please use one of the following endpoints instead: - GET /accounts/{account_id}/devices/physical-devices/{device_id} - GET /accounts/{account_id}/devices/registrations/{registration_id} ### Parameters - `deviceID string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `query DeviceGetParams` - `AccountID param.Field[string]` ### Returns - `type DeviceGetResponse struct{…}` - `ID string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `Account DeviceGetResponseAccount` - `ID string` - `AccountType string` - `Name string` The name of the enrolled account. - `Created Time` When the device was created. - `Deleted bool` True if the device was deleted. - `DeviceType string` - `GatewayDeviceID string` - `IP string` IPv4 or IPv6 address. - `Key string` The device's public key. - `KeyType string` Type of the key. - `LastSeen Time` When the device last connected to Cloudflare services. - `MacAddress string` The device mac address. - `Model string` The device model name. - `Name string` The device name. - `OSVersion string` The operating system version. - `SerialNumber string` The device serial number. - `TunnelType string` Type of the tunnel connection used. - `Updated Time` When the device was updated. - `User DeviceGetResponseUser` - `ID string` UUID. - `Email string` The contact email address of the user. - `Name string` The enrolled device user's name. - `Version string` The WARP client version. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) device, err := client.ZeroTrust.Devices.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DeviceGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", device.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "account": { "id": "id", "account_type": "account_type", "name": "Company" }, "created": "2017-06-14T00:00:00Z", "deleted": true, "device_type": "windows", "gateway_device_id": "PD33E90AXfafe14643cbbbc-4a0ed4fc8415Q", "ip": "1.1.1.1", "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=", "key_type": "curve25519", "last_seen": "2017-06-14T00:00:00Z", "mac_address": "00-00-5E-00-53-00", "model": "MyPhone(pro-X)", "name": "My mobile device", "os_version": "10.0.0", "serial_number": "EXAMPLEHMD6R", "tunnel_type": "masque", "updated": "2017-06-14T00:00:00Z", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "version": "1.0.0" }, "success": true } ``` ## Domain Types ### Device - `type Device struct{…}` - `ID string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `Created Time` When the device was created. - `Deleted bool` True if the device was deleted. - `DeviceType DeviceDeviceType` - `const DeviceDeviceTypeWindows DeviceDeviceType = "windows"` - `const DeviceDeviceTypeMac DeviceDeviceType = "mac"` - `const DeviceDeviceTypeLinux DeviceDeviceType = "linux"` - `const DeviceDeviceTypeAndroid DeviceDeviceType = "android"` - `const DeviceDeviceTypeIos DeviceDeviceType = "ios"` - `const DeviceDeviceTypeChromeos DeviceDeviceType = "chromeos"` - `IP string` IPv4 or IPv6 address. - `Key string` The device's public key. - `LastSeen Time` When the device last connected to Cloudflare services. - `MacAddress string` The device mac address. - `Manufacturer string` The device manufacturer name. - `Model string` The device model name. - `Name string` The device name. - `OSDistroName string` The Linux distro name. - `OSDistroRevision string` The Linux distro revision. - `OSVersion string` The operating system version. - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `RevokedAt Time` When the device was revoked. - `SerialNumber string` The device serial number. - `Updated Time` When the device was updated. - `User DeviceUser` - `ID string` UUID. - `Email string` The contact email address of the user. - `Name string` The enrolled device user's name. - `Version string` The WARP client version. # Devices ## List devices `client.ZeroTrust.Devices.Devices.List(ctx, params) (*CursorPagination[DeviceDeviceListResponse], error)` **get** `/accounts/{account_id}/devices/physical-devices` Lists WARP devices. ### Parameters - `params DeviceDeviceListParams` - `AccountID param.Field[string]` Path param - `ID param.Field[[]string]` Query param: Filter by a one or more device IDs. - `ActiveRegistrations param.Field[DeviceDeviceListParamsActiveRegistrations]` Query param: Include or exclude devices with active registrations. The default is "only" - return only devices with active registrations. - `const DeviceDeviceListParamsActiveRegistrationsInclude DeviceDeviceListParamsActiveRegistrations = "include"` - `const DeviceDeviceListParamsActiveRegistrationsOnly DeviceDeviceListParamsActiveRegistrations = "only"` - `const DeviceDeviceListParamsActiveRegistrationsExclude DeviceDeviceListParamsActiveRegistrations = "exclude"` - `Cursor param.Field[string]` Query param: Opaque token indicating the starting position when requesting the next set of records. A cursor value can be obtained from the result_info.cursor field in the response. - `Include param.Field[string]` Query param: Comma-separated list of additional information that should be included in the device response. Supported values are: "last_seen_registration.policy". - `LastSeenUser param.Field[DeviceDeviceListParamsLastSeenUser]` Query param - `Email string` Filter by the last seen user's email. - `PerPage param.Field[int64]` Query param: The maximum number of devices to return in a single response. - `Search param.Field[string]` Query param: Search by device details. - `SeenAfter param.Field[string]` Query param: Filter by the last_seen timestamp - returns only devices last seen after this timestamp. - `SeenBefore param.Field[string]` Query param: Filter by the last_seen timestamp - returns only devices last seen before this timestamp. - `SortBy param.Field[DeviceDeviceListParamsSortBy]` Query param: The device field to order results by. - `const DeviceDeviceListParamsSortByName DeviceDeviceListParamsSortBy = "name"` - `const DeviceDeviceListParamsSortByID DeviceDeviceListParamsSortBy = "id"` - `const DeviceDeviceListParamsSortByClientVersion DeviceDeviceListParamsSortBy = "client_version"` - `const DeviceDeviceListParamsSortByLastSeenUserEmail DeviceDeviceListParamsSortBy = "last_seen_user.email"` - `const DeviceDeviceListParamsSortByLastSeenAt DeviceDeviceListParamsSortBy = "last_seen_at"` - `const DeviceDeviceListParamsSortByActiveRegistrations DeviceDeviceListParamsSortBy = "active_registrations"` - `const DeviceDeviceListParamsSortByCreatedAt DeviceDeviceListParamsSortBy = "created_at"` - `SortOrder param.Field[DeviceDeviceListParamsSortOrder]` Query param: Sort direction. - `const DeviceDeviceListParamsSortOrderAsc DeviceDeviceListParamsSortOrder = "asc"` - `const DeviceDeviceListParamsSortOrderDesc DeviceDeviceListParamsSortOrder = "desc"` ### Returns - `type DeviceDeviceListResponse struct{…}` A WARP Device. - `ID string` The unique ID of the device. - `ActiveRegistrations int64` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `CreatedAt string` The RFC3339 timestamp when the device was created. - `LastSeenAt string` The RFC3339 timestamp when the device was last seen. - `Name string` The name of the device. - `UpdatedAt string` The RFC3339 timestamp when the device was last updated. - `ClientVersion string` Version of the WARP client. - `DeletedAt string` The RFC3339 timestamp when the device was deleted. - `DeviceType string` The device operating system. - `HardwareID string` A string that uniquely identifies the hardware or virtual machine (VM). - `LastSeenRegistration DeviceDeviceListResponseLastSeenRegistration` The last seen registration for the device. - `Policy DeviceDeviceListResponseLastSeenRegistrationPolicy` A summary of the device profile evaluated for the registration. - `ID string` The ID of the device settings profile. - `Default bool` Whether the device settings profile is the default profile for the account. - `Deleted bool` Whether the device settings profile was deleted. - `Name string` The name of the device settings profile. - `UpdatedAt string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `LastSeenUser DeviceDeviceListResponseLastSeenUser` The last user to use the WARP device. - `ID string` UUID. - `Email string` The contact email address of the user. - `Name string` The enrolled device user's name. - `MacAddress string` The device MAC address. - `Manufacturer string` The device manufacturer. - `Model string` The model name of the device. - `OSVersion string` The device operating system version number. - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `PublicIP string` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `SerialNumber string` The device serial number. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Devices.List(context.TODO(), zero_trust.DeviceDeviceListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "fc9ab6ab-3b94-4319-9941-459462b3d73e", "active_registrations": 1, "created_at": "2025-02-14T13:17:00Z", "last_seen_at": "2025-02-14T13:17:00Z", "name": "My Device", "updated_at": "2025-02-14T13:17:00Z", "client_version": "1.0.0", "deleted_at": "2025-02-14T13:17:00Z", "device_type": "linux", "hardware_id": "hardware_id", "last_seen_registration": { "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" } }, "last_seen_user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "mac_address": "f5:01:73:cf:12:23", "manufacturer": "ACME", "model": "Mark VII", "os_version": "os_version", "os_version_extra": "os_version_extra", "public_ip": "1.1.1.1", "serial_number": "ABS765ASD8A" } ], "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Get device `client.ZeroTrust.Devices.Devices.Get(ctx, deviceID, params) (*DeviceDeviceGetResponse, error)` **get** `/accounts/{account_id}/devices/physical-devices/{device_id}` Fetches a single WARP device. ### Parameters - `deviceID string` - `params DeviceDeviceGetParams` - `AccountID param.Field[string]` Path param - `Include param.Field[string]` Query param: Comma-separated list of additional information that should be included in the device response. Supported values are: "last_seen_registration.policy". ### Returns - `type DeviceDeviceGetResponse struct{…}` A WARP Device. - `ID string` The unique ID of the device. - `ActiveRegistrations int64` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `CreatedAt string` The RFC3339 timestamp when the device was created. - `LastSeenAt string` The RFC3339 timestamp when the device was last seen. - `Name string` The name of the device. - `UpdatedAt string` The RFC3339 timestamp when the device was last updated. - `ClientVersion string` Version of the WARP client. - `DeletedAt string` The RFC3339 timestamp when the device was deleted. - `DeviceType string` The device operating system. - `HardwareID string` A string that uniquely identifies the hardware or virtual machine (VM). - `LastSeenRegistration DeviceDeviceGetResponseLastSeenRegistration` The last seen registration for the device. - `Policy DeviceDeviceGetResponseLastSeenRegistrationPolicy` A summary of the device profile evaluated for the registration. - `ID string` The ID of the device settings profile. - `Default bool` Whether the device settings profile is the default profile for the account. - `Deleted bool` Whether the device settings profile was deleted. - `Name string` The name of the device settings profile. - `UpdatedAt string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `LastSeenUser DeviceDeviceGetResponseLastSeenUser` The last user to use the WARP device. - `ID string` UUID. - `Email string` The contact email address of the user. - `Name string` The enrolled device user's name. - `MacAddress string` The device MAC address. - `Manufacturer string` The device manufacturer. - `Model string` The model name of the device. - `OSVersion string` The device operating system version number. - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `PublicIP string` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `SerialNumber string` The device serial number. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) device, err := client.ZeroTrust.Devices.Devices.Get( context.TODO(), "device_id", zero_trust.DeviceDeviceGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", device.ID) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "fc9ab6ab-3b94-4319-9941-459462b3d73e", "active_registrations": 1, "created_at": "2025-02-14T13:17:00Z", "last_seen_at": "2025-02-14T13:17:00Z", "name": "My Device", "updated_at": "2025-02-14T13:17:00Z", "client_version": "1.0.0", "deleted_at": "2025-02-14T13:17:00Z", "device_type": "linux", "hardware_id": "hardware_id", "last_seen_registration": { "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" } }, "last_seen_user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "mac_address": "f5:01:73:cf:12:23", "manufacturer": "ACME", "model": "Mark VII", "os_version": "os_version", "os_version_extra": "os_version_extra", "public_ip": "1.1.1.1", "serial_number": "ABS765ASD8A" }, "success": true } ``` ## Delete device `client.ZeroTrust.Devices.Devices.Delete(ctx, deviceID, body) (*DeviceDeviceDeleteResponse, error)` **delete** `/accounts/{account_id}/devices/physical-devices/{device_id}` Deletes a WARP device. ### Parameters - `deviceID string` - `body DeviceDeviceDeleteParams` - `AccountID param.Field[string]` ### Returns - `type DeviceDeviceDeleteResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) device, err := client.ZeroTrust.Devices.Devices.Delete( context.TODO(), "device_id", zero_trust.DeviceDeviceDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", device) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Revoke device registrations `client.ZeroTrust.Devices.Devices.Revoke(ctx, deviceID, body) (*DeviceDeviceRevokeResponse, error)` **post** `/accounts/{account_id}/devices/physical-devices/{device_id}/revoke` Revokes all WARP registrations associated with the specified device. ### Parameters - `deviceID string` - `body DeviceDeviceRevokeParams` - `AccountID param.Field[string]` ### Returns - `type DeviceDeviceRevokeResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.ZeroTrust.Devices.Devices.Revoke( context.TODO(), "device_id", zero_trust.DeviceDeviceRevokeParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` # Resilience # Global WARP Override ## Retrieve Global WARP override state `client.ZeroTrust.Devices.Resilience.GlobalWARPOverride.Get(ctx, query) (*DeviceResilienceGlobalWARPOverrideGetResponse, error)` **get** `/accounts/{account_id}/devices/resilience/disconnect` Fetch the Global WARP override state. ### Parameters - `query DeviceResilienceGlobalWARPOverrideGetParams` - `AccountID param.Field[string]` ### Returns - `type DeviceResilienceGlobalWARPOverrideGetResponse struct{…}` - `Disconnect bool` Disconnects all devices on the account using Global WARP override. - `Timestamp Time` When the Global WARP override state was updated. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) globalWARPOverride, err := client.ZeroTrust.Devices.Resilience.GlobalWARPOverride.Get(context.TODO(), zero_trust.DeviceResilienceGlobalWARPOverrideGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", globalWARPOverride.Disconnect) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disconnect": false, "timestamp": "1970-01-01T00:00:00.000Z" }, "success": true } ``` ## Set Global WARP override state `client.ZeroTrust.Devices.Resilience.GlobalWARPOverride.New(ctx, params) (*DeviceResilienceGlobalWARPOverrideNewResponse, error)` **post** `/accounts/{account_id}/devices/resilience/disconnect` Sets the Global WARP override state. ### Parameters - `params DeviceResilienceGlobalWARPOverrideNewParams` - `AccountID param.Field[string]` Path param - `Disconnect param.Field[bool]` Body param: Disconnects all devices on the account using Global WARP override. - `Justification param.Field[string]` Body param: Reasoning for setting the Global WARP override state. This will be surfaced in the audit log. ### Returns - `type DeviceResilienceGlobalWARPOverrideNewResponse struct{…}` - `Disconnect bool` Disconnects all devices on the account using Global WARP override. - `Timestamp Time` When the Global WARP override state was updated. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) globalWARPOverride, err := client.ZeroTrust.Devices.Resilience.GlobalWARPOverride.New(context.TODO(), zero_trust.DeviceResilienceGlobalWARPOverrideNewParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Disconnect: cloudflare.F(false), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", globalWARPOverride.Disconnect) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disconnect": false, "timestamp": "1970-01-01T00:00:00.000Z" }, "success": true } ``` # Registrations ## List registrations `client.ZeroTrust.Devices.Registrations.List(ctx, params) (*CursorPagination[DeviceRegistrationListResponse], error)` **get** `/accounts/{account_id}/devices/registrations` Lists WARP registrations. ### Parameters - `params DeviceRegistrationListParams` - `AccountID param.Field[string]` Path param - `ID param.Field[[]string]` Query param: Filter by registration ID. - `Cursor param.Field[string]` Query param: Opaque token indicating the starting position when requesting the next set of records. A cursor value can be obtained from the result_info.cursor field in the response. - `Device param.Field[DeviceRegistrationListParamsDevice]` Query param - `ID string` Filter by WARP device ID. - `Include param.Field[string]` Query param: Comma-separated list of additional information that should be included in the registration response. Supported values are: "policy". - `PerPage param.Field[int64]` Query param: The maximum number of devices to return in a single response. - `Search param.Field[string]` Query param: Filter by registration details. - `SeenAfter param.Field[string]` Query param: Filter by the last_seen timestamp - returns only registrations last seen after this timestamp. - `SeenBefore param.Field[string]` Query param: Filter by the last_seen timestamp - returns only registrations last seen before this timestamp. - `SortBy param.Field[DeviceRegistrationListParamsSortBy]` Query param: The registration field to order results by. - `const DeviceRegistrationListParamsSortByID DeviceRegistrationListParamsSortBy = "id"` - `const DeviceRegistrationListParamsSortByUserName DeviceRegistrationListParamsSortBy = "user.name"` - `const DeviceRegistrationListParamsSortByUserEmail DeviceRegistrationListParamsSortBy = "user.email"` - `const DeviceRegistrationListParamsSortByLastSeenAt DeviceRegistrationListParamsSortBy = "last_seen_at"` - `const DeviceRegistrationListParamsSortByCreatedAt DeviceRegistrationListParamsSortBy = "created_at"` - `SortOrder param.Field[DeviceRegistrationListParamsSortOrder]` Query param: Sort direction. - `const DeviceRegistrationListParamsSortOrderAsc DeviceRegistrationListParamsSortOrder = "asc"` - `const DeviceRegistrationListParamsSortOrderDesc DeviceRegistrationListParamsSortOrder = "desc"` - `Status param.Field[DeviceRegistrationListParamsStatus]` Query param: Filter by registration status. Defaults to 'active'. - `const DeviceRegistrationListParamsStatusActive DeviceRegistrationListParamsStatus = "active"` - `const DeviceRegistrationListParamsStatusAll DeviceRegistrationListParamsStatus = "all"` - `const DeviceRegistrationListParamsStatusRevoked DeviceRegistrationListParamsStatus = "revoked"` - `User param.Field[DeviceRegistrationListParamsUser]` Query param - `ID []string` Filter by user ID. ### Returns - `type DeviceRegistrationListResponse struct{…}` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `ID string` The ID of the registration. - `CreatedAt string` The RFC3339 timestamp when the registration was created. - `Device DeviceRegistrationListResponseDevice` Device details embedded inside of a registration. - `ID string` The ID of the device. - `Name string` The name of the device. - `ClientVersion string` Version of the WARP client. - `Key string` The public key used to connect to the Cloudflare network. - `LastSeenAt string` The RFC3339 timestamp when the registration was last seen. - `UpdatedAt string` The RFC3339 timestamp when the registration was last updated. - `DeletedAt string` The RFC3339 timestamp when the registration was deleted. - `KeyType string` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `Policy DeviceRegistrationListResponsePolicy` The device settings profile assigned to this registration. - `ID string` The ID of the device settings profile. - `Default bool` Whether the device settings profile is the default profile for the account. - `Deleted bool` Whether the device settings profile was deleted. - `Name string` The name of the device settings profile. - `UpdatedAt string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `RevokedAt string` The RFC3339 timestamp when the registration was revoked. - `TunnelType string` Type of the tunnel - wireguard or masque. - `User DeviceRegistrationListResponseUser` - `ID string` UUID. - `Email string` The contact email address of the user. - `Name string` The enrolled device user's name. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Registrations.List(context.TODO(), zero_trust.DeviceRegistrationListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [], "messages": [], "result": [ { "created_at": "2025-02-14T13:17:00Z", "deleted_at": null, "device": { "client_version": "1.0.0", "id": "32aa0404-78f1-49a4-99e0-97f575081356", "name": "My Device" }, "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "key": "U+QTP50RsWfeLGHF4tlGDnmGeuwtsz46KCHr5OyhWq00Rsdfl45mgnQAuEJ6CO0YrkyTl9FUf5iB0bwYR3g4EEFEHhtu6jFaqfMrBMBSz6itv9HQXkaR9OieKQ==", "key_type": "secp256r1", "last_seen_at": "2025-02-14T13:17:00Z", "revoked_at": null, "tunnel_type": "masque", "updated_at": "2025-02-14T13:17:00Z", "user": { "email": "alice@example.org", "id": "30323c1f-318d-4ec9-92c7-5a8c4d25c4fc", "name": "Alice" } }, { "created_at": "2025-02-15T10:20:00Z", "deleted_at": null, "device": { "client_version": "1.0.1", "id": "43bb1515-8902-50b5-aa01-a88686192467", "name": "Bob's Laptop" }, "id": "22eedc7a-4a1d-5417-c5b3-f73a983c277b", "key": "V/RSP61StXgfmLHJG5umHEonHfvxtz57LDIs6PziXr11Stegm56nhrRBvFK7DP1ZsLzUm0GVg6jC1cxZS4h5FFGFJiju7kGbrgNsCNCT77juw0IRYlS0QpjgLR==", "key_type": "secp256r1", "last_seen_at": "2025-02-15T10:25:00Z", "revoked_at": null, "tunnel_type": "masque", "updated_at": "2025-02-15T10:25:00Z", "user": { "email": "bob@example.com", "id": "41434d2a-429e-5fd0-a3d8-6b9d5e36d5ad", "name": "Bob" } } ], "result_info": { "count": 2, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null }, "success": true } ``` ## Get registration `client.ZeroTrust.Devices.Registrations.Get(ctx, registrationID, params) (*DeviceRegistrationGetResponse, error)` **get** `/accounts/{account_id}/devices/registrations/{registration_id}` Fetches a single WARP registration. ### Parameters - `registrationID string` - `params DeviceRegistrationGetParams` - `AccountID param.Field[string]` Path param - `Include param.Field[string]` Query param: Comma-separated list of additional information that should be included in the registration response. Supported values are: "policy". ### Returns - `type DeviceRegistrationGetResponse struct{…}` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `ID string` The ID of the registration. - `CreatedAt string` The RFC3339 timestamp when the registration was created. - `Device DeviceRegistrationGetResponseDevice` Device details embedded inside of a registration. - `ID string` The ID of the device. - `Name string` The name of the device. - `ClientVersion string` Version of the WARP client. - `Key string` The public key used to connect to the Cloudflare network. - `LastSeenAt string` The RFC3339 timestamp when the registration was last seen. - `UpdatedAt string` The RFC3339 timestamp when the registration was last updated. - `DeletedAt string` The RFC3339 timestamp when the registration was deleted. - `KeyType string` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `Policy DeviceRegistrationGetResponsePolicy` The device settings profile assigned to this registration. - `ID string` The ID of the device settings profile. - `Default bool` Whether the device settings profile is the default profile for the account. - `Deleted bool` Whether the device settings profile was deleted. - `Name string` The name of the device settings profile. - `UpdatedAt string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `RevokedAt string` The RFC3339 timestamp when the registration was revoked. - `TunnelType string` Type of the tunnel - wireguard or masque. - `User DeviceRegistrationGetResponseUser` - `ID string` UUID. - `Email string` The contact email address of the user. - `Name string` The enrolled device user's name. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) registration, err := client.ZeroTrust.Devices.Registrations.Get( context.TODO(), "registration_id", zero_trust.DeviceRegistrationGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", registration.ID) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "created_at": "2025-02-14T13:17:00Z", "device": { "id": "32aa0404-78f1-49a4-99e0-97f575081356", "name": "My Device", "client_version": "1.0.0" }, "key": "U+QTP50RsWfeLGHF4tlGDnmGeuwtsz46KCHr5OyhWq00Rsdfl45mgnQAuEJ6CO0YrkyTl9FUf5iB0bwYR3g4EEFEHhtu6jFaqfMrBMBSz6itv9HQXkaR9OieKQ==", "last_seen_at": "2025-02-14T13:17:00Z", "updated_at": "2025-02-14T13:17:00Z", "deleted_at": "2025-02-14T13:17:00Z", "key_type": "secp256r1", "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" }, "revoked_at": "2025-02-14T13:17:00Z", "tunnel_type": "masque", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" } }, "success": true } ``` ## Delete registration `client.ZeroTrust.Devices.Registrations.Delete(ctx, registrationID, body) (*DeviceRegistrationDeleteResponse, error)` **delete** `/accounts/{account_id}/devices/registrations/{registration_id}` Deletes a WARP registration. ### Parameters - `registrationID string` - `body DeviceRegistrationDeleteParams` - `AccountID param.Field[string]` ### Returns - `type DeviceRegistrationDeleteResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) registration, err := client.ZeroTrust.Devices.Registrations.Delete( context.TODO(), "registration_id", zero_trust.DeviceRegistrationDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", registration) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Delete registrations `client.ZeroTrust.Devices.Registrations.BulkDelete(ctx, params) (*DeviceRegistrationBulkDeleteResponse, error)` **delete** `/accounts/{account_id}/devices/registrations` Deletes a list of WARP registrations. ### Parameters - `params DeviceRegistrationBulkDeleteParams` - `AccountID param.Field[string]` Path param - `ID param.Field[[]string]` Query param: A list of registration IDs to delete. ### Returns - `type DeviceRegistrationBulkDeleteResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.ZeroTrust.Devices.Registrations.BulkDelete(context.TODO(), zero_trust.DeviceRegistrationBulkDeleteParams{ AccountID: cloudflare.F("account_id"), ID: cloudflare.F([]string{"string"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Revoke registrations `client.ZeroTrust.Devices.Registrations.Revoke(ctx, params) (*DeviceRegistrationRevokeResponse, error)` **post** `/accounts/{account_id}/devices/registrations/revoke` Revokes a list of WARP registrations. ### Parameters - `params DeviceRegistrationRevokeParams` - `AccountID param.Field[string]` Path param - `ID param.Field[[]string]` Query param: A list of registration IDs to revoke. ### Returns - `type DeviceRegistrationRevokeResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.ZeroTrust.Devices.Registrations.Revoke(context.TODO(), zero_trust.DeviceRegistrationRevokeParams{ AccountID: cloudflare.F("account_id"), ID: cloudflare.F([]string{"string"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Unrevoke registrations `client.ZeroTrust.Devices.Registrations.Unrevoke(ctx, params) (*DeviceRegistrationUnrevokeResponse, error)` **post** `/accounts/{account_id}/devices/registrations/unrevoke` Unrevokes a list of WARP registrations. ### Parameters - `params DeviceRegistrationUnrevokeParams` - `AccountID param.Field[string]` Path param - `ID param.Field[[]string]` Query param: A list of registration IDs to unrevoke. ### Returns - `type DeviceRegistrationUnrevokeResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.ZeroTrust.Devices.Registrations.Unrevoke(context.TODO(), zero_trust.DeviceRegistrationUnrevokeParams{ AccountID: cloudflare.F("account_id"), ID: cloudflare.F([]string{"string"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` # DEX Tests ## List Device DEX tests `client.ZeroTrust.Devices.DEXTests.List(ctx, params) (*V4PagePaginationArray[DeviceDEXTestListResponse], error)` **get** `/accounts/{account_id}/dex/devices/dex_tests` Fetch all DEX tests ### Parameters - `params DeviceDEXTestListParams` - `AccountID param.Field[string]` Path param - `Kind param.Field[DeviceDEXTestListParamsKind]` Query param: Filter by test type - `const DeviceDEXTestListParamsKindHTTP DeviceDEXTestListParamsKind = "http"` - `const DeviceDEXTestListParamsKindTraceroute DeviceDEXTestListParamsKind = "traceroute"` - `Page param.Field[float64]` Query param: Page number of paginated results - `PerPage param.Field[float64]` Query param: Number of items per page - `TestName param.Field[string]` Query param: Filter by test name ### Returns - `type DeviceDEXTestListResponse struct{…}` - `Data DeviceDEXTestListResponseData` The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind DeviceDEXTestListResponseDataKind` The type of test. - `const DeviceDEXTestListResponseDataKindHTTP DeviceDEXTestListResponseDataKind = "http"` - `const DeviceDEXTestListResponseDataKindTraceroute DeviceDEXTestListResponseDataKind = "traceroute"` - `Method DeviceDEXTestListResponseDataMethod` The HTTP request method type. - `const DeviceDEXTestListResponseDataMethodGet DeviceDEXTestListResponseDataMethod = "GET"` - `Enabled bool` Determines whether or not the test is active. - `Interval string` How often the test will run. - `Name string` The name of the DEX test. Must be unique. - `Description string` Additional details about the test. - `TargetPolicies []DeviceDEXTestListResponseTargetPolicy` DEX rules targeted by this test - `ID string` API Resource UUID tag. - `Default bool` Whether the DEX rule is the account default - `Name string` The name of the DEX rule - `Targeted bool` - `TestID string` The unique identifier for the test. