API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Shared

ModelsExpand Collapse

ASN = number

AuditLog { id, action, actor, 7 more }

id?: string

A string that uniquely identifies the audit log.

action?: Action { result, type }

result?: boolean

A boolean that indicates if the action attempted was successful.

type?: string

A short string that describes the action that was performed.

actor?: Actor { id, email, ip, type }

id?: string

The ID of the actor that performed the action. If a user performed the action, this will be their User ID.

email?: string

The email of the user that performed the action.

formatemail

ip?: string

The IP address of the request that performed the action.

type?: "user" | "admin" | "Cloudflare"

The type of actor, whether a User, Cloudflare Admin, or an Automated System.

One of the following:

"user"

"admin"

"Cloudflare"

interface?: string

The source of the event.

metadata?: unknown

An object which can lend more context to the action being logged. This is a flexible value and varies between different actions.

newValue?: string

The new value of the resource that was modified.

oldValue?: string

The value of the resource before it was modified.

owner?: Owner { id }

id?: string

Identifier

maxLength32

resource?: Resource { id, type }

id?: string

An identifier for the resource that was affected by the action.

type?: string

A short string that describes the resource that was affected by the action.

when?: string

A UTC RFC3339 timestamp that specifies when the action being logged occured.

formatdate-time

CertificateCA = "digicert" | "google" | "lets_encrypt" | "ssl_com"

The Certificate Authority that will issue the certificate

One of the following:

"digicert"

"google"

"lets_encrypt"

"ssl_com"

CertificateRequestType = "origin-rsa" | "origin-ecc" | "keyless-certificate"

Signature type desired on certificate ("origin-rsa" (rsa), "origin-ecc" (ecdsa), or "keyless-certificate" (for Keyless SSL servers).

One of the following:

"origin-rsa"

"origin-ecc"

"keyless-certificate"

CloudflareTunnel { id, account_tag, config_src, 10 more }

A Cloudflare Tunnel that connects your origin to Cloudflare's edge.

id?: string

UUID of the tunnel.

formatuuid

maxLength36

account_tag?: string

Cloudflare account ID

maxLength32

config_src?: "local" | "cloudflare"

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel on the Zero Trust dashboard.

One of the following:

"local"

"cloudflare"

Deprecatedconnections?: Array<Connection>

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare's edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

conns_active_at?: string

Timestamp of when the tunnel established at least one connection to Cloudflare's edge. If null, the tunnel is inactive.

formatdate-time

conns_inactive_at?: string

Timestamp of when the tunnel became inactive (no connections to Cloudflare's edge). If null, the tunnel is active.

formatdate-time

created_at?: string

Timestamp of when the resource was created.

formatdate-time

deleted_at?: string

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time

metadata?: unknown

Metadata associated with the tunnel.

name?: string

A user-friendly name for a tunnel.

Deprecatedremote_config?: boolean

Use the config_src field instead.

If true, the tunnel can be configured remotely from the Zero Trust dashboard. If false, the tunnel must be configured locally on the origin machine.

status?: "inactive" | "degraded" | "healthy" | "down"

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:

"inactive"

"degraded"

"healthy"

"down"

tun_type?: "cfd_tunnel" | "warp_connector" | "warp" | 4 more

The type of tunnel.

One of the following:

"cfd_tunnel"

"warp_connector"

"warp"

"magic"

"ip_sec"

"gre"

"cni"

ErrorData { code, documentation_url, message, source }

code?: number

documentation_url?: string

message?: string

source?: Source { pointer }

pointer?: string

Identifier { id }

id?: string

Identifier.

maxLength32

LoadBalancerPreview { pools, preview_id }

pools?: Record<string, string>

Monitored pool IDs mapped to their respective names.

preview_id?: string

Member { id, email, policies, 3 more }

id?: string

Membership identifier tag.

maxLength32

email?: string

The contact email address of the user.

maxLength90

policies?: Array<Policy>

Access policy for the membership

id?: string

Policy identifier.

access?: "allow" | "deny"

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups?: Array<PermissionGroup>

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta?: Meta { key, value }

Attributes associated to the permission group.

key?: string

value?: string

name?: string

Name of the permission group.

resource_groups?: Array<ResourceGroup>

A list of resource groups that the policy applies to.

id: string

Identifier of the resource group.

scope: Array<Scope>

The scope associated to the resource group

key: string

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: Array<Object>

A list of scope objects for additional context.

key: string

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta?: Meta { key, value }

Attributes associated to the resource group.

key?: string

value?: string

name?: string

Name of the resource group.

roles?: Array<Role { id, description, name, permissions } >

Roles assigned to this Member.

id: string

Role identifier tag.

maxLength32

description: string

Description of role's permissions.

name: string

Role name.

maxLength120

permissions: Permissions { analytics, billing, cache_purge, 9 more }

analytics?: PermissionGrant { read, write }

billing?: PermissionGrant { read, write }

cache_purge?: PermissionGrant { read, write }

dns?: PermissionGrant { read, write }

dns_records?: PermissionGrant { read, write }

lb?: PermissionGrant { read, write }

logs?: PermissionGrant { read, write }

organization?: PermissionGrant { read, write }

ssl?: PermissionGrant { read, write }

waf?: PermissionGrant { read, write }

zone_settings?: PermissionGrant { read, write }

zones?: PermissionGrant { read, write }

status?: "accepted" | "pending"

A member's status in the account.

One of the following:

"accepted"

"pending"

user?: User { email, id, first_name, 2 more }

Details of the user associated to the membership.

email: string

The contact email address of the user.

maxLength90

id?: string

Identifier

maxLength32

minLength32

first_name?: string | null

User's first name

maxLength60

last_name?: string | null

User's last name

maxLength60

two_factor_authentication_enabled?: boolean

Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication.

PaginationInfo { count, page, per_page, total_count }

count?: number

Total number of results for the requested service

page?: number

Current page within paginated list of results

per_page?: number

Number of results per page of results

total_count?: number

Total results available without any search parameters

Permission = string

PermissionGrant { read, write }

read?: boolean

write?: boolean

RatePlan { id, currency, externally_managed, 4 more }

The rate plan applied to the subscription.

id?: "free" | "lite" | "pro" | 7 more

The ID of the rate plan.

One of the following:

"free"

"lite"

"pro"

"pro_plus"

"business"

"enterprise"

"partners_free"

"partners_pro"

"partners_business"

"partners_enterprise"

currency?: string

The currency applied to the rate plan subscription.

externally_managed?: boolean

Whether this rate plan is managed externally from Cloudflare.

is_contract?: boolean

Whether a rate plan is enterprise-based (or newly adopted term contract).

public_name?: string

The full name of the rate plan.

scope?: string

The scope that this rate plan applies to.

sets?: Array<string>

The list of sets this rate plan applies to. Returns array of strings.

ResponseInfo { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

Result = UnionMember0 { errors, messages, result, success } | AaaAPIResponseCommon { errors, messages, success }

One of the following:

UnionMember0 { errors, messages, result, success }

errors?: Array<ResponseInfo { code, message, documentation_url, source } >

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages?: Array<ResponseInfo { code, message, documentation_url, source } >

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

result?: Array<AuditLog { id, action, actor, 7 more } >

id?: string

A string that uniquely identifies the audit log.

action?: Action { result, type }

result?: boolean

A boolean that indicates if the action attempted was successful.

type?: string

A short string that describes the action that was performed.

actor?: Actor { id, email, ip, type }

id?: string

The ID of the actor that performed the action. If a user performed the action, this will be their User ID.

email?: string

The email of the user that performed the action.

formatemail

ip?: string

The IP address of the request that performed the action.

type?: "user" | "admin" | "Cloudflare"

The type of actor, whether a User, Cloudflare Admin, or an Automated System.

One of the following:

"user"

"admin"

"Cloudflare"

interface?: string

The source of the event.

metadata?: unknown

An object which can lend more context to the action being logged. This is a flexible value and varies between different actions.

newValue?: string

The new value of the resource that was modified.

oldValue?: string

The value of the resource before it was modified.

owner?: Owner { id }

id?: string

Identifier

maxLength32

resource?: Resource { id, type }

id?: string

An identifier for the resource that was affected by the action.

type?: string

A short string that describes the resource that was affected by the action.

when?: string

A UTC RFC3339 timestamp that specifies when the action being logged occured.

formatdate-time

success?: boolean

AaaAPIResponseCommon { errors, messages, success }

errors: Array<ResponseInfo { code, message, documentation_url, source } >

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<ResponseInfo { code, message, documentation_url, source } >

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful

Role { id, description, name, permissions }

id: string

Role identifier tag.