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.ZeroTrust.Devices.DEXTests.List(context.TODO(), zero_trust.DeviceDEXTestListParams{ AccountID: cloudflare.F("01a7362d577a6c3019a474fd6f485823"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } ] } ``` ## Get Device DEX test `client.ZeroTrust.Devices.DEXTests.Get(ctx, dexTestID, query) (*DeviceDEXTestGetResponse, error)` **get** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Fetch a single DEX test. ### Parameters - `dexTestID string` The unique identifier for the test. - `query DeviceDEXTestGetParams` - `AccountID param.Field[string]` ### Returns - `type DeviceDEXTestGetResponse struct{…}` - `Data DeviceDEXTestGetResponseData` The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind DeviceDEXTestGetResponseDataKind` The type of test. - `const DeviceDEXTestGetResponseDataKindHTTP DeviceDEXTestGetResponseDataKind = "http"` - `const DeviceDEXTestGetResponseDataKindTraceroute DeviceDEXTestGetResponseDataKind = "traceroute"` - `Method DeviceDEXTestGetResponseDataMethod` The HTTP request method type. - `const DeviceDEXTestGetResponseDataMethodGet DeviceDEXTestGetResponseDataMethod = "GET"` - `Enabled bool` Determines whether or not the test is active. - `Interval string` How often the test will run. - `Name string` The name of the DEX test. Must be unique. - `Description string` Additional details about the test. - `TargetPolicies []DeviceDEXTestGetResponseTargetPolicy` DEX rules targeted by this test - `ID string` API Resource UUID tag. - `Default bool` Whether the DEX rule is the account default - `Name string` The name of the DEX rule - `Targeted bool` - `TestID string` The unique identifier for the test. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) dexTest, err := client.ZeroTrust.Devices.DEXTests.Get( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", zero_trust.DeviceDEXTestGetParams{ AccountID: cloudflare.F("01a7362d577a6c3019a474fd6f485823"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dexTest.TestID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Create Device DEX test `client.ZeroTrust.Devices.DEXTests.New(ctx, params) (*DeviceDEXTestNewResponse, error)` **post** `/accounts/{account_id}/dex/devices/dex_tests` Create a DEX test. ### Parameters - `params DeviceDEXTestNewParams` - `AccountID param.Field[string]` Path param - `Data param.Field[DeviceDEXTestNewParamsData]` Body param: The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind DeviceDEXTestNewParamsDataKind` The type of test. - `const DeviceDEXTestNewParamsDataKindHTTP DeviceDEXTestNewParamsDataKind = "http"` - `const DeviceDEXTestNewParamsDataKindTraceroute DeviceDEXTestNewParamsDataKind = "traceroute"` - `Method DeviceDEXTestNewParamsDataMethod` The HTTP request method type. - `const DeviceDEXTestNewParamsDataMethodGet DeviceDEXTestNewParamsDataMethod = "GET"` - `Enabled param.Field[bool]` Body param: Determines whether or not the test is active. - `Interval param.Field[string]` Body param: How often the test will run. - `Name param.Field[string]` Body param: The name of the DEX test. Must be unique. - `Description param.Field[string]` Body param: Additional details about the test. - `TargetPolicies param.Field[[]DeviceDEXTestNewParamsTargetPolicy]` Body param: DEX rules targeted by this test - `ID string` API Resource UUID tag. - `Default bool` Whether the DEX rule is the account default - `Name string` The name of the DEX rule - `Targeted param.Field[bool]` Body param ### Returns - `type DeviceDEXTestNewResponse struct{…}` - `Data DeviceDEXTestNewResponseData` The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind DeviceDEXTestNewResponseDataKind` The type of test. - `const DeviceDEXTestNewResponseDataKindHTTP DeviceDEXTestNewResponseDataKind = "http"` - `const DeviceDEXTestNewResponseDataKindTraceroute DeviceDEXTestNewResponseDataKind = "traceroute"` - `Method DeviceDEXTestNewResponseDataMethod` The HTTP request method type. - `const DeviceDEXTestNewResponseDataMethodGet DeviceDEXTestNewResponseDataMethod = "GET"` - `Enabled bool` Determines whether or not the test is active. - `Interval string` How often the test will run. - `Name string` The name of the DEX test. Must be unique. - `Description string` Additional details about the test. - `TargetPolicies []DeviceDEXTestNewResponseTargetPolicy` DEX rules targeted by this test - `ID string` API Resource UUID tag. - `Default bool` Whether the DEX rule is the account default - `Name string` The name of the DEX rule - `Targeted bool` - `TestID string` The unique identifier for the test. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) dexTest, err := client.ZeroTrust.Devices.DEXTests.New(context.TODO(), zero_trust.DeviceDEXTestNewParams{ AccountID: cloudflare.F("01a7362d577a6c3019a474fd6f485823"), Data: cloudflare.F(zero_trust.DeviceDEXTestNewParamsData{ Host: cloudflare.F("https://dash.cloudflare.com"), Kind: cloudflare.F(zero_trust.DeviceDEXTestNewParamsDataKindHTTP), }), Enabled: cloudflare.F(true), Interval: cloudflare.F("30m"), Name: cloudflare.F("HTTP dash health check"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dexTest.TestID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Update Device DEX test `client.ZeroTrust.Devices.DEXTests.Update(ctx, dexTestID, params) (*DeviceDEXTestUpdateResponse, error)` **put** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Update a DEX test. ### Parameters - `dexTestID string` API Resource UUID tag. - `params DeviceDEXTestUpdateParams` - `AccountID param.Field[string]` Path param - `Data param.Field[DeviceDEXTestUpdateParamsData]` Body param: The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind DeviceDEXTestUpdateParamsDataKind` The type of test. - `const DeviceDEXTestUpdateParamsDataKindHTTP DeviceDEXTestUpdateParamsDataKind = "http"` - `const DeviceDEXTestUpdateParamsDataKindTraceroute DeviceDEXTestUpdateParamsDataKind = "traceroute"` - `Method DeviceDEXTestUpdateParamsDataMethod` The HTTP request method type. - `const DeviceDEXTestUpdateParamsDataMethodGet DeviceDEXTestUpdateParamsDataMethod = "GET"` - `Enabled param.Field[bool]` Body param: Determines whether or not the test is active. - `Interval param.Field[string]` Body param: How often the test will run. - `Name param.Field[string]` Body param: The name of the DEX test. Must be unique. - `Description param.Field[string]` Body param: Additional details about the test. - `TargetPolicies param.Field[[]DeviceDEXTestUpdateParamsTargetPolicy]` Body param: DEX rules targeted by this test - `ID string` API Resource UUID tag. - `Default bool` Whether the DEX rule is the account default - `Name string` The name of the DEX rule - `Targeted param.Field[bool]` Body param ### Returns - `type DeviceDEXTestUpdateResponse struct{…}` - `Data DeviceDEXTestUpdateResponseData` The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind DeviceDEXTestUpdateResponseDataKind` The type of test. - `const DeviceDEXTestUpdateResponseDataKindHTTP DeviceDEXTestUpdateResponseDataKind = "http"` - `const DeviceDEXTestUpdateResponseDataKindTraceroute DeviceDEXTestUpdateResponseDataKind = "traceroute"` - `Method DeviceDEXTestUpdateResponseDataMethod` The HTTP request method type. - `const DeviceDEXTestUpdateResponseDataMethodGet DeviceDEXTestUpdateResponseDataMethod = "GET"` - `Enabled bool` Determines whether or not the test is active. - `Interval string` How often the test will run. - `Name string` The name of the DEX test. Must be unique. - `Description string` Additional details about the test. - `TargetPolicies []DeviceDEXTestUpdateResponseTargetPolicy` DEX rules targeted by this test - `ID string` API Resource UUID tag. - `Default bool` Whether the DEX rule is the account default - `Name string` The name of the DEX rule - `Targeted bool` - `TestID string` The unique identifier for the test. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) dexTest, err := client.ZeroTrust.Devices.DEXTests.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DeviceDEXTestUpdateParams{ AccountID: cloudflare.F("01a7362d577a6c3019a474fd6f485823"), Data: cloudflare.F(zero_trust.DeviceDEXTestUpdateParamsData{ Host: cloudflare.F("https://dash.cloudflare.com"), Kind: cloudflare.F(zero_trust.DeviceDEXTestUpdateParamsDataKindHTTP), }), Enabled: cloudflare.F(true), Interval: cloudflare.F("30m"), Name: cloudflare.F("HTTP dash health check"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dexTest.TestID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Delete Device DEX test `client.ZeroTrust.Devices.DEXTests.Delete(ctx, dexTestID, body) (*DeviceDEXTestDeleteResponse, error)` **delete** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Delete a Device DEX test. Returns the remaining device dex tests for the account. ### Parameters - `dexTestID string` API Resource UUID tag. - `body DeviceDEXTestDeleteParams` - `AccountID param.Field[string]` ### Returns - `type DeviceDEXTestDeleteResponse struct{…}` - `DEXTests []DeviceDEXTestDeleteResponseDEXTest` - `Data DeviceDEXTestDeleteResponseDEXTestsData` The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind DeviceDEXTestDeleteResponseDEXTestsDataKind` The type of test. - `const DeviceDEXTestDeleteResponseDEXTestsDataKindHTTP DeviceDEXTestDeleteResponseDEXTestsDataKind = "http"` - `const DeviceDEXTestDeleteResponseDEXTestsDataKindTraceroute DeviceDEXTestDeleteResponseDEXTestsDataKind = "traceroute"` - `Method DeviceDEXTestDeleteResponseDEXTestsDataMethod` The HTTP request method type. - `const DeviceDEXTestDeleteResponseDEXTestsDataMethodGet DeviceDEXTestDeleteResponseDEXTestsDataMethod = "GET"` - `Enabled bool` Determines whether or not the test is active. - `Interval string` How often the test will run. - `Name string` The name of the DEX test. Must be unique. - `Description string` Additional details about the test. - `TargetPolicies []DeviceDEXTestDeleteResponseDEXTestsTargetPolicy` DEX rules targeted by this test - `ID string` API Resource UUID tag. - `Default bool` Whether the DEX rule is the account default - `Name string` The name of the DEX rule - `Targeted bool` - `TestID string` The unique identifier for the test. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) dexTest, err := client.ZeroTrust.Devices.DEXTests.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DeviceDEXTestDeleteParams{ AccountID: cloudflare.F("01a7362d577a6c3019a474fd6f485823"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dexTest.DEXTests) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "dex_tests": [ { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } ] } } ``` ## Domain Types ### Schema Data - `type SchemaData struct{…}` The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind string` The type of test. - `Method string` The HTTP request method type. ### Schema HTTP - `type SchemaHTTP struct{…}` - `Data SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `Host string` The desired endpoint to test. - `Kind string` The type of test. - `Method string` The HTTP request method type. - `Enabled bool` Determines whether or not the test is active. - `Interval string` How often the test will run. - `Name string` The name of the DEX test. Must be unique. - `Description string` Additional details about the test. - `TargetPolicies []SchemaHTTPTargetPolicy` Device settings profiles targeted by this test. - `ID string` The id of the device settings profile. - `Default bool` Whether the profile is the account default. - `Name string` The name of the device settings profile. - `Targeted bool` - `TestID string` The unique identifier for the test. # IP Profiles ## List IP profiles `client.ZeroTrust.Devices.IPProfiles.List(ctx, params) (*SinglePage[IPProfile], error)` **get** `/accounts/{account_id}/devices/ip-profiles` Lists WARP Device IP profiles. ### Parameters - `params DeviceIPProfileListParams` - `AccountID param.Field[string]` Path param - `PerPage param.Field[int64]` Query param: The number of IP profiles to return per page. ### Returns - `type IPProfile struct{…}` - `ID string` The ID of the Device IP profile. - `CreatedAt string` The RFC3339Nano timestamp when the Device IP profile was created. - `Description string` An optional description of the Device IP profile. - `Enabled bool` Whether the Device IP profile is enabled. - `Match string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `Name string` A user-friendly name for the Device IP profile. - `Precedence int64` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `SubnetID string` The ID of the Subnet. - `UpdatedAt string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.IPProfiles.List(context.TODO(), zero_trust.DeviceIPProfileListParams{ AccountID: cloudflare.F("account_id"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 10, "total_count": 10, "total_pages": 1 } } ``` ## Get IP profile `client.ZeroTrust.Devices.IPProfiles.Get(ctx, profileID, query) (*IPProfile, error)` **get** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Fetches a single WARP Device IP profile. ### Parameters - `profileID string` - `query DeviceIPProfileGetParams` - `AccountID param.Field[string]` ### Returns - `type IPProfile struct{…}` - `ID string` The ID of the Device IP profile. - `CreatedAt string` The RFC3339Nano timestamp when the Device IP profile was created. - `Description string` An optional description of the Device IP profile. - `Enabled bool` Whether the Device IP profile is enabled. - `Match string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `Name string` A user-friendly name for the Device IP profile. - `Precedence int64` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `SubnetID string` The ID of the Subnet. - `UpdatedAt string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) ipProfile, err := client.ZeroTrust.Devices.IPProfiles.Get( context.TODO(), "profile_id", zero_trust.DeviceIPProfileGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", ipProfile.ID) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Create IP profile `client.ZeroTrust.Devices.IPProfiles.New(ctx, params) (*IPProfile, error)` **post** `/accounts/{account_id}/devices/ip-profiles` Creates a WARP Device IP profile. Currently, only IPv4 Device subnets can be associated. ### Parameters - `params DeviceIPProfileNewParams` - `AccountID param.Field[string]` Path param - `Match param.Field[string]` Body param: The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `Name param.Field[string]` Body param: A user-friendly name for the Device IP profile. - `Precedence param.Field[int64]` Body param: The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `SubnetID param.Field[string]` Body param: The ID of the Subnet. - `Description param.Field[string]` Body param: An optional description of the Device IP profile. - `Enabled param.Field[bool]` Body param: Whether the Device IP profile will be applied to matching devices. ### Returns - `type IPProfile struct{…}` - `ID string` The ID of the Device IP profile. - `CreatedAt string` The RFC3339Nano timestamp when the Device IP profile was created. - `Description string` An optional description of the Device IP profile. - `Enabled bool` Whether the Device IP profile is enabled. - `Match string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `Name string` A user-friendly name for the Device IP profile. - `Precedence int64` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `SubnetID string` The ID of the Subnet. - `UpdatedAt string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) ipProfile, err := client.ZeroTrust.Devices.IPProfiles.New(context.TODO(), zero_trust.DeviceIPProfileNewParams{ AccountID: cloudflare.F("account_id"), Match: cloudflare.F(`identity.email == "test@cloudflare.com"`), Name: cloudflare.F("IPv4 Cloudflare Source IPs"), Precedence: cloudflare.F(int64(100)), SubnetID: cloudflare.F("b70ff985-a4ef-4643-bbbc-4a0ed4fc8415"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", ipProfile.ID) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Update IP profile `client.ZeroTrust.Devices.IPProfiles.Update(ctx, profileID, params) (*IPProfile, error)` **patch** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Updates a WARP Device IP profile. Currently, only IPv4 Device subnets can be associated. ### Parameters - `profileID string` - `params DeviceIPProfileUpdateParams` - `AccountID param.Field[string]` Path param - `Description param.Field[string]` Body param: An optional description of the Device IP profile. - `Enabled param.Field[bool]` Body param: Whether the Device IP profile is enabled. - `Match param.Field[string]` Body param: The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `Name param.Field[string]` Body param: A user-friendly name for the Device IP profile. - `Precedence param.Field[int64]` Body param: The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `SubnetID param.Field[string]` Body param: The ID of the Subnet. ### Returns - `type IPProfile struct{…}` - `ID string` The ID of the Device IP profile. - `CreatedAt string` The RFC3339Nano timestamp when the Device IP profile was created. - `Description string` An optional description of the Device IP profile. - `Enabled bool` Whether the Device IP profile is enabled. - `Match string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `Name string` A user-friendly name for the Device IP profile. - `Precedence int64` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `SubnetID string` The ID of the Subnet. - `UpdatedAt string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) ipProfile, err := client.ZeroTrust.Devices.IPProfiles.Update( context.TODO(), "profile_id", zero_trust.DeviceIPProfileUpdateParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", ipProfile.ID) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Delete IP profile `client.ZeroTrust.Devices.IPProfiles.Delete(ctx, profileID, body) (*DeviceIPProfileDeleteResponse, error)` **delete** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Delete a WARP Device IP profile. ### Parameters - `profileID string` - `body DeviceIPProfileDeleteParams` - `AccountID param.Field[string]` ### Returns - `type DeviceIPProfileDeleteResponse struct{…}` - `ID string` ID of the deleted Device IP profile. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) ipProfile, err := client.ZeroTrust.Devices.IPProfiles.Delete( context.TODO(), "profile_id", zero_trust.DeviceIPProfileDeleteParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", ipProfile.ID) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### IP Profile - `type IPProfile struct{…}` - `ID string` The ID of the Device IP profile. - `CreatedAt string` The RFC3339Nano timestamp when the Device IP profile was created. - `Description string` An optional description of the Device IP profile. - `Enabled bool` Whether the Device IP profile is enabled. - `Match string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `Name string` A user-friendly name for the Device IP profile. - `Precedence int64` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `SubnetID string` The ID of the Subnet. - `UpdatedAt string` The RFC3339Nano timestamp when the Device IP profile was last updated. # Networks ## List your device managed networks `client.ZeroTrust.Devices.Networks.List(ctx, query) (*SinglePage[DeviceNetwork], error)` **get** `/accounts/{account_id}/devices/networks` Fetches a list of managed networks for an account. ### Parameters - `query DeviceNetworkListParams` - `AccountID param.Field[string]` ### Returns - `type DeviceNetwork struct{…}` - `Config DeviceNetworkConfig` The configuration object containing information for the WARP client to detect the managed network. - `TLSSockaddr string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `Sha256 string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `Name string` The name of the device managed network. This name must be unique. - `NetworkID string` API UUID. - `Type DeviceNetworkType` The type of device managed network. - `const DeviceNetworkTypeTLS DeviceNetworkType = "tls"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Networks.List(context.TODO(), zero_trust.DeviceNetworkListParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device managed network details `client.ZeroTrust.Devices.Networks.Get(ctx, networkID, query) (*DeviceNetwork, error)` **get** `/accounts/{account_id}/devices/networks/{network_id}` Fetches details for a single managed network. ### Parameters - `networkID string` API UUID. - `query DeviceNetworkGetParams` - `AccountID param.Field[string]` ### Returns - `type DeviceNetwork struct{…}` - `Config DeviceNetworkConfig` The configuration object containing information for the WARP client to detect the managed network. - `TLSSockaddr string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `Sha256 string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `Name string` The name of the device managed network. This name must be unique. - `NetworkID string` API UUID. - `Type DeviceNetworkType` The type of device managed network. - `const DeviceNetworkTypeTLS DeviceNetworkType = "tls"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) deviceNetwork, err := client.ZeroTrust.Devices.Networks.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DeviceNetworkGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", deviceNetwork.NetworkID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Create a device managed network `client.ZeroTrust.Devices.Networks.New(ctx, params) (*DeviceNetwork, error)` **post** `/accounts/{account_id}/devices/networks` Creates a new device managed network. ### Parameters - `params DeviceNetworkNewParams` - `AccountID param.Field[string]` Path param - `Config param.Field[DeviceNetworkNewParamsConfig]` Body param: The configuration object containing information for the WARP client to detect the managed network. - `TLSSockaddr string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `Sha256 string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `Name param.Field[string]` Body param: The name of the device managed network. This name must be unique. - `Type param.Field[DeviceNetworkNewParamsType]` Body param: The type of device managed network. - `const DeviceNetworkNewParamsTypeTLS DeviceNetworkNewParamsType = "tls"` ### Returns - `type DeviceNetwork struct{…}` - `Config DeviceNetworkConfig` The configuration object containing information for the WARP client to detect the managed network. - `TLSSockaddr string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `Sha256 string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `Name string` The name of the device managed network. This name must be unique. - `NetworkID string` API UUID. - `Type DeviceNetworkType` The type of device managed network. - `const DeviceNetworkTypeTLS DeviceNetworkType = "tls"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) deviceNetwork, err := client.ZeroTrust.Devices.Networks.New(context.TODO(), zero_trust.DeviceNetworkNewParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Config: cloudflare.F(zero_trust.DeviceNetworkNewParamsConfig{ TLSSockaddr: cloudflare.F("foo.bar:1234"), }), Name: cloudflare.F("managed-network-1"), Type: cloudflare.F(zero_trust.DeviceNetworkNewParamsTypeTLS), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", deviceNetwork.NetworkID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Update a device managed network `client.ZeroTrust.Devices.Networks.Update(ctx, networkID, params) (*DeviceNetwork, error)` **put** `/accounts/{account_id}/devices/networks/{network_id}` Updates a configured device managed network. ### Parameters - `networkID string` API UUID. - `params DeviceNetworkUpdateParams` - `AccountID param.Field[string]` Path param - `Config param.Field[DeviceNetworkUpdateParamsConfig]` Body param: The configuration object containing information for the WARP client to detect the managed network. - `TLSSockaddr string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `Sha256 string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `Name param.Field[string]` Body param: The name of the device managed network. This name must be unique. - `Type param.Field[DeviceNetworkUpdateParamsType]` Body param: The type of device managed network. - `const DeviceNetworkUpdateParamsTypeTLS DeviceNetworkUpdateParamsType = "tls"` ### Returns - `type DeviceNetwork struct{…}` - `Config DeviceNetworkConfig` The configuration object containing information for the WARP client to detect the managed network. - `TLSSockaddr string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `Sha256 string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `Name string` The name of the device managed network. This name must be unique. - `NetworkID string` API UUID. - `Type DeviceNetworkType` The type of device managed network. - `const DeviceNetworkTypeTLS DeviceNetworkType = "tls"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) deviceNetwork, err := client.ZeroTrust.Devices.Networks.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DeviceNetworkUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", deviceNetwork.NetworkID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Delete a device managed network `client.ZeroTrust.Devices.Networks.Delete(ctx, networkID, body) (*SinglePage[DeviceNetwork], error)` **delete** `/accounts/{account_id}/devices/networks/{network_id}` Deletes a device managed network and fetches a list of the remaining device managed networks for an account. ### Parameters - `networkID string` API UUID. - `body DeviceNetworkDeleteParams` - `AccountID param.Field[string]` ### Returns - `type DeviceNetwork struct{…}` - `Config DeviceNetworkConfig` The configuration object containing information for the WARP client to detect the managed network. - `TLSSockaddr string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `Sha256 string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `Name string` The name of the device managed network. This name must be unique. - `NetworkID string` API UUID. - `Type DeviceNetworkType` The type of device managed network. - `const DeviceNetworkTypeTLS DeviceNetworkType = "tls"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Networks.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DeviceNetworkDeleteParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Device Network - `type DeviceNetwork struct{…}` - `Config DeviceNetworkConfig` The configuration object containing information for the WARP client to detect the managed network. - `TLSSockaddr string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `Sha256 string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `Name string` The name of the device managed network. This name must be unique. - `NetworkID string` API UUID. - `Type DeviceNetworkType` The type of device managed network. - `const DeviceNetworkTypeTLS DeviceNetworkType = "tls"` # Fleet Status ## Get the live status of a latest device `client.ZeroTrust.Devices.FleetStatus.Get(ctx, deviceID, params) (*DeviceFleetStatusGetResponse, error)` **get** `/accounts/{account_id}/dex/devices/{device_id}/fleet-status/live` Get the live status of a latest device given device_id from the device_state table ### Parameters - `deviceID string` Device-specific ID, given as UUID v4 - `params DeviceFleetStatusGetParams` - `AccountID param.Field[string]` Path param: Unique identifier for account - `SinceMinutes param.Field[float64]` Query param: Number of minutes before current time - `Colo param.Field[string]` Query param: List of data centers to filter results - `TimeNow param.Field[string]` Query param: Number of minutes before current time ### Returns - `type DeviceFleetStatusGetResponse struct{…}` - `Colo string` Cloudflare colo - `DeviceID string` Device identifier (UUID v4) - `Mode string` The mode under which the WARP client is run - `Platform string` Operating system - `Status string` Network status - `Timestamp string` Timestamp in ISO format - `Version string` WARP client version - `AlwaysOn bool` - `BatteryCharging bool` - `BatteryCycles int64` - `BatteryPct float64` - `ConnectionType string` - `CPUPct float64` - `CPUPctByApp [][]DeviceFleetStatusGetResponseCPUPctByApp` - `CPUPct float64` - `Name string` - `DeviceIPV4 DeviceFleetStatusGetResponseDeviceIPV4` - `Address string` - `ASN int64` - `Aso string` - `Location DeviceFleetStatusGetResponseDeviceIPV4Location` - `City string` - `CountryISO string` - `StateISO string` - `Zip string` - `Netmask string` - `Version string` - `DeviceIPV6 DeviceFleetStatusGetResponseDeviceIPV6` - `Address string` - `ASN int64` - `Aso string` - `Location DeviceFleetStatusGetResponseDeviceIPV6Location` - `City string` - `CountryISO string` - `StateISO string` - `Zip string` - `Netmask string` - `Version string` - `DeviceName string` Device identifier (human readable) - `DiskReadBps int64` - `DiskUsagePct float64` - `DiskWriteBps int64` - `DOHSubdomain string` - `EstimatedLossPct float64` - `FirewallEnabled bool` - `GatewayIPV4 DeviceFleetStatusGetResponseGatewayIPV4` - `Address string` - `ASN int64` - `Aso string` - `Location DeviceFleetStatusGetResponseGatewayIPV4Location` - `City string` - `CountryISO string` - `StateISO string` - `Zip string` - `Netmask string` - `Version string` - `GatewayIPV6 DeviceFleetStatusGetResponseGatewayIPV6` - `Address string` - `ASN int64` - `Aso string` - `Location DeviceFleetStatusGetResponseGatewayIPV6Location` - `City string` - `CountryISO string` - `StateISO string` - `Zip string` - `Netmask string` - `Version string` - `HandshakeLatencyMs float64` - `ISPIPV4 DeviceFleetStatusGetResponseISPIPV4` - `Address string` - `ASN int64` - `Aso string` - `Location DeviceFleetStatusGetResponseISPIPV4Location` - `City string` - `CountryISO string` - `StateISO string` - `Zip string` - `Netmask string` - `Version string` - `ISPIPV6 DeviceFleetStatusGetResponseISPIPV6` - `Address string` - `ASN int64` - `Aso string` - `Location DeviceFleetStatusGetResponseISPIPV6Location` - `City string` - `CountryISO string` - `StateISO string` - `Zip string` - `Netmask string` - `Version string` - `Metal string` - `NetworkRcvdBps int64` - `NetworkSentBps int64` - `NetworkSsid string` - `PersonEmail string` User contact email address - `RamAvailableKB int64` - `RamUsedPct float64` - `RamUsedPctByApp [][]DeviceFleetStatusGetResponseRamUsedPctByApp` - `Name string` - `RamUsedPct float64` - `SwitchLocked bool` - `WifiStrengthDbm int64` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) fleetStatus, err := client.ZeroTrust.Devices.FleetStatus.Get( context.TODO(), "cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7", zero_trust.DeviceFleetStatusGetParams{ AccountID: cloudflare.F("01a7362d577a6c3019a474fd6f485823"), SinceMinutes: cloudflare.F(10.000000), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", fleetStatus.NetworkSsid) } ``` #### Response ```json { "colo": "SJC", "deviceId": "deviceId", "mode": "proxy", "platform": "windows", "status": "connected", "timestamp": "2023-10-11T00:00:00Z", "version": "1.0.0", "alwaysOn": true, "batteryCharging": true, "batteryCycles": 0, "batteryPct": 0, "connectionType": "connectionType", "cpuPct": 0, "cpuPctByApp": [ [ { "cpu_pct": 0, "name": "name" } ] ], "deviceIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "deviceIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "deviceName": "deviceName", "diskReadBps": 0, "diskUsagePct": 0, "diskWriteBps": 0, "dohSubdomain": "dohSubdomain", "estimatedLossPct": 0, "firewallEnabled": true, "gatewayIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "gatewayIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "handshakeLatencyMs": 0, "ispIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "ispIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "metal": "metal", "networkRcvdBps": 0, "networkSentBps": 0, "networkSsid": "networkSsid", "personEmail": "personEmail", "ramAvailableKb": 0, "ramUsedPct": 0, "ramUsedPctByApp": [ [ { "name": "name", "ram_used_pct": 0 } ] ], "switchLocked": true, "wifiStrengthDbm": 0 } ``` # Policies ## Domain Types ### Device Policy Certificates - `type DevicePolicyCertificates struct{…}` - `Enabled bool` The current status of the device policy certificate provisioning feature for WARP clients. ### Fallback Domain - `type FallbackDomain struct{…}` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. ### Fallback Domain Policy - `type FallbackDomainPolicy []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. ### Settings Policy - `type SettingsPolicy struct{…}` - `AllowModeSwitch bool` Whether to allow the user to switch WARP between modes. - `AllowUpdates bool` Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave bool` Whether to allow devices to leave the organization. - `AutoConnect float64` The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal float64` Turn on the captive portal after the specified amount of time. - `Default bool` Whether the policy is the default policy for an account. - `Description string` A description of the policy. - `DisableAutoFallback bool` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled bool` Whether the policy will be applied to matching devices. - `Exclude []SplitTunnelExclude` List of routes excluded in the WARP client's tunnel. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs bool` Whether to add Microsoft IPs to Split Tunnel exclusions. - `FallbackDomains []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. - `GatewayUniqueID string` - `Include []SplitTunnelInclude` List of routes included in the WARP client's tunnel. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes float64` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize float64` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `Match string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `Name string` The name of the device settings profile. - `PolicyID string` - `Precedence float64` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `RegisterInterfaceIPWithDNS bool` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport bool` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 SettingsPolicyServiceModeV2` - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL string` The URL to launch when the Send Feedback button is clicked. - `SwitchLocked bool` Whether to allow the user to turn off the WARP switch and disconnect the client. - `TargetTests []SettingsPolicyTargetTest` - `ID string` The id of the DEX test targeting this policy. - `Name string` The name of the DEX test targeting this policy. - `TunnelProtocol string` Determines which tunnel protocol to use. ### Split Tunnel Exclude - `type SplitTunnelExclude interface{…}` - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Split Tunnel Include - `type SplitTunnelInclude interface{…}` - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. # Default ## Get the default device settings profile `client.ZeroTrust.Devices.Policies.Default.Get(ctx, query) (*DevicePolicyDefaultGetResponse, error)` **get** `/accounts/{account_id}/devices/policy` Fetches the default device settings profile for an account. ### Parameters - `query DevicePolicyDefaultGetParams` - `AccountID param.Field[string]` ### Returns - `type DevicePolicyDefaultGetResponse struct{…}` - `AllowModeSwitch bool` Whether to allow the user to switch WARP between modes. - `AllowUpdates bool` Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave bool` Whether to allow devices to leave the organization. - `AutoConnect float64` The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal float64` Turn on the captive portal after the specified amount of time. - `Default bool` Whether the policy will be applied to matching devices. - `DisableAutoFallback bool` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled bool` Whether the policy will be applied to matching devices. - `Exclude []SplitTunnelExclude` List of routes excluded in the WARP client's tunnel. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs bool` Whether to add Microsoft IPs to Split Tunnel exclusions. - `FallbackDomains []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. - `GatewayUniqueID string` - `Include []SplitTunnelInclude` List of routes included in the WARP client's tunnel. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `RegisterInterfaceIPWithDNS bool` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport bool` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 DevicePolicyDefaultGetResponseServiceModeV2` - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL string` The URL to launch when the Send Feedback button is clicked. - `SwitchLocked bool` Whether to allow the user to turn off the WARP switch and disconnect the client. - `TunnelProtocol string` Determines which tunnel protocol to use. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) default_, err := client.ZeroTrust.Devices.Policies.Default.Get(context.TODO(), zero_trust.DevicePolicyDefaultGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", default_.GatewayUniqueID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": true, "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "tunnel_protocol": "wireguard" }, "success": true } ``` ## Update the default device settings profile `client.ZeroTrust.Devices.Policies.Default.Edit(ctx, params) (*DevicePolicyDefaultEditResponse, error)` **patch** `/accounts/{account_id}/devices/policy` Updates the default device settings profile for an account. ### Parameters - `params DevicePolicyDefaultEditParams` - `AccountID param.Field[string]` Path param - `AllowModeSwitch param.Field[bool]` Body param: Whether to allow the user to switch WARP between modes. - `AllowUpdates param.Field[bool]` Body param: Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave param.Field[bool]` Body param: Whether to allow devices to leave the organization. - `AutoConnect param.Field[float64]` Body param: The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal param.Field[float64]` Body param: Turn on the captive portal after the specified amount of time. - `DisableAutoFallback param.Field[bool]` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Exclude param.Field[[]SplitTunnelExclude]` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs param.Field[bool]` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `Include param.Field[[]SplitTunnelInclude]` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes param.Field[float64]` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize param.Field[float64]` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `RegisterInterfaceIPWithDNS param.Field[bool]` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport param.Field[bool]` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 param.Field[DevicePolicyDefaultEditParamsServiceModeV2]` Body param - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL param.Field[string]` Body param: The URL to launch when the Send Feedback button is clicked. - `SwitchLocked param.Field[bool]` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `TunnelProtocol param.Field[string]` Body param: Determines which tunnel protocol to use. ### Returns - `type DevicePolicyDefaultEditResponse struct{…}` - `AllowModeSwitch bool` Whether to allow the user to switch WARP between modes. - `AllowUpdates bool` Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave bool` Whether to allow devices to leave the organization. - `AutoConnect float64` The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal float64` Turn on the captive portal after the specified amount of time. - `Default bool` Whether the policy will be applied to matching devices. - `DisableAutoFallback bool` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled bool` Whether the policy will be applied to matching devices. - `Exclude []SplitTunnelExclude` List of routes excluded in the WARP client's tunnel. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs bool` Whether to add Microsoft IPs to Split Tunnel exclusions. - `FallbackDomains []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. - `GatewayUniqueID string` - `Include []SplitTunnelInclude` List of routes included in the WARP client's tunnel. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `RegisterInterfaceIPWithDNS bool` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport bool` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 DevicePolicyDefaultEditResponseServiceModeV2` - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL string` The URL to launch when the Send Feedback button is clicked. - `SwitchLocked bool` Whether to allow the user to turn off the WARP switch and disconnect the client. - `TunnelProtocol string` Determines which tunnel protocol to use. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.ZeroTrust.Devices.Policies.Default.Edit(context.TODO(), zero_trust.DevicePolicyDefaultEditParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.GatewayUniqueID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": true, "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "tunnel_protocol": "wireguard" }, "success": true } ``` # Excludes ## Get the Split Tunnel exclude list `client.ZeroTrust.Devices.Policies.Default.Excludes.Get(ctx, query) (*SinglePage[SplitTunnelExclude], error)` **get** `/accounts/{account_id}/devices/policy/exclude` Fetches the list of routes excluded from the WARP client's tunnel. ### Parameters - `query DevicePolicyDefaultExcludeGetParams` - `AccountID param.Field[string]` ### Returns - `type SplitTunnelExclude interface{…}` - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Default.Excludes.Get(context.TODO(), zero_trust.DevicePolicyDefaultExcludeGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel exclude list `client.ZeroTrust.Devices.Policies.Default.Excludes.Update(ctx, params) (*SinglePage[SplitTunnelExclude], error)` **put** `/accounts/{account_id}/devices/policy/exclude` Sets the list of routes excluded from the WARP client's tunnel. ### Parameters - `params DevicePolicyDefaultExcludeUpdateParams` - `AccountID param.Field[string]` Path param - `Body param.Field[[]SplitTunnelExclude]` Body param - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `type SplitTunnelExclude interface{…}` - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Default.Excludes.Update(context.TODO(), zero_trust.DevicePolicyDefaultExcludeUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Body: []zero_trust.SplitTunnelExcludeUnionParam{zero_trust.SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddressParam{ Address: cloudflare.F("192.0.2.0/24"), }}, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Includes ## Get the Split Tunnel include list `client.ZeroTrust.Devices.Policies.Default.Includes.Get(ctx, query) (*SinglePage[SplitTunnelInclude], error)` **get** `/accounts/{account_id}/devices/policy/include` Fetches the list of routes included in the WARP client's tunnel. ### Parameters - `query DevicePolicyDefaultIncludeGetParams` - `AccountID param.Field[string]` ### Returns - `type SplitTunnelInclude interface{…}` - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Default.Includes.Get(context.TODO(), zero_trust.DevicePolicyDefaultIncludeGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel include list `client.ZeroTrust.Devices.Policies.Default.Includes.Update(ctx, params) (*SinglePage[SplitTunnelInclude], error)` **put** `/accounts/{account_id}/devices/policy/include` Sets the list of routes included in the WARP client's tunnel. ### Parameters - `params DevicePolicyDefaultIncludeUpdateParams` - `AccountID param.Field[string]` Path param - `Body param.Field[[]SplitTunnelInclude]` Body param - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `type SplitTunnelInclude interface{…}` - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Default.Includes.Update(context.TODO(), zero_trust.DevicePolicyDefaultIncludeUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Body: []zero_trust.SplitTunnelIncludeUnionParam{zero_trust.SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddressParam{ Address: cloudflare.F("192.0.2.0/24"), }}, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Fallback Domains ## Get your Local Domain Fallback list `client.ZeroTrust.Devices.Policies.Default.FallbackDomains.Get(ctx, query) (*SinglePage[FallbackDomain], error)` **get** `/accounts/{account_id}/devices/policy/fallback_domains` Fetches a list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. ### Parameters - `query DevicePolicyDefaultFallbackDomainGetParams` - `AccountID param.Field[string]` ### Returns - `type FallbackDomain struct{…}` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Default.FallbackDomains.Get(context.TODO(), zero_trust.DevicePolicyDefaultFallbackDomainGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set your Local Domain Fallback list `client.ZeroTrust.Devices.Policies.Default.FallbackDomains.Update(ctx, params) (*SinglePage[FallbackDomain], error)` **put** `/accounts/{account_id}/devices/policy/fallback_domains` Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. ### Parameters - `params DevicePolicyDefaultFallbackDomainUpdateParams` - `AccountID param.Field[string]` Path param - `Domains param.Field[[]FallbackDomain]` Body param - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. ### Returns - `type FallbackDomain struct{…}` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Default.FallbackDomains.Update(context.TODO(), zero_trust.DevicePolicyDefaultFallbackDomainUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Domains: []zero_trust.FallbackDomainParam{zero_trust.FallbackDomainParam{ Suffix: cloudflare.F("example.com"), }}, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Certificates ## Get device certificate provisioning status `client.ZeroTrust.Devices.Policies.Default.Certificates.Get(ctx, query) (*DevicePolicyCertificates, error)` **get** `/zones/{zone_id}/devices/policy/certificates` Fetches device certificate provisioning. ### Parameters - `query DevicePolicyDefaultCertificateGetParams` - `ZoneID param.Field[string]` ### Returns - `type DevicePolicyCertificates struct{…}` - `Enabled bool` The current status of the device policy certificate provisioning feature for WARP clients. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) devicePolicyCertificates, err := client.ZeroTrust.Devices.Policies.Default.Certificates.Get(context.TODO(), zero_trust.DevicePolicyDefaultCertificateGetParams{ ZoneID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", devicePolicyCertificates.Enabled) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "enabled": true }, "success": true } ``` ## Update device certificate provisioning status `client.ZeroTrust.Devices.Policies.Default.Certificates.Edit(ctx, params) (*DevicePolicyCertificates, error)` **patch** `/zones/{zone_id}/devices/policy/certificates` Enable Zero Trust Clients to provision a certificate, containing a x509 subject, and referenced by Access device posture policies when the client visits MTLS protected domains. This facilitates device posture without a WARP session. ### Parameters - `params DevicePolicyDefaultCertificateEditParams` - `ZoneID param.Field[string]` Path param - `DevicePolicyCertificates param.Field[DevicePolicyCertificates]` Body param ### Returns - `type DevicePolicyCertificates struct{…}` - `Enabled bool` The current status of the device policy certificate provisioning feature for WARP clients. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) devicePolicyCertificates, err := client.ZeroTrust.Devices.Policies.Default.Certificates.Edit(context.TODO(), zero_trust.DevicePolicyDefaultCertificateEditParams{ ZoneID: cloudflare.F("699d98642c564d2e855e9661899b7252"), DevicePolicyCertificates: zero_trust.DevicePolicyCertificatesParam{ Enabled: cloudflare.F(true), }, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", devicePolicyCertificates.Enabled) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "enabled": true }, "success": true } ``` # Custom ## List device settings profiles `client.ZeroTrust.Devices.Policies.Custom.List(ctx, query) (*SinglePage[SettingsPolicy], error)` **get** `/accounts/{account_id}/devices/policies` Fetches a list of the device settings profiles for an account. ### Parameters - `query DevicePolicyCustomListParams` - `AccountID param.Field[string]` ### Returns - `type SettingsPolicy struct{…}` - `AllowModeSwitch bool` Whether to allow the user to switch WARP between modes. - `AllowUpdates bool` Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave bool` Whether to allow devices to leave the organization. - `AutoConnect float64` The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal float64` Turn on the captive portal after the specified amount of time. - `Default bool` Whether the policy is the default policy for an account. - `Description string` A description of the policy. - `DisableAutoFallback bool` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled bool` Whether the policy will be applied to matching devices. - `Exclude []SplitTunnelExclude` List of routes excluded in the WARP client's tunnel. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs bool` Whether to add Microsoft IPs to Split Tunnel exclusions. - `FallbackDomains []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. - `GatewayUniqueID string` - `Include []SplitTunnelInclude` List of routes included in the WARP client's tunnel. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes float64` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize float64` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `Match string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `Name string` The name of the device settings profile. - `PolicyID string` - `Precedence float64` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `RegisterInterfaceIPWithDNS bool` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport bool` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 SettingsPolicyServiceModeV2` - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL string` The URL to launch when the Send Feedback button is clicked. - `SwitchLocked bool` Whether to allow the user to turn off the WARP switch and disconnect the client. - `TargetTests []SettingsPolicyTargetTest` - `ID string` The id of the DEX test targeting this policy. - `Name string` The name of the DEX test targeting this policy. - `TunnelProtocol string` Determines which tunnel protocol to use. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Custom.List(context.TODO(), zero_trust.DevicePolicyCustomListParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device settings profile by ID `client.ZeroTrust.Devices.Policies.Custom.Get(ctx, policyID, query) (*SettingsPolicy, error)` **get** `/accounts/{account_id}/devices/policy/{policy_id}` Fetches a device settings profile by ID. ### Parameters - `policyID string` - `query DevicePolicyCustomGetParams` - `AccountID param.Field[string]` ### Returns - `type SettingsPolicy struct{…}` - `AllowModeSwitch bool` Whether to allow the user to switch WARP between modes. - `AllowUpdates bool` Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave bool` Whether to allow devices to leave the organization. - `AutoConnect float64` The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal float64` Turn on the captive portal after the specified amount of time. - `Default bool` Whether the policy is the default policy for an account. - `Description string` A description of the policy. - `DisableAutoFallback bool` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled bool` Whether the policy will be applied to matching devices. - `Exclude []SplitTunnelExclude` List of routes excluded in the WARP client's tunnel. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs bool` Whether to add Microsoft IPs to Split Tunnel exclusions. - `FallbackDomains []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. - `GatewayUniqueID string` - `Include []SplitTunnelInclude` List of routes included in the WARP client's tunnel. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes float64` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize float64` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `Match string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `Name string` The name of the device settings profile. - `PolicyID string` - `Precedence float64` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `RegisterInterfaceIPWithDNS bool` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport bool` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 SettingsPolicyServiceModeV2` - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL string` The URL to launch when the Send Feedback button is clicked. - `SwitchLocked bool` Whether to allow the user to turn off the WARP switch and disconnect the client. - `TargetTests []SettingsPolicyTargetTest` - `ID string` The id of the DEX test targeting this policy. - `Name string` The name of the DEX test targeting this policy. - `TunnelProtocol string` Determines which tunnel protocol to use. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) settingsPolicy, err := client.ZeroTrust.Devices.Policies.Custom.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", settingsPolicy.GatewayUniqueID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Create a device settings profile `client.ZeroTrust.Devices.Policies.Custom.New(ctx, params) (*SettingsPolicy, error)` **post** `/accounts/{account_id}/devices/policy` Creates a device settings profile to be applied to certain devices matching the criteria. ### Parameters - `params DevicePolicyCustomNewParams` - `AccountID param.Field[string]` Path param - `Match param.Field[string]` Body param: The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `Name param.Field[string]` Body param: The name of the device settings profile. - `Precedence param.Field[float64]` Body param: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `AllowModeSwitch param.Field[bool]` Body param: Whether to allow the user to switch WARP between modes. - `AllowUpdates param.Field[bool]` Body param: Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave param.Field[bool]` Body param: Whether to allow devices to leave the organization. - `AutoConnect param.Field[float64]` Body param: The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal param.Field[float64]` Body param: Turn on the captive portal after the specified amount of time. - `Description param.Field[string]` Body param: A description of the policy. - `DisableAutoFallback param.Field[bool]` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled param.Field[bool]` Body param: Whether the policy will be applied to matching devices. - `Exclude param.Field[[]SplitTunnelExclude]` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs param.Field[bool]` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `Include param.Field[[]SplitTunnelInclude]` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes param.Field[float64]` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize param.Field[float64]` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `RegisterInterfaceIPWithDNS param.Field[bool]` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport param.Field[bool]` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 param.Field[DevicePolicyCustomNewParamsServiceModeV2]` Body param - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL param.Field[string]` Body param: The URL to launch when the Send Feedback button is clicked. - `SwitchLocked param.Field[bool]` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `TunnelProtocol param.Field[string]` Body param: Determines which tunnel protocol to use. ### Returns - `type SettingsPolicy struct{…}` - `AllowModeSwitch bool` Whether to allow the user to switch WARP between modes. - `AllowUpdates bool` Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave bool` Whether to allow devices to leave the organization. - `AutoConnect float64` The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal float64` Turn on the captive portal after the specified amount of time. - `Default bool` Whether the policy is the default policy for an account. - `Description string` A description of the policy. - `DisableAutoFallback bool` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled bool` Whether the policy will be applied to matching devices. - `Exclude []SplitTunnelExclude` List of routes excluded in the WARP client's tunnel. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs bool` Whether to add Microsoft IPs to Split Tunnel exclusions. - `FallbackDomains []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. - `GatewayUniqueID string` - `Include []SplitTunnelInclude` List of routes included in the WARP client's tunnel. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes float64` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize float64` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `Match string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `Name string` The name of the device settings profile. - `PolicyID string` - `Precedence float64` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `RegisterInterfaceIPWithDNS bool` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport bool` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 SettingsPolicyServiceModeV2` - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL string` The URL to launch when the Send Feedback button is clicked. - `SwitchLocked bool` Whether to allow the user to turn off the WARP switch and disconnect the client. - `TargetTests []SettingsPolicyTargetTest` - `ID string` The id of the DEX test targeting this policy. - `Name string` The name of the DEX test targeting this policy. - `TunnelProtocol string` Determines which tunnel protocol to use. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) settingsPolicy, err := client.ZeroTrust.Devices.Policies.Custom.New(context.TODO(), zero_trust.DevicePolicyCustomNewParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Match: cloudflare.F(`identity.email == "test@cloudflare.com"`), Name: cloudflare.F("Allow Developers"), Precedence: cloudflare.F(100.000000), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", settingsPolicy.GatewayUniqueID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Update a device settings profile `client.ZeroTrust.Devices.Policies.Custom.Edit(ctx, policyID, params) (*SettingsPolicy, error)` **patch** `/accounts/{account_id}/devices/policy/{policy_id}` Updates a configured device settings profile. ### Parameters - `policyID string` - `params DevicePolicyCustomEditParams` - `AccountID param.Field[string]` Path param - `AllowModeSwitch param.Field[bool]` Body param: Whether to allow the user to switch WARP between modes. - `AllowUpdates param.Field[bool]` Body param: Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave param.Field[bool]` Body param: Whether to allow devices to leave the organization. - `AutoConnect param.Field[float64]` Body param: The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal param.Field[float64]` Body param: Turn on the captive portal after the specified amount of time. - `Description param.Field[string]` Body param: A description of the policy. - `DisableAutoFallback param.Field[bool]` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled param.Field[bool]` Body param: Whether the policy will be applied to matching devices. - `Exclude param.Field[[]SplitTunnelExclude]` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs param.Field[bool]` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `Include param.Field[[]SplitTunnelInclude]` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes param.Field[float64]` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize param.Field[float64]` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `Match param.Field[string]` Body param: The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `Name param.Field[string]` Body param: The name of the device settings profile. - `Precedence param.Field[float64]` Body param: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `RegisterInterfaceIPWithDNS param.Field[bool]` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport param.Field[bool]` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 param.Field[DevicePolicyCustomEditParamsServiceModeV2]` Body param - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL param.Field[string]` Body param: The URL to launch when the Send Feedback button is clicked. - `SwitchLocked param.Field[bool]` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `TunnelProtocol param.Field[string]` Body param: Determines which tunnel protocol to use. ### Returns - `type SettingsPolicy struct{…}` - `AllowModeSwitch bool` Whether to allow the user to switch WARP between modes. - `AllowUpdates bool` Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave bool` Whether to allow devices to leave the organization. - `AutoConnect float64` The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal float64` Turn on the captive portal after the specified amount of time. - `Default bool` Whether the policy is the default policy for an account. - `Description string` A description of the policy. - `DisableAutoFallback bool` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled bool` Whether the policy will be applied to matching devices. - `Exclude []SplitTunnelExclude` List of routes excluded in the WARP client's tunnel. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs bool` Whether to add Microsoft IPs to Split Tunnel exclusions. - `FallbackDomains []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. - `GatewayUniqueID string` - `Include []SplitTunnelInclude` List of routes included in the WARP client's tunnel. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes float64` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize float64` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `Match string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `Name string` The name of the device settings profile. - `PolicyID string` - `Precedence float64` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `RegisterInterfaceIPWithDNS bool` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport bool` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 SettingsPolicyServiceModeV2` - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL string` The URL to launch when the Send Feedback button is clicked. - `SwitchLocked bool` Whether to allow the user to turn off the WARP switch and disconnect the client. - `TargetTests []SettingsPolicyTargetTest` - `ID string` The id of the DEX test targeting this policy. - `Name string` The name of the DEX test targeting this policy. - `TunnelProtocol string` Determines which tunnel protocol to use. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) settingsPolicy, err := client.ZeroTrust.Devices.Policies.Custom.Edit( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomEditParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", settingsPolicy.GatewayUniqueID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Delete a device settings profile `client.ZeroTrust.Devices.Policies.Custom.Delete(ctx, policyID, body) (*SinglePage[SettingsPolicy], error)` **delete** `/accounts/{account_id}/devices/policy/{policy_id}` Deletes a device settings profile and fetches a list of the remaining profiles for an account. ### Parameters - `policyID string` - `body DevicePolicyCustomDeleteParams` - `AccountID param.Field[string]` ### Returns - `type SettingsPolicy struct{…}` - `AllowModeSwitch bool` Whether to allow the user to switch WARP between modes. - `AllowUpdates bool` Whether to receive update notifications when a new version of the client is available. - `AllowedToLeave bool` Whether to allow devices to leave the organization. - `AutoConnect float64` The amount of time in seconds to reconnect after having been disabled. - `CaptivePortal float64` Turn on the captive portal after the specified amount of time. - `Default bool` Whether the policy is the default policy for an account. - `Description string` A description of the policy. - `DisableAutoFallback bool` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `Enabled bool` Whether the policy will be applied to matching devices. - `Exclude []SplitTunnelExclude` List of routes excluded in the WARP client's tunnel. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `ExcludeOfficeIPs bool` Whether to add Microsoft IPs to Split Tunnel exclusions. - `FallbackDomains []FallbackDomain` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. - `GatewayUniqueID string` - `Include []SplitTunnelInclude` List of routes included in the WARP client's tunnel. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `LANAllowMinutes float64` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `LANAllowSubnetSize float64` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `Match string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `Name string` The name of the device settings profile. - `PolicyID string` - `Precedence float64` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `RegisterInterfaceIPWithDNS bool` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `SccmVpnBoundarySupport bool` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `ServiceModeV2 SettingsPolicyServiceModeV2` - `Mode string` The mode to run the WARP client under. - `Port float64` The port number when used with proxy mode. - `SupportURL string` The URL to launch when the Send Feedback button is clicked. - `SwitchLocked bool` Whether to allow the user to turn off the WARP switch and disconnect the client. - `TargetTests []SettingsPolicyTargetTest` - `ID string` The id of the DEX test targeting this policy. - `Name string` The name of the DEX test targeting this policy. - `TunnelProtocol string` Determines which tunnel protocol to use. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Custom.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomDeleteParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Excludes ## Get the Split Tunnel exclude list for a device settings profile `client.ZeroTrust.Devices.Policies.Custom.Excludes.Get(ctx, policyID, query) (*SinglePage[SplitTunnelExclude], error)` **get** `/accounts/{account_id}/devices/policy/{policy_id}/exclude` Fetches the list of routes excluded from the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyID string` - `query DevicePolicyCustomExcludeGetParams` - `AccountID param.Field[string]` ### Returns - `type SplitTunnelExclude interface{…}` - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Custom.Excludes.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomExcludeGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel exclude list for a device settings profile `client.ZeroTrust.Devices.Policies.Custom.Excludes.Update(ctx, policyID, params) (*SinglePage[SplitTunnelExclude], error)` **put** `/accounts/{account_id}/devices/policy/{policy_id}/exclude` Sets the list of routes excluded from the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyID string` - `params DevicePolicyCustomExcludeUpdateParams` - `AccountID param.Field[string]` Path param - `Body param.Field[[]SplitTunnelExclude]` Body param - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `type SplitTunnelExclude interface{…}` - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Custom.Excludes.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomExcludeUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Body: []zero_trust.SplitTunnelExcludeUnionParam{zero_trust.SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddressParam{ Address: cloudflare.F("192.0.2.0/24"), }}, }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Includes ## Get the Split Tunnel include list for a device settings profile `client.ZeroTrust.Devices.Policies.Custom.Includes.Get(ctx, policyID, query) (*SinglePage[SplitTunnelInclude], error)` **get** `/accounts/{account_id}/devices/policy/{policy_id}/include` Fetches the list of routes included in the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyID string` - `query DevicePolicyCustomIncludeGetParams` - `AccountID param.Field[string]` ### Returns - `type SplitTunnelInclude interface{…}` - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Custom.Includes.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomIncludeGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel include list for a device settings profile `client.ZeroTrust.Devices.Policies.Custom.Includes.Update(ctx, policyID, params) (*SinglePage[SplitTunnelInclude], error)` **put** `/accounts/{account_id}/devices/policy/{policy_id}/include` Sets the list of routes included in the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyID string` - `params DevicePolicyCustomIncludeUpdateParams` - `AccountID param.Field[string]` Path param - `Body param.Field[[]SplitTunnelInclude]` Body param - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `type SplitTunnelInclude interface{…}` - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}` - `Address string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. - `type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}` - `Host string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `Description string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Custom.Includes.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomIncludeUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Body: []zero_trust.SplitTunnelIncludeUnionParam{zero_trust.SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddressParam{ Address: cloudflare.F("192.0.2.0/24"), }}, }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Fallback Domains ## Get the Local Domain Fallback list for a device settings profile `client.ZeroTrust.Devices.Policies.Custom.FallbackDomains.Get(ctx, policyID, query) (*SinglePage[FallbackDomain], error)` **get** `/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains` Fetches the list of domains to bypass Gateway DNS resolution from a specified device settings profile. These domains will use the specified local DNS resolver instead. ### Parameters - `policyID string` - `query DevicePolicyCustomFallbackDomainGetParams` - `AccountID param.Field[string]` ### Returns - `type FallbackDomain struct{…}` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Custom.FallbackDomains.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomFallbackDomainGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Local Domain Fallback list for a device settings profile `client.ZeroTrust.Devices.Policies.Custom.FallbackDomains.Update(ctx, policyID, params) (*SinglePage[FallbackDomain], error)` **put** `/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains` Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. This will only apply to the specified device settings profile. ### Parameters - `policyID string` - `params DevicePolicyCustomFallbackDomainUpdateParams` - `AccountID param.Field[string]` Path param - `Domains param.Field[[]FallbackDomain]` Body param - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. ### Returns - `type FallbackDomain struct{…}` - `Suffix string` The domain suffix to match when resolving locally. - `Description string` A description of the fallback domain, displayed in the client UI. - `DNSServer []string` A list of IP addresses to handle domain resolution. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Policies.Custom.FallbackDomains.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePolicyCustomFallbackDomainUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Domains: []zero_trust.FallbackDomainParam{zero_trust.FallbackDomainParam{ Suffix: cloudflare.F("example.com"), }}, }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Posture ## List device posture rules `client.ZeroTrust.Devices.Posture.List(ctx, query) (*SinglePage[DevicePostureRule], error)` **get** `/accounts/{account_id}/devices/posture` Fetches device posture rules for a Zero Trust account. ### Parameters - `query DevicePostureListParams` - `AccountID param.Field[string]` ### Returns - `type DevicePostureRule struct{…}` - `ID string` API UUID. - `Description string` The description of the device posture rule. - `Expiration string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `Input DeviceInput` The value to be checked against. - `type FileInput struct{…}` - `OperatingSystem FileInputOperatingSystem` Operating system. - `const FileInputOperatingSystemWindows FileInputOperatingSystem = "windows"` - `const FileInputOperatingSystemLinux FileInputOperatingSystem = "linux"` - `const FileInputOperatingSystemMac FileInputOperatingSystem = "mac"` - `Path string` File path. - `Exists bool` Whether or not file exists. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type UniqueClientIDInput struct{…}` - `ID string` List ID. - `OperatingSystem UniqueClientIDInputOperatingSystem` Operating System. - `const UniqueClientIDInputOperatingSystemAndroid UniqueClientIDInputOperatingSystem = "android"` - `const UniqueClientIDInputOperatingSystemIos UniqueClientIDInputOperatingSystem = "ios"` - `const UniqueClientIDInputOperatingSystemChromeos UniqueClientIDInputOperatingSystem = "chromeos"` - `type DomainJoinedInput struct{…}` - `OperatingSystem DomainJoinedInputOperatingSystem` Operating System. - `const DomainJoinedInputOperatingSystemWindows DomainJoinedInputOperatingSystem = "windows"` - `Domain string` Domain. - `type OSVersionInput struct{…}` - `OperatingSystem OSVersionInputOperatingSystem` Operating System. - `const OSVersionInputOperatingSystemWindows OSVersionInputOperatingSystem = "windows"` - `Operator OSVersionInputOperator` Operator. - `const OSVersionInputOperatorLess OSVersionInputOperator = "<"` - `const OSVersionInputOperatorLessOrEquals OSVersionInputOperator = "<="` - `const OSVersionInputOperatorGreater OSVersionInputOperator = ">"` - `const OSVersionInputOperatorGreaterOrEquals OSVersionInputOperator = ">="` - `const OSVersionInputOperatorEquals OSVersionInputOperator = "=="` - `Version string` Version of OS. - `OSDistroName string` Operating System Distribution Name (linux only). - `OSDistroRevision string` Version of OS Distribution (linux only). - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `type FirewallInput struct{…}` - `Enabled bool` Enabled. - `OperatingSystem FirewallInputOperatingSystem` Operating System. - `const FirewallInputOperatingSystemWindows FirewallInputOperatingSystem = "windows"` - `const FirewallInputOperatingSystemMac FirewallInputOperatingSystem = "mac"` - `type SentineloneInput struct{…}` - `OperatingSystem SentineloneInputOperatingSystem` Operating system. - `const SentineloneInputOperatingSystemWindows SentineloneInputOperatingSystem = "windows"` - `const SentineloneInputOperatingSystemLinux SentineloneInputOperatingSystem = "linux"` - `const SentineloneInputOperatingSystemMac SentineloneInputOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesCarbonblackInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemWindows DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemLinux DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemMac DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesAccessSerialNumberListInputRequest struct{…}` - `ID string` UUID of Access List. - `type DiskEncryptionInput struct{…}` - `CheckDisks []CarbonblackInput` List of volume names to be checked for encryption. - `RequireAll bool` Whether to check all disks for encryption. - `type DeviceInputTeamsDevicesApplicationInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemWindows DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemLinux DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemMac DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "mac"` - `Path string` Path for the application. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type ClientCertificateInput struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `Cn string` Common Name that is protected by the certificate. - `type DeviceInputTeamsDevicesClientCertificateV2InputRequest struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `CheckPrivateKey bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `OperatingSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemWindows DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemLinux DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemMac DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "mac"` - `Cn string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `ExtendedKeyUsage []DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage` List of values indicating purposes for which the certificate public key can be used. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageClientAuth DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "clientAuth"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageEmailProtection DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "emailProtection"` - `Locations DeviceInputTeamsDevicesClientCertificateV2InputRequestLocations` - `Paths []string` List of paths to check for client certificate on linux. - `TrustStores []DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore` List of trust stores to check for client certificate. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "system"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreUser DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "user"` - `SubjectAlternativeNames []string` List of certificate Subject Alternative Names. - `type DeviceInputTeamsDevicesAntivirusInputRequest struct{…}` - `UpdateWindowDays float64` Number of days that the antivirus should be updated within. - `type WorkspaceOneInput struct{…}` - `ComplianceStatus WorkspaceOneInputComplianceStatus` Compliance Status. - `const WorkspaceOneInputComplianceStatusCompliant WorkspaceOneInputComplianceStatus = "compliant"` - `const WorkspaceOneInputComplianceStatusNoncompliant WorkspaceOneInputComplianceStatus = "noncompliant"` - `const WorkspaceOneInputComplianceStatusUnknown WorkspaceOneInputComplianceStatus = "unknown"` - `ConnectionID string` Posture Integration ID. - `type CrowdstrikeInput struct{…}` - `ConnectionID string` Posture Integration ID. - `LastSeen string` For more details on last seen, please refer to the Crowdstrike documentation. - `Operator CrowdstrikeInputOperator` Operator. - `const CrowdstrikeInputOperatorLess CrowdstrikeInputOperator = "<"` - `const CrowdstrikeInputOperatorLessOrEquals CrowdstrikeInputOperator = "<="` - `const CrowdstrikeInputOperatorGreater CrowdstrikeInputOperator = ">"` - `const CrowdstrikeInputOperatorGreaterOrEquals CrowdstrikeInputOperator = ">="` - `const CrowdstrikeInputOperatorEquals CrowdstrikeInputOperator = "=="` - `OS string` Os Version. - `Overall string` Overall. - `SensorConfig string` SensorConfig. - `State CrowdstrikeInputState` For more details on state, please refer to the Crowdstrike documentation. - `const CrowdstrikeInputStateOnline CrowdstrikeInputState = "online"` - `const CrowdstrikeInputStateOffline CrowdstrikeInputState = "offline"` - `const CrowdstrikeInputStateUnknown CrowdstrikeInputState = "unknown"` - `Version string` Version. - `VersionOperator CrowdstrikeInputVersionOperator` Version Operator. - `const CrowdstrikeInputVersionOperatorLess CrowdstrikeInputVersionOperator = "<"` - `const CrowdstrikeInputVersionOperatorLessOrEquals CrowdstrikeInputVersionOperator = "<="` - `const CrowdstrikeInputVersionOperatorGreater CrowdstrikeInputVersionOperator = ">"` - `const CrowdstrikeInputVersionOperatorGreaterOrEquals CrowdstrikeInputVersionOperator = ">="` - `const CrowdstrikeInputVersionOperatorEquals CrowdstrikeInputVersionOperator = "=="` - `type IntuneInput struct{…}` - `ComplianceStatus IntuneInputComplianceStatus` Compliance Status. - `const IntuneInputComplianceStatusCompliant IntuneInputComplianceStatus = "compliant"` - `const IntuneInputComplianceStatusNoncompliant IntuneInputComplianceStatus = "noncompliant"` - `const IntuneInputComplianceStatusUnknown IntuneInputComplianceStatus = "unknown"` - `const IntuneInputComplianceStatusNotapplicable IntuneInputComplianceStatus = "notapplicable"` - `const IntuneInputComplianceStatusIngraceperiod IntuneInputComplianceStatus = "ingraceperiod"` - `const IntuneInputComplianceStatusError IntuneInputComplianceStatus = "error"` - `ConnectionID string` Posture Integration ID. - `type KolideInput struct{…}` - `ConnectionID string` Posture Integration ID. - `CountOperator KolideInputCountOperator` Count Operator. - `const KolideInputCountOperatorLess KolideInputCountOperator = "<"` - `const KolideInputCountOperatorLessOrEquals KolideInputCountOperator = "<="` - `const KolideInputCountOperatorGreater KolideInputCountOperator = ">"` - `const KolideInputCountOperatorGreaterOrEquals KolideInputCountOperator = ">="` - `const KolideInputCountOperatorEquals KolideInputCountOperator = "=="` - `IssueCount string` The Number of Issues. - `type TaniumInput struct{…}` - `ConnectionID string` Posture Integration ID. - `EidLastSeen string` For more details on eid last seen, refer to the Tanium documentation. - `Operator TaniumInputOperator` Operator to evaluate risk_level or eid_last_seen. - `const TaniumInputOperatorLess TaniumInputOperator = "<"` - `const TaniumInputOperatorLessOrEquals TaniumInputOperator = "<="` - `const TaniumInputOperatorGreater TaniumInputOperator = ">"` - `const TaniumInputOperatorGreaterOrEquals TaniumInputOperator = ">="` - `const TaniumInputOperatorEquals TaniumInputOperator = "=="` - `RiskLevel TaniumInputRiskLevel` For more details on risk level, refer to the Tanium documentation. - `const TaniumInputRiskLevelLow TaniumInputRiskLevel = "low"` - `const TaniumInputRiskLevelMedium TaniumInputRiskLevel = "medium"` - `const TaniumInputRiskLevelHigh TaniumInputRiskLevel = "high"` - `const TaniumInputRiskLevelCritical TaniumInputRiskLevel = "critical"` - `ScoreOperator TaniumInputScoreOperator` Score Operator. - `const TaniumInputScoreOperatorLess TaniumInputScoreOperator = "<"` - `const TaniumInputScoreOperatorLessOrEquals TaniumInputScoreOperator = "<="` - `const TaniumInputScoreOperatorGreater TaniumInputScoreOperator = ">"` - `const TaniumInputScoreOperatorGreaterOrEquals TaniumInputScoreOperator = ">="` - `const TaniumInputScoreOperatorEquals TaniumInputScoreOperator = "=="` - `TotalScore float64` For more details on total score, refer to the Tanium documentation. - `type SentineloneS2sInput struct{…}` - `ConnectionID string` Posture Integration ID. - `ActiveThreats float64` The Number of active threats. - `Infected bool` Whether device is infected. - `IsActive bool` Whether device is active. - `NetworkStatus SentineloneS2sInputNetworkStatus` Network status of device. - `const SentineloneS2sInputNetworkStatusConnected SentineloneS2sInputNetworkStatus = "connected"` - `const SentineloneS2sInputNetworkStatusDisconnected SentineloneS2sInputNetworkStatus = "disconnected"` - `const SentineloneS2sInputNetworkStatusDisconnecting SentineloneS2sInputNetworkStatus = "disconnecting"` - `const SentineloneS2sInputNetworkStatusConnecting SentineloneS2sInputNetworkStatus = "connecting"` - `OperationalState SentineloneS2sInputOperationalState` Agent operational state. - `const SentineloneS2sInputOperationalStateNa SentineloneS2sInputOperationalState = "na"` - `const SentineloneS2sInputOperationalStatePartiallyDisabled SentineloneS2sInputOperationalState = "partially_disabled"` - `const SentineloneS2sInputOperationalStateAutoFullyDisabled SentineloneS2sInputOperationalState = "auto_fully_disabled"` - `const SentineloneS2sInputOperationalStateFullyDisabled SentineloneS2sInputOperationalState = "fully_disabled"` - `const SentineloneS2sInputOperationalStateAutoPartiallyDisabled SentineloneS2sInputOperationalState = "auto_partially_disabled"` - `const SentineloneS2sInputOperationalStateDisabledError SentineloneS2sInputOperationalState = "disabled_error"` - `const SentineloneS2sInputOperationalStateDBCorruption SentineloneS2sInputOperationalState = "db_corruption"` - `Operator SentineloneS2sInputOperator` Operator. - `const SentineloneS2sInputOperatorLess SentineloneS2sInputOperator = "<"` - `const SentineloneS2sInputOperatorLessOrEquals SentineloneS2sInputOperator = "<="` - `const SentineloneS2sInputOperatorGreater SentineloneS2sInputOperator = ">"` - `const SentineloneS2sInputOperatorGreaterOrEquals SentineloneS2sInputOperator = ">="` - `const SentineloneS2sInputOperatorEquals SentineloneS2sInputOperator = "=="` - `type DeviceInputTeamsDevicesCustomS2sInputRequest struct{…}` - `ConnectionID string` Posture Integration ID. - `Operator DeviceInputTeamsDevicesCustomS2sInputRequestOperator` Operator. - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLess DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLessOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreater DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreaterOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "=="` - `Score float64` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `Match []DeviceMatch` The conditions that the client must match to run the rule. - `Platform DeviceMatchPlatform` - `const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"` - `const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"` - `const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"` - `const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"` - `const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"` - `const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"` - `Name string` The name of the device posture rule. - `Schedule string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `Type DevicePostureRuleType` The type of device posture rule. - `const DevicePostureRuleTypeFile DevicePostureRuleType = "file"` - `const DevicePostureRuleTypeApplication DevicePostureRuleType = "application"` - `const DevicePostureRuleTypeTanium DevicePostureRuleType = "tanium"` - `const DevicePostureRuleTypeGateway DevicePostureRuleType = "gateway"` - `const DevicePostureRuleTypeWARP DevicePostureRuleType = "warp"` - `const DevicePostureRuleTypeDiskEncryption DevicePostureRuleType = "disk_encryption"` - `const DevicePostureRuleTypeSerialNumber DevicePostureRuleType = "serial_number"` - `const DevicePostureRuleTypeSentinelone DevicePostureRuleType = "sentinelone"` - `const DevicePostureRuleTypeCarbonblack DevicePostureRuleType = "carbonblack"` - `const DevicePostureRuleTypeFirewall DevicePostureRuleType = "firewall"` - `const DevicePostureRuleTypeOSVersion DevicePostureRuleType = "os_version"` - `const DevicePostureRuleTypeDomainJoined DevicePostureRuleType = "domain_joined"` - `const DevicePostureRuleTypeClientCertificate DevicePostureRuleType = "client_certificate"` - `const DevicePostureRuleTypeClientCertificateV2 DevicePostureRuleType = "client_certificate_v2"` - `const DevicePostureRuleTypeAntivirus DevicePostureRuleType = "antivirus"` - `const DevicePostureRuleTypeUniqueClientID DevicePostureRuleType = "unique_client_id"` - `const DevicePostureRuleTypeKolide DevicePostureRuleType = "kolide"` - `const DevicePostureRuleTypeTaniumS2s DevicePostureRuleType = "tanium_s2s"` - `const DevicePostureRuleTypeCrowdstrikeS2s DevicePostureRuleType = "crowdstrike_s2s"` - `const DevicePostureRuleTypeIntune DevicePostureRuleType = "intune"` - `const DevicePostureRuleTypeWorkspaceOne DevicePostureRuleType = "workspace_one"` - `const DevicePostureRuleTypeSentineloneS2s DevicePostureRuleType = "sentinelone_s2s"` - `const DevicePostureRuleTypeCustomS2s DevicePostureRuleType = "custom_s2s"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Posture.List(context.TODO(), zero_trust.DevicePostureListParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device posture rule details `client.ZeroTrust.Devices.Posture.Get(ctx, ruleID, query) (*DevicePostureRule, error)` **get** `/accounts/{account_id}/devices/posture/{rule_id}` Fetches a single device posture rule. ### Parameters - `ruleID string` API UUID. - `query DevicePostureGetParams` - `AccountID param.Field[string]` ### Returns - `type DevicePostureRule struct{…}` - `ID string` API UUID. - `Description string` The description of the device posture rule. - `Expiration string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `Input DeviceInput` The value to be checked against. - `type FileInput struct{…}` - `OperatingSystem FileInputOperatingSystem` Operating system. - `const FileInputOperatingSystemWindows FileInputOperatingSystem = "windows"` - `const FileInputOperatingSystemLinux FileInputOperatingSystem = "linux"` - `const FileInputOperatingSystemMac FileInputOperatingSystem = "mac"` - `Path string` File path. - `Exists bool` Whether or not file exists. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type UniqueClientIDInput struct{…}` - `ID string` List ID. - `OperatingSystem UniqueClientIDInputOperatingSystem` Operating System. - `const UniqueClientIDInputOperatingSystemAndroid UniqueClientIDInputOperatingSystem = "android"` - `const UniqueClientIDInputOperatingSystemIos UniqueClientIDInputOperatingSystem = "ios"` - `const UniqueClientIDInputOperatingSystemChromeos UniqueClientIDInputOperatingSystem = "chromeos"` - `type DomainJoinedInput struct{…}` - `OperatingSystem DomainJoinedInputOperatingSystem` Operating System. - `const DomainJoinedInputOperatingSystemWindows DomainJoinedInputOperatingSystem = "windows"` - `Domain string` Domain. - `type OSVersionInput struct{…}` - `OperatingSystem OSVersionInputOperatingSystem` Operating System. - `const OSVersionInputOperatingSystemWindows OSVersionInputOperatingSystem = "windows"` - `Operator OSVersionInputOperator` Operator. - `const OSVersionInputOperatorLess OSVersionInputOperator = "<"` - `const OSVersionInputOperatorLessOrEquals OSVersionInputOperator = "<="` - `const OSVersionInputOperatorGreater OSVersionInputOperator = ">"` - `const OSVersionInputOperatorGreaterOrEquals OSVersionInputOperator = ">="` - `const OSVersionInputOperatorEquals OSVersionInputOperator = "=="` - `Version string` Version of OS. - `OSDistroName string` Operating System Distribution Name (linux only). - `OSDistroRevision string` Version of OS Distribution (linux only). - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `type FirewallInput struct{…}` - `Enabled bool` Enabled. - `OperatingSystem FirewallInputOperatingSystem` Operating System. - `const FirewallInputOperatingSystemWindows FirewallInputOperatingSystem = "windows"` - `const FirewallInputOperatingSystemMac FirewallInputOperatingSystem = "mac"` - `type SentineloneInput struct{…}` - `OperatingSystem SentineloneInputOperatingSystem` Operating system. - `const SentineloneInputOperatingSystemWindows SentineloneInputOperatingSystem = "windows"` - `const SentineloneInputOperatingSystemLinux SentineloneInputOperatingSystem = "linux"` - `const SentineloneInputOperatingSystemMac SentineloneInputOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesCarbonblackInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemWindows DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemLinux DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemMac DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesAccessSerialNumberListInputRequest struct{…}` - `ID string` UUID of Access List. - `type DiskEncryptionInput struct{…}` - `CheckDisks []CarbonblackInput` List of volume names to be checked for encryption. - `RequireAll bool` Whether to check all disks for encryption. - `type DeviceInputTeamsDevicesApplicationInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemWindows DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemLinux DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemMac DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "mac"` - `Path string` Path for the application. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type ClientCertificateInput struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `Cn string` Common Name that is protected by the certificate. - `type DeviceInputTeamsDevicesClientCertificateV2InputRequest struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `CheckPrivateKey bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `OperatingSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemWindows DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemLinux DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemMac DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "mac"` - `Cn string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `ExtendedKeyUsage []DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage` List of values indicating purposes for which the certificate public key can be used. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageClientAuth DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "clientAuth"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageEmailProtection DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "emailProtection"` - `Locations DeviceInputTeamsDevicesClientCertificateV2InputRequestLocations` - `Paths []string` List of paths to check for client certificate on linux. - `TrustStores []DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore` List of trust stores to check for client certificate. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "system"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreUser DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "user"` - `SubjectAlternativeNames []string` List of certificate Subject Alternative Names. - `type DeviceInputTeamsDevicesAntivirusInputRequest struct{…}` - `UpdateWindowDays float64` Number of days that the antivirus should be updated within. - `type WorkspaceOneInput struct{…}` - `ComplianceStatus WorkspaceOneInputComplianceStatus` Compliance Status. - `const WorkspaceOneInputComplianceStatusCompliant WorkspaceOneInputComplianceStatus = "compliant"` - `const WorkspaceOneInputComplianceStatusNoncompliant WorkspaceOneInputComplianceStatus = "noncompliant"` - `const WorkspaceOneInputComplianceStatusUnknown WorkspaceOneInputComplianceStatus = "unknown"` - `ConnectionID string` Posture Integration ID. - `type CrowdstrikeInput struct{…}` - `ConnectionID string` Posture Integration ID. - `LastSeen string` For more details on last seen, please refer to the Crowdstrike documentation. - `Operator CrowdstrikeInputOperator` Operator. - `const CrowdstrikeInputOperatorLess CrowdstrikeInputOperator = "<"` - `const CrowdstrikeInputOperatorLessOrEquals CrowdstrikeInputOperator = "<="` - `const CrowdstrikeInputOperatorGreater CrowdstrikeInputOperator = ">"` - `const CrowdstrikeInputOperatorGreaterOrEquals CrowdstrikeInputOperator = ">="` - `const CrowdstrikeInputOperatorEquals CrowdstrikeInputOperator = "=="` - `OS string` Os Version. - `Overall string` Overall. - `SensorConfig string` SensorConfig. - `State CrowdstrikeInputState` For more details on state, please refer to the Crowdstrike documentation. - `const CrowdstrikeInputStateOnline CrowdstrikeInputState = "online"` - `const CrowdstrikeInputStateOffline CrowdstrikeInputState = "offline"` - `const CrowdstrikeInputStateUnknown CrowdstrikeInputState = "unknown"` - `Version string` Version. - `VersionOperator CrowdstrikeInputVersionOperator` Version Operator. - `const CrowdstrikeInputVersionOperatorLess CrowdstrikeInputVersionOperator = "<"` - `const CrowdstrikeInputVersionOperatorLessOrEquals CrowdstrikeInputVersionOperator = "<="` - `const CrowdstrikeInputVersionOperatorGreater CrowdstrikeInputVersionOperator = ">"` - `const CrowdstrikeInputVersionOperatorGreaterOrEquals CrowdstrikeInputVersionOperator = ">="` - `const CrowdstrikeInputVersionOperatorEquals CrowdstrikeInputVersionOperator = "=="` - `type IntuneInput struct{…}` - `ComplianceStatus IntuneInputComplianceStatus` Compliance Status. - `const IntuneInputComplianceStatusCompliant IntuneInputComplianceStatus = "compliant"` - `const IntuneInputComplianceStatusNoncompliant IntuneInputComplianceStatus = "noncompliant"` - `const IntuneInputComplianceStatusUnknown IntuneInputComplianceStatus = "unknown"` - `const IntuneInputComplianceStatusNotapplicable IntuneInputComplianceStatus = "notapplicable"` - `const IntuneInputComplianceStatusIngraceperiod IntuneInputComplianceStatus = "ingraceperiod"` - `const IntuneInputComplianceStatusError IntuneInputComplianceStatus = "error"` - `ConnectionID string` Posture Integration ID. - `type KolideInput struct{…}` - `ConnectionID string` Posture Integration ID. - `CountOperator KolideInputCountOperator` Count Operator. - `const KolideInputCountOperatorLess KolideInputCountOperator = "<"` - `const KolideInputCountOperatorLessOrEquals KolideInputCountOperator = "<="` - `const KolideInputCountOperatorGreater KolideInputCountOperator = ">"` - `const KolideInputCountOperatorGreaterOrEquals KolideInputCountOperator = ">="` - `const KolideInputCountOperatorEquals KolideInputCountOperator = "=="` - `IssueCount string` The Number of Issues. - `type TaniumInput struct{…}` - `ConnectionID string` Posture Integration ID. - `EidLastSeen string` For more details on eid last seen, refer to the Tanium documentation. - `Operator TaniumInputOperator` Operator to evaluate risk_level or eid_last_seen. - `const TaniumInputOperatorLess TaniumInputOperator = "<"` - `const TaniumInputOperatorLessOrEquals TaniumInputOperator = "<="` - `const TaniumInputOperatorGreater TaniumInputOperator = ">"` - `const TaniumInputOperatorGreaterOrEquals TaniumInputOperator = ">="` - `const TaniumInputOperatorEquals TaniumInputOperator = "=="` - `RiskLevel TaniumInputRiskLevel` For more details on risk level, refer to the Tanium documentation. - `const TaniumInputRiskLevelLow TaniumInputRiskLevel = "low"` - `const TaniumInputRiskLevelMedium TaniumInputRiskLevel = "medium"` - `const TaniumInputRiskLevelHigh TaniumInputRiskLevel = "high"` - `const TaniumInputRiskLevelCritical TaniumInputRiskLevel = "critical"` - `ScoreOperator TaniumInputScoreOperator` Score Operator. - `const TaniumInputScoreOperatorLess TaniumInputScoreOperator = "<"` - `const TaniumInputScoreOperatorLessOrEquals TaniumInputScoreOperator = "<="` - `const TaniumInputScoreOperatorGreater TaniumInputScoreOperator = ">"` - `const TaniumInputScoreOperatorGreaterOrEquals TaniumInputScoreOperator = ">="` - `const TaniumInputScoreOperatorEquals TaniumInputScoreOperator = "=="` - `TotalScore float64` For more details on total score, refer to the Tanium documentation. - `type SentineloneS2sInput struct{…}` - `ConnectionID string` Posture Integration ID. - `ActiveThreats float64` The Number of active threats. - `Infected bool` Whether device is infected. - `IsActive bool` Whether device is active. - `NetworkStatus SentineloneS2sInputNetworkStatus` Network status of device. - `const SentineloneS2sInputNetworkStatusConnected SentineloneS2sInputNetworkStatus = "connected"` - `const SentineloneS2sInputNetworkStatusDisconnected SentineloneS2sInputNetworkStatus = "disconnected"` - `const SentineloneS2sInputNetworkStatusDisconnecting SentineloneS2sInputNetworkStatus = "disconnecting"` - `const SentineloneS2sInputNetworkStatusConnecting SentineloneS2sInputNetworkStatus = "connecting"` - `OperationalState SentineloneS2sInputOperationalState` Agent operational state. - `const SentineloneS2sInputOperationalStateNa SentineloneS2sInputOperationalState = "na"` - `const SentineloneS2sInputOperationalStatePartiallyDisabled SentineloneS2sInputOperationalState = "partially_disabled"` - `const SentineloneS2sInputOperationalStateAutoFullyDisabled SentineloneS2sInputOperationalState = "auto_fully_disabled"` - `const SentineloneS2sInputOperationalStateFullyDisabled SentineloneS2sInputOperationalState = "fully_disabled"` - `const SentineloneS2sInputOperationalStateAutoPartiallyDisabled SentineloneS2sInputOperationalState = "auto_partially_disabled"` - `const SentineloneS2sInputOperationalStateDisabledError SentineloneS2sInputOperationalState = "disabled_error"` - `const SentineloneS2sInputOperationalStateDBCorruption SentineloneS2sInputOperationalState = "db_corruption"` - `Operator SentineloneS2sInputOperator` Operator. - `const SentineloneS2sInputOperatorLess SentineloneS2sInputOperator = "<"` - `const SentineloneS2sInputOperatorLessOrEquals SentineloneS2sInputOperator = "<="` - `const SentineloneS2sInputOperatorGreater SentineloneS2sInputOperator = ">"` - `const SentineloneS2sInputOperatorGreaterOrEquals SentineloneS2sInputOperator = ">="` - `const SentineloneS2sInputOperatorEquals SentineloneS2sInputOperator = "=="` - `type DeviceInputTeamsDevicesCustomS2sInputRequest struct{…}` - `ConnectionID string` Posture Integration ID. - `Operator DeviceInputTeamsDevicesCustomS2sInputRequestOperator` Operator. - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLess DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLessOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreater DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreaterOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "=="` - `Score float64` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `Match []DeviceMatch` The conditions that the client must match to run the rule. - `Platform DeviceMatchPlatform` - `const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"` - `const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"` - `const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"` - `const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"` - `const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"` - `const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"` - `Name string` The name of the device posture rule. - `Schedule string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `Type DevicePostureRuleType` The type of device posture rule. - `const DevicePostureRuleTypeFile DevicePostureRuleType = "file"` - `const DevicePostureRuleTypeApplication DevicePostureRuleType = "application"` - `const DevicePostureRuleTypeTanium DevicePostureRuleType = "tanium"` - `const DevicePostureRuleTypeGateway DevicePostureRuleType = "gateway"` - `const DevicePostureRuleTypeWARP DevicePostureRuleType = "warp"` - `const DevicePostureRuleTypeDiskEncryption DevicePostureRuleType = "disk_encryption"` - `const DevicePostureRuleTypeSerialNumber DevicePostureRuleType = "serial_number"` - `const DevicePostureRuleTypeSentinelone DevicePostureRuleType = "sentinelone"` - `const DevicePostureRuleTypeCarbonblack DevicePostureRuleType = "carbonblack"` - `const DevicePostureRuleTypeFirewall DevicePostureRuleType = "firewall"` - `const DevicePostureRuleTypeOSVersion DevicePostureRuleType = "os_version"` - `const DevicePostureRuleTypeDomainJoined DevicePostureRuleType = "domain_joined"` - `const DevicePostureRuleTypeClientCertificate DevicePostureRuleType = "client_certificate"` - `const DevicePostureRuleTypeClientCertificateV2 DevicePostureRuleType = "client_certificate_v2"` - `const DevicePostureRuleTypeAntivirus DevicePostureRuleType = "antivirus"` - `const DevicePostureRuleTypeUniqueClientID DevicePostureRuleType = "unique_client_id"` - `const DevicePostureRuleTypeKolide DevicePostureRuleType = "kolide"` - `const DevicePostureRuleTypeTaniumS2s DevicePostureRuleType = "tanium_s2s"` - `const DevicePostureRuleTypeCrowdstrikeS2s DevicePostureRuleType = "crowdstrike_s2s"` - `const DevicePostureRuleTypeIntune DevicePostureRuleType = "intune"` - `const DevicePostureRuleTypeWorkspaceOne DevicePostureRuleType = "workspace_one"` - `const DevicePostureRuleTypeSentineloneS2s DevicePostureRuleType = "sentinelone_s2s"` - `const DevicePostureRuleTypeCustomS2s DevicePostureRuleType = "custom_s2s"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) devicePostureRule, err := client.ZeroTrust.Devices.Posture.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePostureGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", devicePostureRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Create a device posture rule `client.ZeroTrust.Devices.Posture.New(ctx, params) (*DevicePostureRule, error)` **post** `/accounts/{account_id}/devices/posture` Creates a new device posture rule. ### Parameters - `params DevicePostureNewParams` - `AccountID param.Field[string]` Path param - `Name param.Field[string]` Body param: The name of the device posture rule. - `Type param.Field[DevicePostureNewParamsType]` Body param: The type of device posture rule. - `const DevicePostureNewParamsTypeFile DevicePostureNewParamsType = "file"` - `const DevicePostureNewParamsTypeApplication DevicePostureNewParamsType = "application"` - `const DevicePostureNewParamsTypeTanium DevicePostureNewParamsType = "tanium"` - `const DevicePostureNewParamsTypeGateway DevicePostureNewParamsType = "gateway"` - `const DevicePostureNewParamsTypeWARP DevicePostureNewParamsType = "warp"` - `const DevicePostureNewParamsTypeDiskEncryption DevicePostureNewParamsType = "disk_encryption"` - `const DevicePostureNewParamsTypeSerialNumber DevicePostureNewParamsType = "serial_number"` - `const DevicePostureNewParamsTypeSentinelone DevicePostureNewParamsType = "sentinelone"` - `const DevicePostureNewParamsTypeCarbonblack DevicePostureNewParamsType = "carbonblack"` - `const DevicePostureNewParamsTypeFirewall DevicePostureNewParamsType = "firewall"` - `const DevicePostureNewParamsTypeOSVersion DevicePostureNewParamsType = "os_version"` - `const DevicePostureNewParamsTypeDomainJoined DevicePostureNewParamsType = "domain_joined"` - `const DevicePostureNewParamsTypeClientCertificate DevicePostureNewParamsType = "client_certificate"` - `const DevicePostureNewParamsTypeClientCertificateV2 DevicePostureNewParamsType = "client_certificate_v2"` - `const DevicePostureNewParamsTypeAntivirus DevicePostureNewParamsType = "antivirus"` - `const DevicePostureNewParamsTypeUniqueClientID DevicePostureNewParamsType = "unique_client_id"` - `const DevicePostureNewParamsTypeKolide DevicePostureNewParamsType = "kolide"` - `const DevicePostureNewParamsTypeTaniumS2s DevicePostureNewParamsType = "tanium_s2s"` - `const DevicePostureNewParamsTypeCrowdstrikeS2s DevicePostureNewParamsType = "crowdstrike_s2s"` - `const DevicePostureNewParamsTypeIntune DevicePostureNewParamsType = "intune"` - `const DevicePostureNewParamsTypeWorkspaceOne DevicePostureNewParamsType = "workspace_one"` - `const DevicePostureNewParamsTypeSentineloneS2s DevicePostureNewParamsType = "sentinelone_s2s"` - `const DevicePostureNewParamsTypeCustomS2s DevicePostureNewParamsType = "custom_s2s"` - `Description param.Field[string]` Body param: The description of the device posture rule. - `Expiration param.Field[string]` Body param: Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `Input param.Field[DeviceInput]` Body param: The value to be checked against. - `Match param.Field[[]DeviceMatch]` Body param: The conditions that the client must match to run the rule. - `Platform DeviceMatchPlatform` - `const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"` - `const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"` - `const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"` - `const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"` - `const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"` - `const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"` - `Schedule param.Field[string]` Body param: Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. ### Returns - `type DevicePostureRule struct{…}` - `ID string` API UUID. - `Description string` The description of the device posture rule. - `Expiration string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `Input DeviceInput` The value to be checked against. - `type FileInput struct{…}` - `OperatingSystem FileInputOperatingSystem` Operating system. - `const FileInputOperatingSystemWindows FileInputOperatingSystem = "windows"` - `const FileInputOperatingSystemLinux FileInputOperatingSystem = "linux"` - `const FileInputOperatingSystemMac FileInputOperatingSystem = "mac"` - `Path string` File path. - `Exists bool` Whether or not file exists. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type UniqueClientIDInput struct{…}` - `ID string` List ID. - `OperatingSystem UniqueClientIDInputOperatingSystem` Operating System. - `const UniqueClientIDInputOperatingSystemAndroid UniqueClientIDInputOperatingSystem = "android"` - `const UniqueClientIDInputOperatingSystemIos UniqueClientIDInputOperatingSystem = "ios"` - `const UniqueClientIDInputOperatingSystemChromeos UniqueClientIDInputOperatingSystem = "chromeos"` - `type DomainJoinedInput struct{…}` - `OperatingSystem DomainJoinedInputOperatingSystem` Operating System. - `const DomainJoinedInputOperatingSystemWindows DomainJoinedInputOperatingSystem = "windows"` - `Domain string` Domain. - `type OSVersionInput struct{…}` - `OperatingSystem OSVersionInputOperatingSystem` Operating System. - `const OSVersionInputOperatingSystemWindows OSVersionInputOperatingSystem = "windows"` - `Operator OSVersionInputOperator` Operator. - `const OSVersionInputOperatorLess OSVersionInputOperator = "<"` - `const OSVersionInputOperatorLessOrEquals OSVersionInputOperator = "<="` - `const OSVersionInputOperatorGreater OSVersionInputOperator = ">"` - `const OSVersionInputOperatorGreaterOrEquals OSVersionInputOperator = ">="` - `const OSVersionInputOperatorEquals OSVersionInputOperator = "=="` - `Version string` Version of OS. - `OSDistroName string` Operating System Distribution Name (linux only). - `OSDistroRevision string` Version of OS Distribution (linux only). - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `type FirewallInput struct{…}` - `Enabled bool` Enabled. - `OperatingSystem FirewallInputOperatingSystem` Operating System. - `const FirewallInputOperatingSystemWindows FirewallInputOperatingSystem = "windows"` - `const FirewallInputOperatingSystemMac FirewallInputOperatingSystem = "mac"` - `type SentineloneInput struct{…}` - `OperatingSystem SentineloneInputOperatingSystem` Operating system. - `const SentineloneInputOperatingSystemWindows SentineloneInputOperatingSystem = "windows"` - `const SentineloneInputOperatingSystemLinux SentineloneInputOperatingSystem = "linux"` - `const SentineloneInputOperatingSystemMac SentineloneInputOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesCarbonblackInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemWindows DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemLinux DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemMac DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesAccessSerialNumberListInputRequest struct{…}` - `ID string` UUID of Access List. - `type DiskEncryptionInput struct{…}` - `CheckDisks []CarbonblackInput` List of volume names to be checked for encryption. - `RequireAll bool` Whether to check all disks for encryption. - `type DeviceInputTeamsDevicesApplicationInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemWindows DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemLinux DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemMac DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "mac"` - `Path string` Path for the application. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type ClientCertificateInput struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `Cn string` Common Name that is protected by the certificate. - `type DeviceInputTeamsDevicesClientCertificateV2InputRequest struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `CheckPrivateKey bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `OperatingSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemWindows DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemLinux DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemMac DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "mac"` - `Cn string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `ExtendedKeyUsage []DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage` List of values indicating purposes for which the certificate public key can be used. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageClientAuth DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "clientAuth"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageEmailProtection DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "emailProtection"` - `Locations DeviceInputTeamsDevicesClientCertificateV2InputRequestLocations` - `Paths []string` List of paths to check for client certificate on linux. - `TrustStores []DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore` List of trust stores to check for client certificate. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "system"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreUser DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "user"` - `SubjectAlternativeNames []string` List of certificate Subject Alternative Names. - `type DeviceInputTeamsDevicesAntivirusInputRequest struct{…}` - `UpdateWindowDays float64` Number of days that the antivirus should be updated within. - `type WorkspaceOneInput struct{…}` - `ComplianceStatus WorkspaceOneInputComplianceStatus` Compliance Status. - `const WorkspaceOneInputComplianceStatusCompliant WorkspaceOneInputComplianceStatus = "compliant"` - `const WorkspaceOneInputComplianceStatusNoncompliant WorkspaceOneInputComplianceStatus = "noncompliant"` - `const WorkspaceOneInputComplianceStatusUnknown WorkspaceOneInputComplianceStatus = "unknown"` - `ConnectionID string` Posture Integration ID. - `type CrowdstrikeInput struct{…}` - `ConnectionID string` Posture Integration ID. - `LastSeen string` For more details on last seen, please refer to the Crowdstrike documentation. - `Operator CrowdstrikeInputOperator` Operator. - `const CrowdstrikeInputOperatorLess CrowdstrikeInputOperator = "<"` - `const CrowdstrikeInputOperatorLessOrEquals CrowdstrikeInputOperator = "<="` - `const CrowdstrikeInputOperatorGreater CrowdstrikeInputOperator = ">"` - `const CrowdstrikeInputOperatorGreaterOrEquals CrowdstrikeInputOperator = ">="` - `const CrowdstrikeInputOperatorEquals CrowdstrikeInputOperator = "=="` - `OS string` Os Version. - `Overall string` Overall. - `SensorConfig string` SensorConfig. - `State CrowdstrikeInputState` For more details on state, please refer to the Crowdstrike documentation. - `const CrowdstrikeInputStateOnline CrowdstrikeInputState = "online"` - `const CrowdstrikeInputStateOffline CrowdstrikeInputState = "offline"` - `const CrowdstrikeInputStateUnknown CrowdstrikeInputState = "unknown"` - `Version string` Version. - `VersionOperator CrowdstrikeInputVersionOperator` Version Operator. - `const CrowdstrikeInputVersionOperatorLess CrowdstrikeInputVersionOperator = "<"` - `const CrowdstrikeInputVersionOperatorLessOrEquals CrowdstrikeInputVersionOperator = "<="` - `const CrowdstrikeInputVersionOperatorGreater CrowdstrikeInputVersionOperator = ">"` - `const CrowdstrikeInputVersionOperatorGreaterOrEquals CrowdstrikeInputVersionOperator = ">="` - `const CrowdstrikeInputVersionOperatorEquals CrowdstrikeInputVersionOperator = "=="` - `type IntuneInput struct{…}` - `ComplianceStatus IntuneInputComplianceStatus` Compliance Status. - `const IntuneInputComplianceStatusCompliant IntuneInputComplianceStatus = "compliant"` - `const IntuneInputComplianceStatusNoncompliant IntuneInputComplianceStatus = "noncompliant"` - `const IntuneInputComplianceStatusUnknown IntuneInputComplianceStatus = "unknown"` - `const IntuneInputComplianceStatusNotapplicable IntuneInputComplianceStatus = "notapplicable"` - `const IntuneInputComplianceStatusIngraceperiod IntuneInputComplianceStatus = "ingraceperiod"` - `const IntuneInputComplianceStatusError IntuneInputComplianceStatus = "error"` - `ConnectionID string` Posture Integration ID. - `type KolideInput struct{…}` - `ConnectionID string` Posture Integration ID. - `CountOperator KolideInputCountOperator` Count Operator. - `const KolideInputCountOperatorLess KolideInputCountOperator = "<"` - `const KolideInputCountOperatorLessOrEquals KolideInputCountOperator = "<="` - `const KolideInputCountOperatorGreater KolideInputCountOperator = ">"` - `const KolideInputCountOperatorGreaterOrEquals KolideInputCountOperator = ">="` - `const KolideInputCountOperatorEquals KolideInputCountOperator = "=="` - `IssueCount string` The Number of Issues. - `type TaniumInput struct{…}` - `ConnectionID string` Posture Integration ID. - `EidLastSeen string` For more details on eid last seen, refer to the Tanium documentation. - `Operator TaniumInputOperator` Operator to evaluate risk_level or eid_last_seen. - `const TaniumInputOperatorLess TaniumInputOperator = "<"` - `const TaniumInputOperatorLessOrEquals TaniumInputOperator = "<="` - `const TaniumInputOperatorGreater TaniumInputOperator = ">"` - `const TaniumInputOperatorGreaterOrEquals TaniumInputOperator = ">="` - `const TaniumInputOperatorEquals TaniumInputOperator = "=="` - `RiskLevel TaniumInputRiskLevel` For more details on risk level, refer to the Tanium documentation. - `const TaniumInputRiskLevelLow TaniumInputRiskLevel = "low"` - `const TaniumInputRiskLevelMedium TaniumInputRiskLevel = "medium"` - `const TaniumInputRiskLevelHigh TaniumInputRiskLevel = "high"` - `const TaniumInputRiskLevelCritical TaniumInputRiskLevel = "critical"` - `ScoreOperator TaniumInputScoreOperator` Score Operator. - `const TaniumInputScoreOperatorLess TaniumInputScoreOperator = "<"` - `const TaniumInputScoreOperatorLessOrEquals TaniumInputScoreOperator = "<="` - `const TaniumInputScoreOperatorGreater TaniumInputScoreOperator = ">"` - `const TaniumInputScoreOperatorGreaterOrEquals TaniumInputScoreOperator = ">="` - `const TaniumInputScoreOperatorEquals TaniumInputScoreOperator = "=="` - `TotalScore float64` For more details on total score, refer to the Tanium documentation. - `type SentineloneS2sInput struct{…}` - `ConnectionID string` Posture Integration ID. - `ActiveThreats float64` The Number of active threats. - `Infected bool` Whether device is infected. - `IsActive bool` Whether device is active. - `NetworkStatus SentineloneS2sInputNetworkStatus` Network status of device. - `const SentineloneS2sInputNetworkStatusConnected SentineloneS2sInputNetworkStatus = "connected"` - `const SentineloneS2sInputNetworkStatusDisconnected SentineloneS2sInputNetworkStatus = "disconnected"` - `const SentineloneS2sInputNetworkStatusDisconnecting SentineloneS2sInputNetworkStatus = "disconnecting"` - `const SentineloneS2sInputNetworkStatusConnecting SentineloneS2sInputNetworkStatus = "connecting"` - `OperationalState SentineloneS2sInputOperationalState` Agent operational state. - `const SentineloneS2sInputOperationalStateNa SentineloneS2sInputOperationalState = "na"` - `const SentineloneS2sInputOperationalStatePartiallyDisabled SentineloneS2sInputOperationalState = "partially_disabled"` - `const SentineloneS2sInputOperationalStateAutoFullyDisabled SentineloneS2sInputOperationalState = "auto_fully_disabled"` - `const SentineloneS2sInputOperationalStateFullyDisabled SentineloneS2sInputOperationalState = "fully_disabled"` - `const SentineloneS2sInputOperationalStateAutoPartiallyDisabled SentineloneS2sInputOperationalState = "auto_partially_disabled"` - `const SentineloneS2sInputOperationalStateDisabledError SentineloneS2sInputOperationalState = "disabled_error"` - `const SentineloneS2sInputOperationalStateDBCorruption SentineloneS2sInputOperationalState = "db_corruption"` - `Operator SentineloneS2sInputOperator` Operator. - `const SentineloneS2sInputOperatorLess SentineloneS2sInputOperator = "<"` - `const SentineloneS2sInputOperatorLessOrEquals SentineloneS2sInputOperator = "<="` - `const SentineloneS2sInputOperatorGreater SentineloneS2sInputOperator = ">"` - `const SentineloneS2sInputOperatorGreaterOrEquals SentineloneS2sInputOperator = ">="` - `const SentineloneS2sInputOperatorEquals SentineloneS2sInputOperator = "=="` - `type DeviceInputTeamsDevicesCustomS2sInputRequest struct{…}` - `ConnectionID string` Posture Integration ID. - `Operator DeviceInputTeamsDevicesCustomS2sInputRequestOperator` Operator. - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLess DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLessOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreater DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreaterOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "=="` - `Score float64` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `Match []DeviceMatch` The conditions that the client must match to run the rule. - `Platform