maxLength32

description: string

Description of role's permissions.

name: string

Role name.

maxLength120

permissions: Permissions { analytics, billing, cache_purge, 9 more }

analytics?: PermissionGrant { read, write }

billing?: PermissionGrant { read, write }

cache_purge?: PermissionGrant { read, write }

dns?: PermissionGrant { read, write }

dns_records?: PermissionGrant { read, write }

lb?: PermissionGrant { read, write }

logs?: PermissionGrant { read, write }

organization?: PermissionGrant { read, write }

ssl?: PermissionGrant { read, write }

waf?: PermissionGrant { read, write }

zone_settings?: PermissionGrant { read, write }

zones?: PermissionGrant { read, write }

SortDirection = "asc" | "desc"

Direction to order DNS records in.

One of the following:

"asc"

"desc"

Subscription { id, currency, current_period_end, 5 more }

id?: string

Subscription identifier tag.

maxLength32

currency?: string

The monetary unit in which pricing information is displayed.

current_period_end?: string

The end of the current period and also when the next billing is due.

formatdate-time

current_period_start?: string

When the current billing period started. May match initial_period_start if this is the first period.

formatdate-time

frequency?: "weekly" | "monthly" | "quarterly" | "yearly"

How often the subscription is renewed automatically.

One of the following:

"weekly"

"monthly"

"quarterly"

"yearly"

price?: number

The price of the subscription that will be billed, in US dollars.

rate_plan?: RatePlan { id, currency, externally_managed, 4 more }

The rate plan applied to the subscription.

state?: "Trial" | "Provisioned" | "Paid" | 4 more

The state that the subscription is in.

One of the following:

"Trial"

"Provisioned"

"Paid"

"AwaitingPayment"

"Cancelled"

"Failed"

"Expired"

SubscriptionComponent { default, name, price, value }

A component value for a subscription.

default?: number

The default amount assigned.

name?: string

The name of the component value.

price?: number

The unit price for the component value.

value?: number

The amount of the component value assigned.

SubscriptionZone { id, name }

A simple zone object. May have null properties if not a zone subscription.

id?: string

Identifier

maxLength32

name?: string

The domain name

maxLength253

Token { id, condition, expires_on, 7 more }

id?: string

Token identifier tag.

maxLength32

condition?: Condition { request_ip }

request_ip?: RequestIP { in, not_in }

Client IP restrictions.

in?: Array<TokenConditionCIDRList>

List of IPv4/IPv6 CIDR addresses.

not_in?: Array<TokenConditionCIDRList>

List of IPv4/IPv6 CIDR addresses.

expires_on?: string

The expiration time on or after which the JWT MUST NOT be accepted for processing.

formatdate-time

issued_on?: string

The time on which the token was created.

formatdate-time

last_used_on?: string

Last time the token was used.

formatdate-time

modified_on?: string

Last time the token was modified.

formatdate-time

name?: string

Token name.

maxLength120

not_before?: string

The time before which the token MUST NOT be accepted for processing.

formatdate-time

policies?: Array<TokenPolicy { id, effect, permission_groups, resources } >

List of access policies assigned to the token.

id: string

Policy identifier.

effect: "allow" | "deny"

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: Array<PermissionGroup>

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta?: Meta { key, value }

Attributes associated to the permission group.

key?: string

value?: string

name?: string

Name of the permission group.

resources: Record<string, string> | Record<string, Record<string, string>>

A list of resource names that the policy applies to.

One of the following:

Record<string, string>

Record<string, Record<string, string>>

status?: "active" | "disabled" | "expired"

Status of the token.

One of the following:

"active"

"disabled"

"expired"

TokenConditionCIDRList = string

IPv4/IPv6 CIDR.

TokenPolicy { id, effect, permission_groups, resources }

id: string

Policy identifier.

effect: "allow" | "deny"

Allow or deny operations against the resources.

One of the following:

"allow"

"deny"

permission_groups: Array<PermissionGroup>

A set of permission groups that are specified to the policy.

id: string

Identifier of the permission group.

meta?: Meta { key, value }

Attributes associated to the permission group.

key?: string

value?: string

name?: string

Name of the permission group.

resources: Record<string, string> | Record<string, Record<string, string>>

A list of resource names that the policy applies to.

One of the following:

Record<string, string>

Record<string, Record<string, string>>

TokenValue = string

The token value.