DeviceMatchPlatform` - `const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"` - `const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"` - `const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"` - `const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"` - `const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"` - `const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"` - `Name string` The name of the device posture rule. - `Schedule string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `Type DevicePostureRuleType` The type of device posture rule. - `const DevicePostureRuleTypeFile DevicePostureRuleType = "file"` - `const DevicePostureRuleTypeApplication DevicePostureRuleType = "application"` - `const DevicePostureRuleTypeTanium DevicePostureRuleType = "tanium"` - `const DevicePostureRuleTypeGateway DevicePostureRuleType = "gateway"` - `const DevicePostureRuleTypeWARP DevicePostureRuleType = "warp"` - `const DevicePostureRuleTypeDiskEncryption DevicePostureRuleType = "disk_encryption"` - `const DevicePostureRuleTypeSerialNumber DevicePostureRuleType = "serial_number"` - `const DevicePostureRuleTypeSentinelone DevicePostureRuleType = "sentinelone"` - `const DevicePostureRuleTypeCarbonblack DevicePostureRuleType = "carbonblack"` - `const DevicePostureRuleTypeFirewall DevicePostureRuleType = "firewall"` - `const DevicePostureRuleTypeOSVersion DevicePostureRuleType = "os_version"` - `const DevicePostureRuleTypeDomainJoined DevicePostureRuleType = "domain_joined"` - `const DevicePostureRuleTypeClientCertificate DevicePostureRuleType = "client_certificate"` - `const DevicePostureRuleTypeClientCertificateV2 DevicePostureRuleType = "client_certificate_v2"` - `const DevicePostureRuleTypeAntivirus DevicePostureRuleType = "antivirus"` - `const DevicePostureRuleTypeUniqueClientID DevicePostureRuleType = "unique_client_id"` - `const DevicePostureRuleTypeKolide DevicePostureRuleType = "kolide"` - `const DevicePostureRuleTypeTaniumS2s DevicePostureRuleType = "tanium_s2s"` - `const DevicePostureRuleTypeCrowdstrikeS2s DevicePostureRuleType = "crowdstrike_s2s"` - `const DevicePostureRuleTypeIntune DevicePostureRuleType = "intune"` - `const DevicePostureRuleTypeWorkspaceOne DevicePostureRuleType = "workspace_one"` - `const DevicePostureRuleTypeSentineloneS2s DevicePostureRuleType = "sentinelone_s2s"` - `const DevicePostureRuleTypeCustomS2s DevicePostureRuleType = "custom_s2s"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) devicePostureRule, err := client.ZeroTrust.Devices.Posture.New(context.TODO(), zero_trust.DevicePostureNewParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Name: cloudflare.F("Admin Serial Numbers"), Type: cloudflare.F(zero_trust.DevicePostureNewParamsTypeFile), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", devicePostureRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Update a device posture rule `client.ZeroTrust.Devices.Posture.Update(ctx, ruleID, params) (*DevicePostureRule, error)` **put** `/accounts/{account_id}/devices/posture/{rule_id}` Updates a device posture rule. ### Parameters - `ruleID string` API UUID. - `params DevicePostureUpdateParams` - `AccountID param.Field[string]` Path param - `Name param.Field[string]` Body param: The name of the device posture rule. - `Type param.Field[DevicePostureUpdateParamsType]` Body param: The type of device posture rule. - `const DevicePostureUpdateParamsTypeFile DevicePostureUpdateParamsType = "file"` - `const DevicePostureUpdateParamsTypeApplication DevicePostureUpdateParamsType = "application"` - `const DevicePostureUpdateParamsTypeTanium DevicePostureUpdateParamsType = "tanium"` - `const DevicePostureUpdateParamsTypeGateway DevicePostureUpdateParamsType = "gateway"` - `const DevicePostureUpdateParamsTypeWARP DevicePostureUpdateParamsType = "warp"` - `const DevicePostureUpdateParamsTypeDiskEncryption DevicePostureUpdateParamsType = "disk_encryption"` - `const DevicePostureUpdateParamsTypeSerialNumber DevicePostureUpdateParamsType = "serial_number"` - `const DevicePostureUpdateParamsTypeSentinelone DevicePostureUpdateParamsType = "sentinelone"` - `const DevicePostureUpdateParamsTypeCarbonblack DevicePostureUpdateParamsType = "carbonblack"` - `const DevicePostureUpdateParamsTypeFirewall DevicePostureUpdateParamsType = "firewall"` - `const DevicePostureUpdateParamsTypeOSVersion DevicePostureUpdateParamsType = "os_version"` - `const DevicePostureUpdateParamsTypeDomainJoined DevicePostureUpdateParamsType = "domain_joined"` - `const DevicePostureUpdateParamsTypeClientCertificate DevicePostureUpdateParamsType = "client_certificate"` - `const DevicePostureUpdateParamsTypeClientCertificateV2 DevicePostureUpdateParamsType = "client_certificate_v2"` - `const DevicePostureUpdateParamsTypeAntivirus DevicePostureUpdateParamsType = "antivirus"` - `const DevicePostureUpdateParamsTypeUniqueClientID DevicePostureUpdateParamsType = "unique_client_id"` - `const DevicePostureUpdateParamsTypeKolide DevicePostureUpdateParamsType = "kolide"` - `const DevicePostureUpdateParamsTypeTaniumS2s DevicePostureUpdateParamsType = "tanium_s2s"` - `const DevicePostureUpdateParamsTypeCrowdstrikeS2s DevicePostureUpdateParamsType = "crowdstrike_s2s"` - `const DevicePostureUpdateParamsTypeIntune DevicePostureUpdateParamsType = "intune"` - `const DevicePostureUpdateParamsTypeWorkspaceOne DevicePostureUpdateParamsType = "workspace_one"` - `const DevicePostureUpdateParamsTypeSentineloneS2s DevicePostureUpdateParamsType = "sentinelone_s2s"` - `const DevicePostureUpdateParamsTypeCustomS2s DevicePostureUpdateParamsType = "custom_s2s"` - `Description param.Field[string]` Body param: The description of the device posture rule. - `Expiration param.Field[string]` Body param: Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `Input param.Field[DeviceInput]` Body param: The value to be checked against. - `Match param.Field[[]DeviceMatch]` Body param: The conditions that the client must match to run the rule. - `Platform DeviceMatchPlatform` - `const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"` - `const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"` - `const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"` - `const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"` - `const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"` - `const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"` - `Schedule param.Field[string]` Body param: Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. ### Returns - `type DevicePostureRule struct{…}` - `ID string` API UUID. - `Description string` The description of the device posture rule. - `Expiration string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `Input DeviceInput` The value to be checked against. - `type FileInput struct{…}` - `OperatingSystem FileInputOperatingSystem` Operating system. - `const FileInputOperatingSystemWindows FileInputOperatingSystem = "windows"` - `const FileInputOperatingSystemLinux FileInputOperatingSystem = "linux"` - `const FileInputOperatingSystemMac FileInputOperatingSystem = "mac"` - `Path string` File path. - `Exists bool` Whether or not file exists. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type UniqueClientIDInput struct{…}` - `ID string` List ID. - `OperatingSystem UniqueClientIDInputOperatingSystem` Operating System. - `const UniqueClientIDInputOperatingSystemAndroid UniqueClientIDInputOperatingSystem = "android"` - `const UniqueClientIDInputOperatingSystemIos UniqueClientIDInputOperatingSystem = "ios"` - `const UniqueClientIDInputOperatingSystemChromeos UniqueClientIDInputOperatingSystem = "chromeos"` - `type DomainJoinedInput struct{…}` - `OperatingSystem DomainJoinedInputOperatingSystem` Operating System. - `const DomainJoinedInputOperatingSystemWindows DomainJoinedInputOperatingSystem = "windows"` - `Domain string` Domain. - `type OSVersionInput struct{…}` - `OperatingSystem OSVersionInputOperatingSystem` Operating System. - `const OSVersionInputOperatingSystemWindows OSVersionInputOperatingSystem = "windows"` - `Operator OSVersionInputOperator` Operator. - `const OSVersionInputOperatorLess OSVersionInputOperator = "<"` - `const OSVersionInputOperatorLessOrEquals OSVersionInputOperator = "<="` - `const OSVersionInputOperatorGreater OSVersionInputOperator = ">"` - `const OSVersionInputOperatorGreaterOrEquals OSVersionInputOperator = ">="` - `const OSVersionInputOperatorEquals OSVersionInputOperator = "=="` - `Version string` Version of OS. - `OSDistroName string` Operating System Distribution Name (linux only). - `OSDistroRevision string` Version of OS Distribution (linux only). - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `type FirewallInput struct{…}` - `Enabled bool` Enabled. - `OperatingSystem FirewallInputOperatingSystem` Operating System. - `const FirewallInputOperatingSystemWindows FirewallInputOperatingSystem = "windows"` - `const FirewallInputOperatingSystemMac FirewallInputOperatingSystem = "mac"` - `type SentineloneInput struct{…}` - `OperatingSystem SentineloneInputOperatingSystem` Operating system. - `const SentineloneInputOperatingSystemWindows SentineloneInputOperatingSystem = "windows"` - `const SentineloneInputOperatingSystemLinux SentineloneInputOperatingSystem = "linux"` - `const SentineloneInputOperatingSystemMac SentineloneInputOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesCarbonblackInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemWindows DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemLinux DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemMac DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesAccessSerialNumberListInputRequest struct{…}` - `ID string` UUID of Access List. - `type DiskEncryptionInput struct{…}` - `CheckDisks []CarbonblackInput` List of volume names to be checked for encryption. - `RequireAll bool` Whether to check all disks for encryption. - `type DeviceInputTeamsDevicesApplicationInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemWindows DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemLinux DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemMac DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "mac"` - `Path string` Path for the application. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type ClientCertificateInput struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `Cn string` Common Name that is protected by the certificate. - `type DeviceInputTeamsDevicesClientCertificateV2InputRequest struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `CheckPrivateKey bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `OperatingSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemWindows DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemLinux DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemMac DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "mac"` - `Cn string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `ExtendedKeyUsage []DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage` List of values indicating purposes for which the certificate public key can be used. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageClientAuth DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "clientAuth"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageEmailProtection DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "emailProtection"` - `Locations DeviceInputTeamsDevicesClientCertificateV2InputRequestLocations` - `Paths []string` List of paths to check for client certificate on linux. - `TrustStores []DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore` List of trust stores to check for client certificate. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "system"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreUser DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "user"` - `SubjectAlternativeNames []string` List of certificate Subject Alternative Names. - `type DeviceInputTeamsDevicesAntivirusInputRequest struct{…}` - `UpdateWindowDays float64` Number of days that the antivirus should be updated within. - `type WorkspaceOneInput struct{…}` - `ComplianceStatus WorkspaceOneInputComplianceStatus` Compliance Status. - `const WorkspaceOneInputComplianceStatusCompliant WorkspaceOneInputComplianceStatus = "compliant"` - `const WorkspaceOneInputComplianceStatusNoncompliant WorkspaceOneInputComplianceStatus = "noncompliant"` - `const WorkspaceOneInputComplianceStatusUnknown WorkspaceOneInputComplianceStatus = "unknown"` - `ConnectionID string` Posture Integration ID. - `type CrowdstrikeInput struct{…}` - `ConnectionID string` Posture Integration ID. - `LastSeen string` For more details on last seen, please refer to the Crowdstrike documentation. - `Operator CrowdstrikeInputOperator` Operator. - `const CrowdstrikeInputOperatorLess CrowdstrikeInputOperator = "<"` - `const CrowdstrikeInputOperatorLessOrEquals CrowdstrikeInputOperator = "<="` - `const CrowdstrikeInputOperatorGreater CrowdstrikeInputOperator = ">"` - `const CrowdstrikeInputOperatorGreaterOrEquals CrowdstrikeInputOperator = ">="` - `const CrowdstrikeInputOperatorEquals CrowdstrikeInputOperator = "=="` - `OS string` Os Version. - `Overall string` Overall. - `SensorConfig string` SensorConfig. - `State CrowdstrikeInputState` For more details on state, please refer to the Crowdstrike documentation. - `const CrowdstrikeInputStateOnline CrowdstrikeInputState = "online"` - `const CrowdstrikeInputStateOffline CrowdstrikeInputState = "offline"` - `const CrowdstrikeInputStateUnknown CrowdstrikeInputState = "unknown"` - `Version string` Version. - `VersionOperator CrowdstrikeInputVersionOperator` Version Operator. - `const CrowdstrikeInputVersionOperatorLess CrowdstrikeInputVersionOperator = "<"` - `const CrowdstrikeInputVersionOperatorLessOrEquals CrowdstrikeInputVersionOperator = "<="` - `const CrowdstrikeInputVersionOperatorGreater CrowdstrikeInputVersionOperator = ">"` - `const CrowdstrikeInputVersionOperatorGreaterOrEquals CrowdstrikeInputVersionOperator = ">="` - `const CrowdstrikeInputVersionOperatorEquals CrowdstrikeInputVersionOperator = "=="` - `type IntuneInput struct{…}` - `ComplianceStatus IntuneInputComplianceStatus` Compliance Status. - `const IntuneInputComplianceStatusCompliant IntuneInputComplianceStatus = "compliant"` - `const IntuneInputComplianceStatusNoncompliant IntuneInputComplianceStatus = "noncompliant"` - `const IntuneInputComplianceStatusUnknown IntuneInputComplianceStatus = "unknown"` - `const IntuneInputComplianceStatusNotapplicable IntuneInputComplianceStatus = "notapplicable"` - `const IntuneInputComplianceStatusIngraceperiod IntuneInputComplianceStatus = "ingraceperiod"` - `const IntuneInputComplianceStatusError IntuneInputComplianceStatus = "error"` - `ConnectionID string` Posture Integration ID. - `type KolideInput struct{…}` - `ConnectionID string` Posture Integration ID. - `CountOperator KolideInputCountOperator` Count Operator. - `const KolideInputCountOperatorLess KolideInputCountOperator = "<"` - `const KolideInputCountOperatorLessOrEquals KolideInputCountOperator = "<="` - `const KolideInputCountOperatorGreater KolideInputCountOperator = ">"` - `const KolideInputCountOperatorGreaterOrEquals KolideInputCountOperator = ">="` - `const KolideInputCountOperatorEquals KolideInputCountOperator = "=="` - `IssueCount string` The Number of Issues. - `type TaniumInput struct{…}` - `ConnectionID string` Posture Integration ID. - `EidLastSeen string` For more details on eid last seen, refer to the Tanium documentation. - `Operator TaniumInputOperator` Operator to evaluate risk_level or eid_last_seen. - `const TaniumInputOperatorLess TaniumInputOperator = "<"` - `const TaniumInputOperatorLessOrEquals TaniumInputOperator = "<="` - `const TaniumInputOperatorGreater TaniumInputOperator = ">"` - `const TaniumInputOperatorGreaterOrEquals TaniumInputOperator = ">="` - `const TaniumInputOperatorEquals TaniumInputOperator = "=="` - `RiskLevel TaniumInputRiskLevel` For more details on risk level, refer to the Tanium documentation. - `const TaniumInputRiskLevelLow TaniumInputRiskLevel = "low"` - `const TaniumInputRiskLevelMedium TaniumInputRiskLevel = "medium"` - `const TaniumInputRiskLevelHigh TaniumInputRiskLevel = "high"` - `const TaniumInputRiskLevelCritical TaniumInputRiskLevel = "critical"` - `ScoreOperator TaniumInputScoreOperator` Score Operator. - `const TaniumInputScoreOperatorLess TaniumInputScoreOperator = "<"` - `const TaniumInputScoreOperatorLessOrEquals TaniumInputScoreOperator = "<="` - `const TaniumInputScoreOperatorGreater TaniumInputScoreOperator = ">"` - `const TaniumInputScoreOperatorGreaterOrEquals TaniumInputScoreOperator = ">="` - `const TaniumInputScoreOperatorEquals TaniumInputScoreOperator = "=="` - `TotalScore float64` For more details on total score, refer to the Tanium documentation. - `type SentineloneS2sInput struct{…}` - `ConnectionID string` Posture Integration ID. - `ActiveThreats float64` The Number of active threats. - `Infected bool` Whether device is infected. - `IsActive bool` Whether device is active. - `NetworkStatus SentineloneS2sInputNetworkStatus` Network status of device. - `const SentineloneS2sInputNetworkStatusConnected SentineloneS2sInputNetworkStatus = "connected"` - `const SentineloneS2sInputNetworkStatusDisconnected SentineloneS2sInputNetworkStatus = "disconnected"` - `const SentineloneS2sInputNetworkStatusDisconnecting SentineloneS2sInputNetworkStatus = "disconnecting"` - `const SentineloneS2sInputNetworkStatusConnecting SentineloneS2sInputNetworkStatus = "connecting"` - `OperationalState SentineloneS2sInputOperationalState` Agent operational state. - `const SentineloneS2sInputOperationalStateNa SentineloneS2sInputOperationalState = "na"` - `const SentineloneS2sInputOperationalStatePartiallyDisabled SentineloneS2sInputOperationalState = "partially_disabled"` - `const SentineloneS2sInputOperationalStateAutoFullyDisabled SentineloneS2sInputOperationalState = "auto_fully_disabled"` - `const SentineloneS2sInputOperationalStateFullyDisabled SentineloneS2sInputOperationalState = "fully_disabled"` - `const SentineloneS2sInputOperationalStateAutoPartiallyDisabled SentineloneS2sInputOperationalState = "auto_partially_disabled"` - `const SentineloneS2sInputOperationalStateDisabledError SentineloneS2sInputOperationalState = "disabled_error"` - `const SentineloneS2sInputOperationalStateDBCorruption SentineloneS2sInputOperationalState = "db_corruption"` - `Operator SentineloneS2sInputOperator` Operator. - `const SentineloneS2sInputOperatorLess SentineloneS2sInputOperator = "<"` - `const SentineloneS2sInputOperatorLessOrEquals SentineloneS2sInputOperator = "<="` - `const SentineloneS2sInputOperatorGreater SentineloneS2sInputOperator = ">"` - `const SentineloneS2sInputOperatorGreaterOrEquals SentineloneS2sInputOperator = ">="` - `const SentineloneS2sInputOperatorEquals SentineloneS2sInputOperator = "=="` - `type DeviceInputTeamsDevicesCustomS2sInputRequest struct{…}` - `ConnectionID string` Posture Integration ID. - `Operator DeviceInputTeamsDevicesCustomS2sInputRequestOperator` Operator. - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLess DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLessOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreater DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreaterOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "=="` - `Score float64` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `Match []DeviceMatch` The conditions that the client must match to run the rule. - `Platform DeviceMatchPlatform` - `const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"` - `const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"` - `const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"` - `const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"` - `const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"` - `const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"` - `Name string` The name of the device posture rule. - `Schedule string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `Type DevicePostureRuleType` The type of device posture rule. - `const DevicePostureRuleTypeFile DevicePostureRuleType = "file"` - `const DevicePostureRuleTypeApplication DevicePostureRuleType = "application"` - `const DevicePostureRuleTypeTanium DevicePostureRuleType = "tanium"` - `const DevicePostureRuleTypeGateway DevicePostureRuleType = "gateway"` - `const DevicePostureRuleTypeWARP DevicePostureRuleType = "warp"` - `const DevicePostureRuleTypeDiskEncryption DevicePostureRuleType = "disk_encryption"` - `const DevicePostureRuleTypeSerialNumber DevicePostureRuleType = "serial_number"` - `const DevicePostureRuleTypeSentinelone DevicePostureRuleType = "sentinelone"` - `const DevicePostureRuleTypeCarbonblack DevicePostureRuleType = "carbonblack"` - `const DevicePostureRuleTypeFirewall DevicePostureRuleType = "firewall"` - `const DevicePostureRuleTypeOSVersion DevicePostureRuleType = "os_version"` - `const DevicePostureRuleTypeDomainJoined DevicePostureRuleType = "domain_joined"` - `const DevicePostureRuleTypeClientCertificate DevicePostureRuleType = "client_certificate"` - `const DevicePostureRuleTypeClientCertificateV2 DevicePostureRuleType = "client_certificate_v2"` - `const DevicePostureRuleTypeAntivirus DevicePostureRuleType = "antivirus"` - `const DevicePostureRuleTypeUniqueClientID DevicePostureRuleType = "unique_client_id"` - `const DevicePostureRuleTypeKolide DevicePostureRuleType = "kolide"` - `const DevicePostureRuleTypeTaniumS2s DevicePostureRuleType = "tanium_s2s"` - `const DevicePostureRuleTypeCrowdstrikeS2s DevicePostureRuleType = "crowdstrike_s2s"` - `const DevicePostureRuleTypeIntune DevicePostureRuleType = "intune"` - `const DevicePostureRuleTypeWorkspaceOne DevicePostureRuleType = "workspace_one"` - `const DevicePostureRuleTypeSentineloneS2s DevicePostureRuleType = "sentinelone_s2s"` - `const DevicePostureRuleTypeCustomS2s DevicePostureRuleType = "custom_s2s"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) devicePostureRule, err := client.ZeroTrust.Devices.Posture.Update( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePostureUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Name: cloudflare.F("Admin Serial Numbers"), Type: cloudflare.F(zero_trust.DevicePostureUpdateParamsTypeFile), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", devicePostureRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Delete a device posture rule `client.ZeroTrust.Devices.Posture.Delete(ctx, ruleID, body) (*DevicePostureDeleteResponse, error)` **delete** `/accounts/{account_id}/devices/posture/{rule_id}` Deletes a device posture rule. ### Parameters - `ruleID string` API UUID. - `body DevicePostureDeleteParams` - `AccountID param.Field[string]` ### Returns - `type DevicePostureDeleteResponse struct{…}` - `ID string` API UUID. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) posture, err := client.ZeroTrust.Devices.Posture.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePostureDeleteParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", posture.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### Carbonblack Input - `type CarbonblackInput string` ### Client Certificate Input - `type ClientCertificateInput struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `Cn string` Common Name that is protected by the certificate. ### Crowdstrike Input - `type CrowdstrikeInput struct{…}` - `ConnectionID string` Posture Integration ID. - `LastSeen string` For more details on last seen, please refer to the Crowdstrike documentation. - `Operator CrowdstrikeInputOperator` Operator. - `const CrowdstrikeInputOperatorLess CrowdstrikeInputOperator = "<"` - `const CrowdstrikeInputOperatorLessOrEquals CrowdstrikeInputOperator = "<="` - `const CrowdstrikeInputOperatorGreater CrowdstrikeInputOperator = ">"` - `const CrowdstrikeInputOperatorGreaterOrEquals CrowdstrikeInputOperator = ">="` - `const CrowdstrikeInputOperatorEquals CrowdstrikeInputOperator = "=="` - `OS string` Os Version. - `Overall string` Overall. - `SensorConfig string` SensorConfig. - `State CrowdstrikeInputState` For more details on state, please refer to the Crowdstrike documentation. - `const CrowdstrikeInputStateOnline CrowdstrikeInputState = "online"` - `const CrowdstrikeInputStateOffline CrowdstrikeInputState = "offline"` - `const CrowdstrikeInputStateUnknown CrowdstrikeInputState = "unknown"` - `Version string` Version. - `VersionOperator CrowdstrikeInputVersionOperator` Version Operator. - `const CrowdstrikeInputVersionOperatorLess CrowdstrikeInputVersionOperator = "<"` - `const CrowdstrikeInputVersionOperatorLessOrEquals CrowdstrikeInputVersionOperator = "<="` - `const CrowdstrikeInputVersionOperatorGreater CrowdstrikeInputVersionOperator = ">"` - `const CrowdstrikeInputVersionOperatorGreaterOrEquals CrowdstrikeInputVersionOperator = ">="` - `const CrowdstrikeInputVersionOperatorEquals CrowdstrikeInputVersionOperator = "=="` ### Device Input - `type DeviceInput interface{…}` The value to be checked against. - `type FileInput struct{…}` - `OperatingSystem FileInputOperatingSystem` Operating system. - `const FileInputOperatingSystemWindows FileInputOperatingSystem = "windows"` - `const FileInputOperatingSystemLinux FileInputOperatingSystem = "linux"` - `const FileInputOperatingSystemMac FileInputOperatingSystem = "mac"` - `Path string` File path. - `Exists bool` Whether or not file exists. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type UniqueClientIDInput struct{…}` - `ID string` List ID. - `OperatingSystem UniqueClientIDInputOperatingSystem` Operating System. - `const UniqueClientIDInputOperatingSystemAndroid UniqueClientIDInputOperatingSystem = "android"` - `const UniqueClientIDInputOperatingSystemIos UniqueClientIDInputOperatingSystem = "ios"` - `const UniqueClientIDInputOperatingSystemChromeos UniqueClientIDInputOperatingSystem = "chromeos"` - `type DomainJoinedInput struct{…}` - `OperatingSystem DomainJoinedInputOperatingSystem` Operating System. - `const DomainJoinedInputOperatingSystemWindows DomainJoinedInputOperatingSystem = "windows"` - `Domain string` Domain. - `type OSVersionInput struct{…}` - `OperatingSystem OSVersionInputOperatingSystem` Operating System. - `const OSVersionInputOperatingSystemWindows OSVersionInputOperatingSystem = "windows"` - `Operator OSVersionInputOperator` Operator. - `const OSVersionInputOperatorLess OSVersionInputOperator = "<"` - `const OSVersionInputOperatorLessOrEquals OSVersionInputOperator = "<="` - `const OSVersionInputOperatorGreater OSVersionInputOperator = ">"` - `const OSVersionInputOperatorGreaterOrEquals OSVersionInputOperator = ">="` - `const OSVersionInputOperatorEquals OSVersionInputOperator = "=="` - `Version string` Version of OS. - `OSDistroName string` Operating System Distribution Name (linux only). - `OSDistroRevision string` Version of OS Distribution (linux only). - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `type FirewallInput struct{…}` - `Enabled bool` Enabled. - `OperatingSystem FirewallInputOperatingSystem` Operating System. - `const FirewallInputOperatingSystemWindows FirewallInputOperatingSystem = "windows"` - `const FirewallInputOperatingSystemMac FirewallInputOperatingSystem = "mac"` - `type SentineloneInput struct{…}` - `OperatingSystem SentineloneInputOperatingSystem` Operating system. - `const SentineloneInputOperatingSystemWindows SentineloneInputOperatingSystem = "windows"` - `const SentineloneInputOperatingSystemLinux SentineloneInputOperatingSystem = "linux"` - `const SentineloneInputOperatingSystemMac SentineloneInputOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesCarbonblackInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemWindows DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemLinux DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemMac DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesAccessSerialNumberListInputRequest struct{…}` - `ID string` UUID of Access List. - `type DiskEncryptionInput struct{…}` - `CheckDisks []CarbonblackInput` List of volume names to be checked for encryption. - `RequireAll bool` Whether to check all disks for encryption. - `type DeviceInputTeamsDevicesApplicationInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemWindows DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemLinux DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemMac DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "mac"` - `Path string` Path for the application. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type ClientCertificateInput struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `Cn string` Common Name that is protected by the certificate. - `type DeviceInputTeamsDevicesClientCertificateV2InputRequest struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `CheckPrivateKey bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `OperatingSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemWindows DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemLinux DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemMac DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "mac"` - `Cn string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `ExtendedKeyUsage []DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage` List of values indicating purposes for which the certificate public key can be used. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageClientAuth DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "clientAuth"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageEmailProtection DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "emailProtection"` - `Locations DeviceInputTeamsDevicesClientCertificateV2InputRequestLocations` - `Paths []string` List of paths to check for client certificate on linux. - `TrustStores []DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore` List of trust stores to check for client certificate. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "system"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreUser DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "user"` - `SubjectAlternativeNames []string` List of certificate Subject Alternative Names. - `type DeviceInputTeamsDevicesAntivirusInputRequest struct{…}` - `UpdateWindowDays float64` Number of days that the antivirus should be updated within. - `type WorkspaceOneInput struct{…}` - `ComplianceStatus WorkspaceOneInputComplianceStatus` Compliance Status. - `const WorkspaceOneInputComplianceStatusCompliant WorkspaceOneInputComplianceStatus = "compliant"` - `const WorkspaceOneInputComplianceStatusNoncompliant WorkspaceOneInputComplianceStatus = "noncompliant"` - `const WorkspaceOneInputComplianceStatusUnknown WorkspaceOneInputComplianceStatus = "unknown"` - `ConnectionID string` Posture Integration ID. - `type CrowdstrikeInput struct{…}` - `ConnectionID string` Posture Integration ID. - `LastSeen string` For more details on last seen, please refer to the Crowdstrike documentation. - `Operator CrowdstrikeInputOperator` Operator. - `const CrowdstrikeInputOperatorLess CrowdstrikeInputOperator = "<"` - `const CrowdstrikeInputOperatorLessOrEquals CrowdstrikeInputOperator = "<="` - `const CrowdstrikeInputOperatorGreater CrowdstrikeInputOperator = ">"` - `const CrowdstrikeInputOperatorGreaterOrEquals CrowdstrikeInputOperator = ">="` - `const CrowdstrikeInputOperatorEquals CrowdstrikeInputOperator = "=="` - `OS string` Os Version. - `Overall string` Overall. - `SensorConfig string` SensorConfig. - `State CrowdstrikeInputState` For more details on state, please refer to the Crowdstrike documentation. - `const CrowdstrikeInputStateOnline CrowdstrikeInputState = "online"` - `const CrowdstrikeInputStateOffline CrowdstrikeInputState = "offline"` - `const CrowdstrikeInputStateUnknown CrowdstrikeInputState = "unknown"` - `Version string` Version. - `VersionOperator CrowdstrikeInputVersionOperator` Version Operator. - `const CrowdstrikeInputVersionOperatorLess CrowdstrikeInputVersionOperator = "<"` - `const CrowdstrikeInputVersionOperatorLessOrEquals CrowdstrikeInputVersionOperator = "<="` - `const CrowdstrikeInputVersionOperatorGreater CrowdstrikeInputVersionOperator = ">"` - `const CrowdstrikeInputVersionOperatorGreaterOrEquals CrowdstrikeInputVersionOperator = ">="` - `const CrowdstrikeInputVersionOperatorEquals CrowdstrikeInputVersionOperator = "=="` - `type IntuneInput struct{…}` - `ComplianceStatus IntuneInputComplianceStatus` Compliance Status. - `const IntuneInputComplianceStatusCompliant IntuneInputComplianceStatus = "compliant"` - `const IntuneInputComplianceStatusNoncompliant IntuneInputComplianceStatus = "noncompliant"` - `const IntuneInputComplianceStatusUnknown IntuneInputComplianceStatus = "unknown"` - `const IntuneInputComplianceStatusNotapplicable IntuneInputComplianceStatus = "notapplicable"` - `const IntuneInputComplianceStatusIngraceperiod IntuneInputComplianceStatus = "ingraceperiod"` - `const IntuneInputComplianceStatusError IntuneInputComplianceStatus = "error"` - `ConnectionID string` Posture Integration ID. - `type KolideInput struct{…}` - `ConnectionID string` Posture Integration ID. - `CountOperator KolideInputCountOperator` Count Operator. - `const KolideInputCountOperatorLess KolideInputCountOperator = "<"` - `const KolideInputCountOperatorLessOrEquals KolideInputCountOperator = "<="` - `const KolideInputCountOperatorGreater KolideInputCountOperator = ">"` - `const KolideInputCountOperatorGreaterOrEquals KolideInputCountOperator = ">="` - `const KolideInputCountOperatorEquals KolideInputCountOperator = "=="` - `IssueCount string` The Number of Issues. - `type TaniumInput struct{…}` - `ConnectionID string` Posture Integration ID. - `EidLastSeen string` For more details on eid last seen, refer to the Tanium documentation. - `Operator TaniumInputOperator` Operator to evaluate risk_level or eid_last_seen. - `const TaniumInputOperatorLess TaniumInputOperator = "<"` - `const TaniumInputOperatorLessOrEquals TaniumInputOperator = "<="` - `const TaniumInputOperatorGreater TaniumInputOperator = ">"` - `const TaniumInputOperatorGreaterOrEquals TaniumInputOperator = ">="` - `const TaniumInputOperatorEquals TaniumInputOperator = "=="` - `RiskLevel TaniumInputRiskLevel` For more details on risk level, refer to the Tanium documentation. - `const TaniumInputRiskLevelLow TaniumInputRiskLevel = "low"` - `const TaniumInputRiskLevelMedium TaniumInputRiskLevel = "medium"` - `const TaniumInputRiskLevelHigh TaniumInputRiskLevel = "high"` - `const TaniumInputRiskLevelCritical TaniumInputRiskLevel = "critical"` - `ScoreOperator TaniumInputScoreOperator` Score Operator. - `const TaniumInputScoreOperatorLess TaniumInputScoreOperator = "<"` - `const TaniumInputScoreOperatorLessOrEquals TaniumInputScoreOperator = "<="` - `const TaniumInputScoreOperatorGreater TaniumInputScoreOperator = ">"` - `const TaniumInputScoreOperatorGreaterOrEquals TaniumInputScoreOperator = ">="` - `const TaniumInputScoreOperatorEquals TaniumInputScoreOperator = "=="` - `TotalScore float64` For more details on total score, refer to the Tanium documentation. - `type SentineloneS2sInput struct{…}` - `ConnectionID string` Posture Integration ID. - `ActiveThreats float64` The Number of active threats. - `Infected bool` Whether device is infected. - `IsActive bool` Whether device is active. - `NetworkStatus SentineloneS2sInputNetworkStatus` Network status of device. - `const SentineloneS2sInputNetworkStatusConnected SentineloneS2sInputNetworkStatus = "connected"` - `const SentineloneS2sInputNetworkStatusDisconnected SentineloneS2sInputNetworkStatus = "disconnected"` - `const SentineloneS2sInputNetworkStatusDisconnecting SentineloneS2sInputNetworkStatus = "disconnecting"` - `const SentineloneS2sInputNetworkStatusConnecting SentineloneS2sInputNetworkStatus = "connecting"` - `OperationalState SentineloneS2sInputOperationalState` Agent operational state. - `const SentineloneS2sInputOperationalStateNa SentineloneS2sInputOperationalState = "na"` - `const SentineloneS2sInputOperationalStatePartiallyDisabled SentineloneS2sInputOperationalState = "partially_disabled"` - `const SentineloneS2sInputOperationalStateAutoFullyDisabled SentineloneS2sInputOperationalState = "auto_fully_disabled"` - `const SentineloneS2sInputOperationalStateFullyDisabled SentineloneS2sInputOperationalState = "fully_disabled"` - `const SentineloneS2sInputOperationalStateAutoPartiallyDisabled SentineloneS2sInputOperationalState = "auto_partially_disabled"` - `const SentineloneS2sInputOperationalStateDisabledError SentineloneS2sInputOperationalState = "disabled_error"` - `const SentineloneS2sInputOperationalStateDBCorruption SentineloneS2sInputOperationalState = "db_corruption"` - `Operator SentineloneS2sInputOperator` Operator. - `const SentineloneS2sInputOperatorLess SentineloneS2sInputOperator = "<"` - `const SentineloneS2sInputOperatorLessOrEquals SentineloneS2sInputOperator = "<="` - `const SentineloneS2sInputOperatorGreater SentineloneS2sInputOperator = ">"` - `const SentineloneS2sInputOperatorGreaterOrEquals SentineloneS2sInputOperator = ">="` - `const SentineloneS2sInputOperatorEquals SentineloneS2sInputOperator = "=="` - `type DeviceInputTeamsDevicesCustomS2sInputRequest struct{…}` - `ConnectionID string` Posture Integration ID. - `Operator DeviceInputTeamsDevicesCustomS2sInputRequestOperator` Operator. - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLess DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLessOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreater DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreaterOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "=="` - `Score float64` A value between 0-100 assigned to devices set by the 3rd party posture provider. ### Device Match - `type DeviceMatch struct{…}` - `Platform DeviceMatchPlatform` - `const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"` - `const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"` - `const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"` - `const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"` - `const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"` - `const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"` ### Device Posture Rule - `type DevicePostureRule struct{…}` - `ID string` API UUID. - `Description string` The description of the device posture rule. - `Expiration string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `Input DeviceInput` The value to be checked against. - `type FileInput struct{…}` - `OperatingSystem FileInputOperatingSystem` Operating system. - `const FileInputOperatingSystemWindows FileInputOperatingSystem = "windows"` - `const FileInputOperatingSystemLinux FileInputOperatingSystem = "linux"` - `const FileInputOperatingSystemMac FileInputOperatingSystem = "mac"` - `Path string` File path. - `Exists bool` Whether or not file exists. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type UniqueClientIDInput struct{…}` - `ID string` List ID. - `OperatingSystem UniqueClientIDInputOperatingSystem` Operating System. - `const UniqueClientIDInputOperatingSystemAndroid UniqueClientIDInputOperatingSystem = "android"` - `const UniqueClientIDInputOperatingSystemIos UniqueClientIDInputOperatingSystem = "ios"` - `const UniqueClientIDInputOperatingSystemChromeos UniqueClientIDInputOperatingSystem = "chromeos"` - `type DomainJoinedInput struct{…}` - `OperatingSystem DomainJoinedInputOperatingSystem` Operating System. - `const DomainJoinedInputOperatingSystemWindows DomainJoinedInputOperatingSystem = "windows"` - `Domain string` Domain. - `type OSVersionInput struct{…}` - `OperatingSystem OSVersionInputOperatingSystem` Operating System. - `const OSVersionInputOperatingSystemWindows OSVersionInputOperatingSystem = "windows"` - `Operator OSVersionInputOperator` Operator. - `const OSVersionInputOperatorLess OSVersionInputOperator = "<"` - `const OSVersionInputOperatorLessOrEquals OSVersionInputOperator = "<="` - `const OSVersionInputOperatorGreater OSVersionInputOperator = ">"` - `const OSVersionInputOperatorGreaterOrEquals OSVersionInputOperator = ">="` - `const OSVersionInputOperatorEquals OSVersionInputOperator = "=="` - `Version string` Version of OS. - `OSDistroName string` Operating System Distribution Name (linux only). - `OSDistroRevision string` Version of OS Distribution (linux only). - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `type FirewallInput struct{…}` - `Enabled bool` Enabled. - `OperatingSystem FirewallInputOperatingSystem` Operating System. - `const FirewallInputOperatingSystemWindows FirewallInputOperatingSystem = "windows"` - `const FirewallInputOperatingSystemMac FirewallInputOperatingSystem = "mac"` - `type SentineloneInput struct{…}` - `OperatingSystem SentineloneInputOperatingSystem` Operating system. - `const SentineloneInputOperatingSystemWindows SentineloneInputOperatingSystem = "windows"` - `const SentineloneInputOperatingSystemLinux SentineloneInputOperatingSystem = "linux"` - `const SentineloneInputOperatingSystemMac SentineloneInputOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesCarbonblackInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemWindows DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemLinux DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystemMac DeviceInputTeamsDevicesCarbonblackInputRequestOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type DeviceInputTeamsDevicesAccessSerialNumberListInputRequest struct{…}` - `ID string` UUID of Access List. - `type DiskEncryptionInput struct{…}` - `CheckDisks []CarbonblackInput` List of volume names to be checked for encryption. - `RequireAll bool` Whether to check all disks for encryption. - `type DeviceInputTeamsDevicesApplicationInputRequest struct{…}` - `OperatingSystem DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemWindows DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemLinux DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesApplicationInputRequestOperatingSystemMac DeviceInputTeamsDevicesApplicationInputRequestOperatingSystem = "mac"` - `Path string` Path for the application. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. - `type ClientCertificateInput struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `Cn string` Common Name that is protected by the certificate. - `type DeviceInputTeamsDevicesClientCertificateV2InputRequest struct{…}` - `CertificateID string` UUID of Cloudflare managed certificate. - `CheckPrivateKey bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `OperatingSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem` Operating system. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemWindows DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "windows"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemLinux DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "linux"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystemMac DeviceInputTeamsDevicesClientCertificateV2InputRequestOperatingSystem = "mac"` - `Cn string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `ExtendedKeyUsage []DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage` List of values indicating purposes for which the certificate public key can be used. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageClientAuth DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "clientAuth"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsageEmailProtection DeviceInputTeamsDevicesClientCertificateV2InputRequestExtendedKeyUsage = "emailProtection"` - `Locations DeviceInputTeamsDevicesClientCertificateV2InputRequestLocations` - `Paths []string` List of paths to check for client certificate on linux. - `TrustStores []DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore` List of trust stores to check for client certificate. - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreSystem DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "system"` - `const DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStoreUser DeviceInputTeamsDevicesClientCertificateV2InputRequestLocationsTrustStore = "user"` - `SubjectAlternativeNames []string` List of certificate Subject Alternative Names. - `type DeviceInputTeamsDevicesAntivirusInputRequest struct{…}` - `UpdateWindowDays float64` Number of days that the antivirus should be updated within. - `type WorkspaceOneInput struct{…}` - `ComplianceStatus WorkspaceOneInputComplianceStatus` Compliance Status. - `const WorkspaceOneInputComplianceStatusCompliant WorkspaceOneInputComplianceStatus = "compliant"` - `const WorkspaceOneInputComplianceStatusNoncompliant WorkspaceOneInputComplianceStatus = "noncompliant"` - `const WorkspaceOneInputComplianceStatusUnknown WorkspaceOneInputComplianceStatus = "unknown"` - `ConnectionID string` Posture Integration ID. - `type CrowdstrikeInput struct{…}` - `ConnectionID string` Posture Integration ID. - `LastSeen string` For more details on last seen, please refer to the Crowdstrike documentation. - `Operator CrowdstrikeInputOperator` Operator. - `const CrowdstrikeInputOperatorLess CrowdstrikeInputOperator = "<"` - `const CrowdstrikeInputOperatorLessOrEquals CrowdstrikeInputOperator = "<="` - `const CrowdstrikeInputOperatorGreater CrowdstrikeInputOperator = ">"` - `const CrowdstrikeInputOperatorGreaterOrEquals CrowdstrikeInputOperator = ">="` - `const CrowdstrikeInputOperatorEquals CrowdstrikeInputOperator = "=="` - `OS string` Os Version. - `Overall string` Overall. - `SensorConfig string` SensorConfig. - `State CrowdstrikeInputState` For more details on state, please refer to the Crowdstrike documentation. - `const CrowdstrikeInputStateOnline CrowdstrikeInputState = "online"` - `const CrowdstrikeInputStateOffline CrowdstrikeInputState = "offline"` - `const CrowdstrikeInputStateUnknown CrowdstrikeInputState = "unknown"` - `Version string` Version. - `VersionOperator CrowdstrikeInputVersionOperator` Version Operator. - `const CrowdstrikeInputVersionOperatorLess CrowdstrikeInputVersionOperator = "<"` - `const CrowdstrikeInputVersionOperatorLessOrEquals CrowdstrikeInputVersionOperator = "<="` - `const CrowdstrikeInputVersionOperatorGreater CrowdstrikeInputVersionOperator = ">"` - `const CrowdstrikeInputVersionOperatorGreaterOrEquals CrowdstrikeInputVersionOperator = ">="` - `const CrowdstrikeInputVersionOperatorEquals CrowdstrikeInputVersionOperator = "=="` - `type IntuneInput struct{…}` - `ComplianceStatus IntuneInputComplianceStatus` Compliance Status. - `const IntuneInputComplianceStatusCompliant IntuneInputComplianceStatus = "compliant"` - `const IntuneInputComplianceStatusNoncompliant IntuneInputComplianceStatus = "noncompliant"` - `const IntuneInputComplianceStatusUnknown IntuneInputComplianceStatus = "unknown"` - `const IntuneInputComplianceStatusNotapplicable IntuneInputComplianceStatus = "notapplicable"` - `const IntuneInputComplianceStatusIngraceperiod IntuneInputComplianceStatus = "ingraceperiod"` - `const IntuneInputComplianceStatusError IntuneInputComplianceStatus = "error"` - `ConnectionID string` Posture Integration ID. - `type KolideInput struct{…}` - `ConnectionID string` Posture Integration ID. - `CountOperator KolideInputCountOperator` Count Operator. - `const KolideInputCountOperatorLess KolideInputCountOperator = "<"` - `const KolideInputCountOperatorLessOrEquals KolideInputCountOperator = "<="` - `const KolideInputCountOperatorGreater KolideInputCountOperator = ">"` - `const KolideInputCountOperatorGreaterOrEquals KolideInputCountOperator = ">="` - `const KolideInputCountOperatorEquals KolideInputCountOperator = "=="` - `IssueCount string` The Number of Issues. - `type TaniumInput struct{…}` - `ConnectionID string` Posture Integration ID. - `EidLastSeen string` For more details on eid last seen, refer to the Tanium documentation. - `Operator TaniumInputOperator` Operator to evaluate risk_level or eid_last_seen. - `const TaniumInputOperatorLess TaniumInputOperator = "<"` - `const TaniumInputOperatorLessOrEquals TaniumInputOperator = "<="` - `const TaniumInputOperatorGreater TaniumInputOperator = ">"` - `const TaniumInputOperatorGreaterOrEquals TaniumInputOperator = ">="` - `const TaniumInputOperatorEquals TaniumInputOperator = "=="` - `RiskLevel TaniumInputRiskLevel` For more details on risk level, refer to the Tanium documentation. - `const TaniumInputRiskLevelLow TaniumInputRiskLevel = "low"` - `const TaniumInputRiskLevelMedium TaniumInputRiskLevel = "medium"` - `const TaniumInputRiskLevelHigh TaniumInputRiskLevel = "high"` - `const TaniumInputRiskLevelCritical TaniumInputRiskLevel = "critical"` - `ScoreOperator TaniumInputScoreOperator` Score Operator. - `const TaniumInputScoreOperatorLess TaniumInputScoreOperator = "<"` - `const TaniumInputScoreOperatorLessOrEquals TaniumInputScoreOperator = "<="` - `const TaniumInputScoreOperatorGreater TaniumInputScoreOperator = ">"` - `const TaniumInputScoreOperatorGreaterOrEquals TaniumInputScoreOperator = ">="` - `const TaniumInputScoreOperatorEquals TaniumInputScoreOperator = "=="` - `TotalScore float64` For more details on total score, refer to the Tanium documentation. - `type SentineloneS2sInput struct{…}` - `ConnectionID string` Posture Integration ID. - `ActiveThreats float64` The Number of active threats. - `Infected bool` Whether device is infected. - `IsActive bool` Whether device is active. - `NetworkStatus SentineloneS2sInputNetworkStatus` Network status of device. - `const SentineloneS2sInputNetworkStatusConnected SentineloneS2sInputNetworkStatus = "connected"` - `const SentineloneS2sInputNetworkStatusDisconnected SentineloneS2sInputNetworkStatus = "disconnected"` - `const SentineloneS2sInputNetworkStatusDisconnecting SentineloneS2sInputNetworkStatus = "disconnecting"` - `const SentineloneS2sInputNetworkStatusConnecting SentineloneS2sInputNetworkStatus = "connecting"` - `OperationalState SentineloneS2sInputOperationalState` Agent operational state. - `const SentineloneS2sInputOperationalStateNa SentineloneS2sInputOperationalState = "na"` - `const SentineloneS2sInputOperationalStatePartiallyDisabled SentineloneS2sInputOperationalState = "partially_disabled"` - `const SentineloneS2sInputOperationalStateAutoFullyDisabled SentineloneS2sInputOperationalState = "auto_fully_disabled"` - `const SentineloneS2sInputOperationalStateFullyDisabled SentineloneS2sInputOperationalState = "fully_disabled"` - `const SentineloneS2sInputOperationalStateAutoPartiallyDisabled SentineloneS2sInputOperationalState = "auto_partially_disabled"` - `const SentineloneS2sInputOperationalStateDisabledError SentineloneS2sInputOperationalState = "disabled_error"` - `const SentineloneS2sInputOperationalStateDBCorruption SentineloneS2sInputOperationalState = "db_corruption"` - `Operator SentineloneS2sInputOperator` Operator. - `const SentineloneS2sInputOperatorLess SentineloneS2sInputOperator = "<"` - `const SentineloneS2sInputOperatorLessOrEquals SentineloneS2sInputOperator = "<="` - `const SentineloneS2sInputOperatorGreater SentineloneS2sInputOperator = ">"` - `const SentineloneS2sInputOperatorGreaterOrEquals SentineloneS2sInputOperator = ">="` - `const SentineloneS2sInputOperatorEquals SentineloneS2sInputOperator = "=="` - `type DeviceInputTeamsDevicesCustomS2sInputRequest struct{…}` - `ConnectionID string` Posture Integration ID. - `Operator DeviceInputTeamsDevicesCustomS2sInputRequestOperator` Operator. - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLess DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorLessOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "<="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreater DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">"` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorGreaterOrEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = ">="` - `const DeviceInputTeamsDevicesCustomS2sInputRequestOperatorEquals DeviceInputTeamsDevicesCustomS2sInputRequestOperator = "=="` - `Score float64` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `Match []DeviceMatch` The conditions that the client must match to run the rule. - `Platform DeviceMatchPlatform` - `const DeviceMatchPlatformWindows DeviceMatchPlatform = "windows"` - `const DeviceMatchPlatformMac DeviceMatchPlatform = "mac"` - `const DeviceMatchPlatformLinux DeviceMatchPlatform = "linux"` - `const DeviceMatchPlatformAndroid DeviceMatchPlatform = "android"` - `const DeviceMatchPlatformIos DeviceMatchPlatform = "ios"` - `const DeviceMatchPlatformChromeos DeviceMatchPlatform = "chromeos"` - `Name string` The name of the device posture rule. - `Schedule string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `Type DevicePostureRuleType` The type of device posture rule. - `const DevicePostureRuleTypeFile DevicePostureRuleType = "file"` - `const DevicePostureRuleTypeApplication DevicePostureRuleType = "application"` - `const DevicePostureRuleTypeTanium DevicePostureRuleType = "tanium"` - `const DevicePostureRuleTypeGateway DevicePostureRuleType = "gateway"` - `const DevicePostureRuleTypeWARP DevicePostureRuleType = "warp"` - `const DevicePostureRuleTypeDiskEncryption DevicePostureRuleType = "disk_encryption"` - `const DevicePostureRuleTypeSerialNumber DevicePostureRuleType = "serial_number"` - `const DevicePostureRuleTypeSentinelone DevicePostureRuleType = "sentinelone"` - `const DevicePostureRuleTypeCarbonblack DevicePostureRuleType = "carbonblack"` - `const DevicePostureRuleTypeFirewall DevicePostureRuleType = "firewall"` - `const DevicePostureRuleTypeOSVersion DevicePostureRuleType = "os_version"` - `const DevicePostureRuleTypeDomainJoined DevicePostureRuleType = "domain_joined"` - `const DevicePostureRuleTypeClientCertificate DevicePostureRuleType = "client_certificate"` - `const DevicePostureRuleTypeClientCertificateV2 DevicePostureRuleType = "client_certificate_v2"` - `const DevicePostureRuleTypeAntivirus DevicePostureRuleType = "antivirus"` - `const DevicePostureRuleTypeUniqueClientID DevicePostureRuleType = "unique_client_id"` - `const DevicePostureRuleTypeKolide DevicePostureRuleType = "kolide"` - `const DevicePostureRuleTypeTaniumS2s DevicePostureRuleType = "tanium_s2s"` - `const DevicePostureRuleTypeCrowdstrikeS2s DevicePostureRuleType = "crowdstrike_s2s"` - `const DevicePostureRuleTypeIntune DevicePostureRuleType = "intune"` - `const DevicePostureRuleTypeWorkspaceOne DevicePostureRuleType = "workspace_one"` - `const DevicePostureRuleTypeSentineloneS2s DevicePostureRuleType = "sentinelone_s2s"` - `const DevicePostureRuleTypeCustomS2s DevicePostureRuleType = "custom_s2s"` ### Disk Encryption Input - `type DiskEncryptionInput struct{…}` - `CheckDisks []CarbonblackInput` List of volume names to be checked for encryption. - `RequireAll bool` Whether to check all disks for encryption. ### Domain Joined Input - `type DomainJoinedInput struct{…}` - `OperatingSystem DomainJoinedInputOperatingSystem` Operating System. - `const DomainJoinedInputOperatingSystemWindows DomainJoinedInputOperatingSystem = "windows"` - `Domain string` Domain. ### File Input - `type FileInput struct{…}` - `OperatingSystem FileInputOperatingSystem` Operating system. - `const FileInputOperatingSystemWindows FileInputOperatingSystem = "windows"` - `const FileInputOperatingSystemLinux FileInputOperatingSystem = "linux"` - `const FileInputOperatingSystemMac FileInputOperatingSystem = "mac"` - `Path string` File path. - `Exists bool` Whether or not file exists. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. ### Firewall Input - `type FirewallInput struct{…}` - `Enabled bool` Enabled. - `OperatingSystem FirewallInputOperatingSystem` Operating System. - `const FirewallInputOperatingSystemWindows FirewallInputOperatingSystem = "windows"` - `const FirewallInputOperatingSystemMac FirewallInputOperatingSystem = "mac"` ### Intune Input - `type IntuneInput struct{…}` - `ComplianceStatus IntuneInputComplianceStatus` Compliance Status. - `const IntuneInputComplianceStatusCompliant IntuneInputComplianceStatus = "compliant"` - `const IntuneInputComplianceStatusNoncompliant IntuneInputComplianceStatus = "noncompliant"` - `const IntuneInputComplianceStatusUnknown IntuneInputComplianceStatus = "unknown"` - `const IntuneInputComplianceStatusNotapplicable IntuneInputComplianceStatus = "notapplicable"` - `const IntuneInputComplianceStatusIngraceperiod IntuneInputComplianceStatus = "ingraceperiod"` - `const IntuneInputComplianceStatusError IntuneInputComplianceStatus = "error"` - `ConnectionID string` Posture Integration ID. ### Kolide Input - `type KolideInput struct{…}` - `ConnectionID string` Posture Integration ID. - `CountOperator KolideInputCountOperator` Count Operator. - `const KolideInputCountOperatorLess KolideInputCountOperator = "<"` - `const KolideInputCountOperatorLessOrEquals KolideInputCountOperator = "<="` - `const KolideInputCountOperatorGreater KolideInputCountOperator = ">"` - `const KolideInputCountOperatorGreaterOrEquals KolideInputCountOperator = ">="` - `const KolideInputCountOperatorEquals KolideInputCountOperator = "=="` - `IssueCount string` The Number of Issues. ### OS Version Input - `type OSVersionInput struct{…}` - `OperatingSystem OSVersionInputOperatingSystem` Operating System. - `const OSVersionInputOperatingSystemWindows OSVersionInputOperatingSystem = "windows"` - `Operator OSVersionInputOperator` Operator. - `const OSVersionInputOperatorLess OSVersionInputOperator = "<"` - `const OSVersionInputOperatorLessOrEquals OSVersionInputOperator = "<="` - `const OSVersionInputOperatorGreater OSVersionInputOperator = ">"` - `const OSVersionInputOperatorGreaterOrEquals OSVersionInputOperator = ">="` - `const OSVersionInputOperatorEquals OSVersionInputOperator = "=="` - `Version string` Version of OS. - `OSDistroName string` Operating System Distribution Name (linux only). - `OSDistroRevision string` Version of OS Distribution (linux only). - `OSVersionExtra string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. ### Sentinelone Input - `type SentineloneInput struct{…}` - `OperatingSystem SentineloneInputOperatingSystem` Operating system. - `const SentineloneInputOperatingSystemWindows SentineloneInputOperatingSystem = "windows"` - `const SentineloneInputOperatingSystemLinux SentineloneInputOperatingSystem = "linux"` - `const SentineloneInputOperatingSystemMac SentineloneInputOperatingSystem = "mac"` - `Path string` File path. - `Sha256 string` SHA-256. - `Thumbprint string` Signing certificate thumbprint. ### Sentinelone S2s Input - `type SentineloneS2sInput struct{…}` - `ConnectionID string` Posture Integration ID. - `ActiveThreats float64` The Number of active threats. - `Infected bool` Whether device is infected. - `IsActive bool` Whether device is active. - `NetworkStatus SentineloneS2sInputNetworkStatus` Network status of device. - `const SentineloneS2sInputNetworkStatusConnected SentineloneS2sInputNetworkStatus = "connected"` - `const SentineloneS2sInputNetworkStatusDisconnected SentineloneS2sInputNetworkStatus = "disconnected"` - `const SentineloneS2sInputNetworkStatusDisconnecting SentineloneS2sInputNetworkStatus = "disconnecting"` - `const SentineloneS2sInputNetworkStatusConnecting SentineloneS2sInputNetworkStatus = "connecting"` - `OperationalState SentineloneS2sInputOperationalState` Agent operational state. - `const SentineloneS2sInputOperationalStateNa SentineloneS2sInputOperationalState = "na"` - `const SentineloneS2sInputOperationalStatePartiallyDisabled SentineloneS2sInputOperationalState = "partially_disabled"` - `const SentineloneS2sInputOperationalStateAutoFullyDisabled SentineloneS2sInputOperationalState = "auto_fully_disabled"` - `const SentineloneS2sInputOperationalStateFullyDisabled SentineloneS2sInputOperationalState = "fully_disabled"` - `const SentineloneS2sInputOperationalStateAutoPartiallyDisabled SentineloneS2sInputOperationalState = "auto_partially_disabled"` - `const SentineloneS2sInputOperationalStateDisabledError SentineloneS2sInputOperationalState = "disabled_error"` - `const SentineloneS2sInputOperationalStateDBCorruption SentineloneS2sInputOperationalState = "db_corruption"` - `Operator SentineloneS2sInputOperator` Operator. - `const SentineloneS2sInputOperatorLess SentineloneS2sInputOperator = "<"` - `const SentineloneS2sInputOperatorLessOrEquals SentineloneS2sInputOperator = "<="` - `const SentineloneS2sInputOperatorGreater SentineloneS2sInputOperator = ">"` - `const SentineloneS2sInputOperatorGreaterOrEquals SentineloneS2sInputOperator = ">="` - `const SentineloneS2sInputOperatorEquals SentineloneS2sInputOperator = "=="` ### Tanium Input - `type TaniumInput struct{…}` - `ConnectionID string` Posture Integration ID. - `EidLastSeen string` For more details on eid last seen, refer to the Tanium documentation. - `Operator TaniumInputOperator` Operator to evaluate risk_level or eid_last_seen. - `const TaniumInputOperatorLess TaniumInputOperator = "<"` - `const TaniumInputOperatorLessOrEquals TaniumInputOperator = "<="` - `const TaniumInputOperatorGreater TaniumInputOperator = ">"` - `const TaniumInputOperatorGreaterOrEquals TaniumInputOperator = ">="` - `const TaniumInputOperatorEquals TaniumInputOperator = "=="` - `RiskLevel TaniumInputRiskLevel` For more details on risk level, refer to the Tanium documentation. - `const TaniumInputRiskLevelLow TaniumInputRiskLevel = "low"` - `const TaniumInputRiskLevelMedium TaniumInputRiskLevel = "medium"` - `const TaniumInputRiskLevelHigh TaniumInputRiskLevel = "high"` - `const TaniumInputRiskLevelCritical TaniumInputRiskLevel = "critical"` - `ScoreOperator TaniumInputScoreOperator` Score Operator. - `const TaniumInputScoreOperatorLess TaniumInputScoreOperator = "<"` - `const TaniumInputScoreOperatorLessOrEquals TaniumInputScoreOperator = "<="` - `const TaniumInputScoreOperatorGreater TaniumInputScoreOperator = ">"` - `const TaniumInputScoreOperatorGreaterOrEquals TaniumInputScoreOperator = ">="` - `const TaniumInputScoreOperatorEquals TaniumInputScoreOperator = "=="` - `TotalScore float64` For more details on total score, refer to the Tanium documentation. ### Unique Client ID Input - `type UniqueClientIDInput struct{…}` - `ID string` List ID. - `OperatingSystem UniqueClientIDInputOperatingSystem` Operating System. - `const UniqueClientIDInputOperatingSystemAndroid UniqueClientIDInputOperatingSystem = "android"` - `const UniqueClientIDInputOperatingSystemIos UniqueClientIDInputOperatingSystem = "ios"` - `const UniqueClientIDInputOperatingSystemChromeos UniqueClientIDInputOperatingSystem = "chromeos"` ### Workspace One Input - `type WorkspaceOneInput struct{…}` - `ComplianceStatus WorkspaceOneInputComplianceStatus` Compliance Status. - `const WorkspaceOneInputComplianceStatusCompliant WorkspaceOneInputComplianceStatus = "compliant"` - `const WorkspaceOneInputComplianceStatusNoncompliant WorkspaceOneInputComplianceStatus = "noncompliant"` - `const WorkspaceOneInputComplianceStatusUnknown WorkspaceOneInputComplianceStatus = "unknown"` - `ConnectionID string` Posture Integration ID. # Integrations ## List your device posture integrations `client.ZeroTrust.Devices.Posture.Integrations.List(ctx, query) (*SinglePage[Integration], error)` **get** `/accounts/{account_id}/devices/posture/integration` Fetches the list of device posture integrations for an account. ### Parameters - `query DevicePostureIntegrationListParams` - `AccountID param.Field[string]` ### Returns - `type Integration struct{…}` - `ID string` API UUID. - `Config IntegrationConfig` The configuration object containing third-party integration information. - `APIURL string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `AuthURL string` The Workspace One Authorization URL depending on your region. - `ClientID string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `Interval string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `Name string` The name of the device posture integration. - `Type IntegrationType` The type of device posture integration. - `const IntegrationTypeWorkspaceOne IntegrationType = "workspace_one"` - `const IntegrationTypeCrowdstrikeS2s IntegrationType = "crowdstrike_s2s"` - `const IntegrationTypeUptycs IntegrationType = "uptycs"` - `const IntegrationTypeIntune IntegrationType = "intune"` - `const IntegrationTypeKolide IntegrationType = "kolide"` - `const IntegrationTypeTaniumS2s IntegrationType = "tanium_s2s"` - `const IntegrationTypeSentineloneS2s IntegrationType = "sentinelone_s2s"` - `const IntegrationTypeCustomS2s IntegrationType = "custom_s2s"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.Posture.Integrations.List(context.TODO(), zero_trust.DevicePostureIntegrationListParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device posture integration details `client.ZeroTrust.Devices.Posture.Integrations.Get(ctx, integrationID, query) (*Integration, error)` **get** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Fetches details for a single device posture integration. ### Parameters - `integrationID string` API UUID. - `query DevicePostureIntegrationGetParams` - `AccountID param.Field[string]` ### Returns - `type Integration struct{…}` - `ID string` API UUID. - `Config IntegrationConfig` The configuration object containing third-party integration information. - `APIURL string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `AuthURL string` The Workspace One Authorization URL depending on your region. - `ClientID string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `Interval string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `Name string` The name of the device posture integration. - `Type IntegrationType` The type of device posture integration. - `const IntegrationTypeWorkspaceOne IntegrationType = "workspace_one"` - `const IntegrationTypeCrowdstrikeS2s IntegrationType = "crowdstrike_s2s"` - `const IntegrationTypeUptycs IntegrationType = "uptycs"` - `const IntegrationTypeIntune IntegrationType = "intune"` - `const IntegrationTypeKolide IntegrationType = "kolide"` - `const IntegrationTypeTaniumS2s IntegrationType = "tanium_s2s"` - `const IntegrationTypeSentineloneS2s IntegrationType = "sentinelone_s2s"` - `const IntegrationTypeCustomS2s IntegrationType = "custom_s2s"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) integration, err := client.ZeroTrust.Devices.Posture.Integrations.Get( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePostureIntegrationGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", integration.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Create a device posture integration `client.ZeroTrust.Devices.Posture.Integrations.New(ctx, params) (*Integration, error)` **post** `/accounts/{account_id}/devices/posture/integration` Create a new device posture integration. ### Parameters - `params DevicePostureIntegrationNewParams` - `AccountID param.Field[string]` Path param - `Config param.Field[DevicePostureIntegrationNewParamsConfig]` Body param: The configuration object containing third-party integration information. - `type DevicePostureIntegrationNewParamsConfigTeamsDevicesWorkspaceOneConfigRequest struct{…}` - `APIURL string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `AuthURL string` The Workspace One Authorization URL depending on your region. - `ClientID string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `ClientSecret string` The Workspace One client secret provided in the Workspace One Admin Dashboard. - `type DevicePostureIntegrationNewParamsConfigTeamsDevicesCrowdstrikeConfigRequest struct{…}` - `APIURL string` The Crowdstrike API URL. - `ClientID string` The Crowdstrike client ID. - `ClientSecret string` The Crowdstrike client secret. - `CustomerID string` The Crowdstrike customer ID. - `type DevicePostureIntegrationNewParamsConfigTeamsDevicesUptycsConfigRequest struct{…}` - `APIURL string` The Uptycs API URL. - `ClientKey string` The Uptycs client secret. - `ClientSecret string` The Uptycs client secret. - `CustomerID string` The Uptycs customer ID. - `type DevicePostureIntegrationNewParamsConfigTeamsDevicesIntuneConfigRequest struct{…}` - `ClientID string` The Intune client ID. - `ClientSecret string` The Intune client secret. - `CustomerID string` The Intune customer ID. - `type DevicePostureIntegrationNewParamsConfigTeamsDevicesKolideConfigRequest struct{…}` - `ClientID string` The Kolide client ID. - `ClientSecret string` The Kolide client secret. - `type DevicePostureIntegrationNewParamsConfigTeamsDevicesTaniumConfigRequest struct{…}` - `APIURL string` The Tanium API URL. - `ClientSecret string` The Tanium client secret. - `AccessClientID string` If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `AccessClientSecret string` If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `type DevicePostureIntegrationNewParamsConfigTeamsDevicesSentineloneS2sConfigRequest struct{…}` - `APIURL string` The SentinelOne S2S API URL. - `ClientSecret string` The SentinelOne S2S client secret. - `type DevicePostureIntegrationNewParamsConfigTeamsDevicesCustomS2sConfigRequest struct{…}` - `AccessClientID string` This id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `AccessClientSecret string` This secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `APIURL string` The Custom Device Posture Integration API URL. - `Interval param.Field[string]` Body param: The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `Name param.Field[string]` Body param: The name of the device posture integration. - `Type param.Field[DevicePostureIntegrationNewParamsType]` Body param: The type of device posture integration. - `const DevicePostureIntegrationNewParamsTypeWorkspaceOne DevicePostureIntegrationNewParamsType = "workspace_one"` - `const DevicePostureIntegrationNewParamsTypeCrowdstrikeS2s DevicePostureIntegrationNewParamsType = "crowdstrike_s2s"` - `const DevicePostureIntegrationNewParamsTypeUptycs DevicePostureIntegrationNewParamsType = "uptycs"` - `const DevicePostureIntegrationNewParamsTypeIntune DevicePostureIntegrationNewParamsType = "intune"` - `const DevicePostureIntegrationNewParamsTypeKolide DevicePostureIntegrationNewParamsType = "kolide"` - `const DevicePostureIntegrationNewParamsTypeTaniumS2s DevicePostureIntegrationNewParamsType = "tanium_s2s"` - `const DevicePostureIntegrationNewParamsTypeSentineloneS2s DevicePostureIntegrationNewParamsType = "sentinelone_s2s"` - `const DevicePostureIntegrationNewParamsTypeCustomS2s DevicePostureIntegrationNewParamsType = "custom_s2s"` ### Returns - `type Integration struct{…}` - `ID string` API UUID. - `Config IntegrationConfig` The configuration object containing third-party integration information. - `APIURL string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `AuthURL string` The Workspace One Authorization URL depending on your region. - `ClientID string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `Interval string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `Name string` The name of the device posture integration. - `Type IntegrationType` The type of device posture integration. - `const IntegrationTypeWorkspaceOne IntegrationType = "workspace_one"` - `const IntegrationTypeCrowdstrikeS2s IntegrationType = "crowdstrike_s2s"` - `const IntegrationTypeUptycs IntegrationType = "uptycs"` - `const IntegrationTypeIntune IntegrationType = "intune"` - `const IntegrationTypeKolide IntegrationType = "kolide"` - `const IntegrationTypeTaniumS2s IntegrationType = "tanium_s2s"` - `const IntegrationTypeSentineloneS2s IntegrationType = "sentinelone_s2s"` - `const IntegrationTypeCustomS2s IntegrationType = "custom_s2s"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) integration, err := client.ZeroTrust.Devices.Posture.Integrations.New(context.TODO(), zero_trust.DevicePostureIntegrationNewParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Config: cloudflare.F[zero_trust.DevicePostureIntegrationNewParamsConfigUnion](zero_trust.DevicePostureIntegrationNewParamsConfigTeamsDevicesWorkspaceOneConfigRequest{ APIURL: cloudflare.F("https://as123.awmdm.com/API"), AuthURL: cloudflare.F("https://na.uemauth.workspaceone.com/connect/token"), ClientID: cloudflare.F("example client id"), ClientSecret: cloudflare.F("example client secret"), }), Interval: cloudflare.F("10m"), Name: cloudflare.F("My Workspace One Integration"), Type: cloudflare.F(zero_trust.DevicePostureIntegrationNewParamsTypeWorkspaceOne), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", integration.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Update a device posture integration `client.ZeroTrust.Devices.Posture.Integrations.Edit(ctx, integrationID, params) (*Integration, error)` **patch** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Updates a configured device posture integration. ### Parameters - `integrationID string` API UUID. - `params DevicePostureIntegrationEditParams` - `AccountID param.Field[string]` Path param - `Config param.Field[DevicePostureIntegrationEditParamsConfig]` Body param: The configuration object containing third-party integration information. - `type DevicePostureIntegrationEditParamsConfigTeamsDevicesWorkspaceOneConfigRequest struct{…}` - `APIURL string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `AuthURL string` The Workspace One Authorization URL depending on your region. - `ClientID string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `ClientSecret string` The Workspace One client secret provided in the Workspace One Admin Dashboard. - `type DevicePostureIntegrationEditParamsConfigTeamsDevicesCrowdstrikeConfigRequest struct{…}` - `APIURL string` The Crowdstrike API URL. - `ClientID string` The Crowdstrike client ID. - `ClientSecret string` The Crowdstrike client secret. - `CustomerID string` The Crowdstrike customer ID. - `type DevicePostureIntegrationEditParamsConfigTeamsDevicesUptycsConfigRequest struct{…}` - `APIURL string` The Uptycs API URL. - `ClientKey string` The Uptycs client secret. - `ClientSecret string` The Uptycs client secret. - `CustomerID string` The Uptycs customer ID. - `type DevicePostureIntegrationEditParamsConfigTeamsDevicesIntuneConfigRequest struct{…}` - `ClientID string` The Intune client ID. - `ClientSecret string` The Intune client secret. - `CustomerID string` The Intune customer ID. - `type DevicePostureIntegrationEditParamsConfigTeamsDevicesKolideConfigRequest struct{…}` - `ClientID string` The Kolide client ID. - `ClientSecret string` The Kolide client secret. - `type DevicePostureIntegrationEditParamsConfigTeamsDevicesTaniumConfigRequest struct{…}` - `APIURL string` The Tanium API URL. - `ClientSecret string` The Tanium client secret. - `AccessClientID string` If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `AccessClientSecret string` If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `type DevicePostureIntegrationEditParamsConfigTeamsDevicesSentineloneS2sConfigRequest struct{…}` - `APIURL string` The SentinelOne S2S API URL. - `ClientSecret string` The SentinelOne S2S client secret. - `type DevicePostureIntegrationEditParamsConfigTeamsDevicesCustomS2sConfigRequest struct{…}` - `AccessClientID string` This id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `AccessClientSecret string` This secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `APIURL string` The Custom Device Posture Integration API URL. - `Interval param.Field[string]` Body param: The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `Name param.Field[string]` Body param: The name of the device posture integration. - `Type param.Field[DevicePostureIntegrationEditParamsType]` Body param: The type of device posture integration. - `const DevicePostureIntegrationEditParamsTypeWorkspaceOne DevicePostureIntegrationEditParamsType = "workspace_one"` - `const DevicePostureIntegrationEditParamsTypeCrowdstrikeS2s DevicePostureIntegrationEditParamsType = "crowdstrike_s2s"` - `const DevicePostureIntegrationEditParamsTypeUptycs DevicePostureIntegrationEditParamsType = "uptycs"` - `const DevicePostureIntegrationEditParamsTypeIntune DevicePostureIntegrationEditParamsType = "intune"` - `const DevicePostureIntegrationEditParamsTypeKolide DevicePostureIntegrationEditParamsType = "kolide"` - `const DevicePostureIntegrationEditParamsTypeTaniumS2s DevicePostureIntegrationEditParamsType = "tanium_s2s"` - `const DevicePostureIntegrationEditParamsTypeSentineloneS2s DevicePostureIntegrationEditParamsType = "sentinelone_s2s"` - `const DevicePostureIntegrationEditParamsTypeCustomS2s DevicePostureIntegrationEditParamsType = "custom_s2s"` ### Returns - `type Integration struct{…}` - `ID string` API UUID. - `Config IntegrationConfig` The configuration object containing third-party integration information. - `APIURL string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `AuthURL string` The Workspace One Authorization URL depending on your region. - `ClientID string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `Interval string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `Name string` The name of the device posture integration. - `Type IntegrationType` The type of device posture integration. - `const IntegrationTypeWorkspaceOne IntegrationType = "workspace_one"` - `const IntegrationTypeCrowdstrikeS2s IntegrationType = "crowdstrike_s2s"` - `const IntegrationTypeUptycs IntegrationType = "uptycs"` - `const IntegrationTypeIntune IntegrationType = "intune"` - `const IntegrationTypeKolide IntegrationType = "kolide"` - `const IntegrationTypeTaniumS2s IntegrationType = "tanium_s2s"` - `const IntegrationTypeSentineloneS2s IntegrationType = "sentinelone_s2s"` - `const IntegrationTypeCustomS2s IntegrationType = "custom_s2s"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) integration, err := client.ZeroTrust.Devices.Posture.Integrations.Edit( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePostureIntegrationEditParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", integration.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Delete a device posture integration `client.ZeroTrust.Devices.Posture.Integrations.Delete(ctx, integrationID, body) (*unknown, error)` **delete** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Delete a configured device posture integration. ### Parameters - `integrationID string` API UUID. - `body DevicePostureIntegrationDeleteParams` - `AccountID param.Field[string]` ### Returns - `type DevicePostureIntegrationDeleteResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) integration, err := client.ZeroTrust.Devices.Posture.Integrations.Delete( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DevicePostureIntegrationDeleteParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", integration) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Integration - `type Integration struct{…}` - `ID string` API UUID. - `Config IntegrationConfig` The configuration object containing third-party integration information. - `APIURL string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `AuthURL string` The Workspace One Authorization URL depending on your region. - `ClientID string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `Interval string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `Name string` The name of the device posture integration. - `Type IntegrationType` The type of device posture integration. - `const IntegrationTypeWorkspaceOne IntegrationType = "workspace_one"` - `const IntegrationTypeCrowdstrikeS2s IntegrationType = "crowdstrike_s2s"` - `const IntegrationTypeUptycs IntegrationType = "uptycs"` - `const IntegrationTypeIntune IntegrationType = "intune"` - `const IntegrationTypeKolide IntegrationType = "kolide"` - `const IntegrationTypeTaniumS2s IntegrationType = "tanium_s2s"` - `const IntegrationTypeSentineloneS2s IntegrationType = "sentinelone_s2s"` - `const IntegrationTypeCustomS2s IntegrationType = "custom_s2s"` # Revoke ## Revoke devices (deprecated) `client.ZeroTrust.Devices.Revoke.New(ctx, params) (*unknown, error)` **post** `/accounts/{account_id}/devices/revoke` Revokes a list of devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled. **Deprecated**: please use POST /accounts/{account_id}/devices/registrations/revoke instead. ### Parameters - `params DeviceRevokeNewParams` - `AccountID param.Field[string]` Path param - `Body param.Field[[]string]` Body param: A list of Registration IDs to revoke. ### Returns - `type DeviceRevokeNewResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) revoke, err := client.ZeroTrust.Devices.Revoke.New(context.TODO(), zero_trust.DeviceRevokeNewParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Body: []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"}, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", revoke) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` # Settings ## Get device settings for a Zero Trust account `client.ZeroTrust.Devices.Settings.Get(ctx, query) (*DeviceSettings, error)` **get** `/accounts/{account_id}/devices/settings` Describes the current device settings for a Zero Trust account. ### Parameters - `query DeviceSettingGetParams` - `AccountID param.Field[string]` ### Returns - `type DeviceSettings struct{…}` - `DisableForTime float64` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `ExternalEmergencySignalEnabled bool` Controls whether the external emergency disconnect feature is enabled. - `ExternalEmergencySignalFingerprint string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `ExternalEmergencySignalInterval string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `ExternalEmergencySignalURL string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `GatewayProxyEnabled bool` Enable gateway proxy filtering on TCP. - `GatewayUdpProxyEnabled bool` Enable gateway proxy filtering on UDP. - `RootCertificateInstallationEnabled bool` Enable installation of cloudflare managed root certificate. - `UseZtVirtualIP bool` Enable using CGNAT virtual IPv4. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) deviceSettings, err := client.ZeroTrust.Devices.Settings.Get(context.TODO(), zero_trust.DeviceSettingGetParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", deviceSettings.DisableForTime) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Update device settings for a Zero Trust account `client.ZeroTrust.Devices.Settings.Update(ctx, params) (*DeviceSettings, error)` **put** `/accounts/{account_id}/devices/settings` Updates the current device settings for a Zero Trust account. ### Parameters - `params DeviceSettingUpdateParams` - `AccountID param.Field[string]` Path param - `DeviceSettings param.Field[DeviceSettings]` Body param ### Returns - `type DeviceSettings struct{…}` - `DisableForTime float64` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `ExternalEmergencySignalEnabled bool` Controls whether the external emergency disconnect feature is enabled. - `ExternalEmergencySignalFingerprint string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `ExternalEmergencySignalInterval string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `ExternalEmergencySignalURL string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `GatewayProxyEnabled bool` Enable gateway proxy filtering on TCP. - `GatewayUdpProxyEnabled bool` Enable gateway proxy filtering on UDP. - `RootCertificateInstallationEnabled bool` Enable installation of cloudflare managed root certificate. - `UseZtVirtualIP bool` Enable using CGNAT virtual IPv4. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) deviceSettings, err := client.ZeroTrust.Devices.Settings.Update(context.TODO(), zero_trust.DeviceSettingUpdateParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), DeviceSettings: zero_trust.DeviceSettingsParam{ }, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", deviceSettings.DisableForTime) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Patch device settings for a Zero Trust account `client.ZeroTrust.Devices.Settings.Edit(ctx, params) (*DeviceSettings, error)` **patch** `/accounts/{account_id}/devices/settings` Patches the current device settings for a Zero Trust account. ### Parameters - `params DeviceSettingEditParams` - `AccountID param.Field[string]` Path param - `DeviceSettings param.Field[DeviceSettings]` Body param ### Returns - `type DeviceSettings struct{…}` - `DisableForTime float64` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `ExternalEmergencySignalEnabled bool` Controls whether the external emergency disconnect feature is enabled. - `ExternalEmergencySignalFingerprint string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `ExternalEmergencySignalInterval string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `ExternalEmergencySignalURL string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `GatewayProxyEnabled bool` Enable gateway proxy filtering on TCP. - `GatewayUdpProxyEnabled bool` Enable gateway proxy filtering on UDP. - `RootCertificateInstallationEnabled bool` Enable installation of cloudflare managed root certificate. - `UseZtVirtualIP bool` Enable using CGNAT virtual IPv4. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) deviceSettings, err := client.ZeroTrust.Devices.Settings.Edit(context.TODO(), zero_trust.DeviceSettingEditParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), DeviceSettings: zero_trust.DeviceSettingsParam{ }, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", deviceSettings.DisableForTime) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Reset device settings for a Zero Trust account with defaults. This turns off all proxying. `client.ZeroTrust.Devices.Settings.Delete(ctx, body) (*DeviceSettings, error)` **delete** `/accounts/{account_id}/devices/settings` Resets the current device settings for a Zero Trust account. ### Parameters - `body DeviceSettingDeleteParams` - `AccountID param.Field[string]` ### Returns - `type DeviceSettings struct{…}` - `DisableForTime float64` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `ExternalEmergencySignalEnabled bool` Controls whether the external emergency disconnect feature is enabled. - `ExternalEmergencySignalFingerprint string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `ExternalEmergencySignalInterval string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `ExternalEmergencySignalURL string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `GatewayProxyEnabled bool` Enable gateway proxy filtering on TCP. - `GatewayUdpProxyEnabled bool` Enable gateway proxy filtering on UDP. - `RootCertificateInstallationEnabled bool` Enable installation of cloudflare managed root certificate. - `UseZtVirtualIP bool` Enable using CGNAT virtual IPv4. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) deviceSettings, err := client.ZeroTrust.Devices.Settings.Delete(context.TODO(), zero_trust.DeviceSettingDeleteParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", deviceSettings.DisableForTime) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Domain Types ### Device Settings - `type DeviceSettings struct{…}` - `DisableForTime float64` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `ExternalEmergencySignalEnabled bool` Controls whether the external emergency disconnect feature is enabled. - `ExternalEmergencySignalFingerprint string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `ExternalEmergencySignalInterval string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `ExternalEmergencySignalURL string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `GatewayProxyEnabled bool` Enable gateway proxy filtering on TCP. - `GatewayUdpProxyEnabled bool` Enable gateway proxy filtering on UDP. - `RootCertificateInstallationEnabled bool` Enable installation of cloudflare managed root certificate. - `UseZtVirtualIP bool` Enable using CGNAT virtual IPv4. # Unrevoke ## Unrevoke devices (deprecated) `client.ZeroTrust.Devices.Unrevoke.New(ctx, params) (*unknown, error)` **post** `/accounts/{account_id}/devices/unrevoke` Unrevokes a list of devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled. **Deprecated**: please use POST /accounts/{account_id}/devices/registrations/unrevoke instead. ### Parameters - `params DeviceUnrevokeNewParams` - `AccountID param.Field[string]` Path param - `Body param.Field[[]string]` Body param: A list of Registration IDs to unrevoke. ### Returns - `type DeviceUnrevokeNewResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) unrevoke, err := client.ZeroTrust.Devices.Unrevoke.New(context.TODO(), zero_trust.DeviceUnrevokeNewParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), Body: []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"}, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", unrevoke) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` # Override Codes ## Get override codes (deprecated) `client.ZeroTrust.Devices.OverrideCodes.List(ctx, deviceID, query) (*SinglePage[DeviceOverrideCodeListResponse], error)` **get** `/accounts/{account_id}/devices/{device_id}/override_codes` Fetches a one-time use admin override code for a device. This relies on the **Admin Override** setting being enabled in your device configuration. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated:** please use GET /accounts/{account_id}/devices/registrations/{registration_id}/override_codes instead. ### Parameters - `deviceID string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `query DeviceOverrideCodeListParams` - `AccountID param.Field[string]` ### Returns - `type DeviceOverrideCodeListResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.ZeroTrust.Devices.OverrideCodes.List( context.TODO(), "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", zero_trust.DeviceOverrideCodeListParams{ AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ {} ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get override codes `client.ZeroTrust.Devices.OverrideCodes.Get(ctx, registrationID, query) (*DeviceOverrideCodeGetResponse, error)` **get** `/accounts/{account_id}/devices/registrations/{registration_id}/override_codes` Fetches one-time use admin override codes for a registration. This relies on the **Admin Override** setting being enabled in your device configuration. ### Parameters - `registrationID string` - `query DeviceOverrideCodeGetParams` - `AccountID param.Field[string]` ### Returns - `type DeviceOverrideCodeGetResponse struct{…}` - `DisableForTime map[string, string]` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/zero_trust" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) overrideCode, err := client.ZeroTrust.Devices.OverrideCodes.Get( context.TODO(), "registration_id", zero_trust.DeviceOverrideCodeGetParams{ AccountID: cloudflare.F("account_id"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", overrideCode.DisableForTime) } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "disable_for_time": { "foo": "string" } }, "success": true } ```