# Accounts ## List Accounts `client.accounts.list(AccountListParamsquery?, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts` List all accounts you have ownership or verified access to. ### Parameters - `query: AccountListParams` - `direction?: "asc" | "desc"` Direction to order results. - `"asc"` - `"desc"` - `name?: string` Name of the account. - `page?: number` Page number of paginated results. - `per_page?: number` Maximum number of results per page. ### Returns - `Account` - `id: string` Identifier - `name: string` Account name - `type: "standard" | "enterprise"` - `"standard"` - `"enterprise"` - `created_on?: string` Timestamp for the creation of the account - `managed_by?: ManagedBy` Parent container details - `parent_org_id?: string` ID of the parent Organization, if one exists - `parent_org_name?: string` Name of the parent Organization, if one exists - `settings?: Settings` Account settings - `abuse_contact_email?: string` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor?: boolean` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const account of client.accounts.list()) { console.log(account.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "name": "Demo Account", "type": "standard", "created_on": "2014-03-01T12:21:02.0000Z", "managed_by": { "parent_org_id": "4536bcfad5faccb111b47003c79917fa", "parent_org_name": "Demo Parent Organization" }, "settings": { "abuse_contact_email": "abuse_contact_email", "enforce_twofactor": true } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Account Details `client.accounts.get(AccountGetParamsparams, RequestOptionsoptions?): Account` **get** `/accounts/{account_id}` Get information about a specific account that you are a member of. ### Parameters - `params: AccountGetParams` - `account_id: string` Account identifier tag. ### Returns - `Account` - `id: string` Identifier - `name: string` Account name - `type: "standard" | "enterprise"` - `"standard"` - `"enterprise"` - `created_on?: string` Timestamp for the creation of the account - `managed_by?: ManagedBy` Parent container details - `parent_org_id?: string` ID of the parent Organization, if one exists - `parent_org_name?: string` Name of the parent Organization, if one exists - `settings?: Settings` Account settings - `abuse_contact_email?: string` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor?: boolean` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const account = await client.accounts.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353' }); console.log(account.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "name": "Demo Account", "type": "standard", "created_on": "2014-03-01T12:21:02.0000Z", "managed_by": { "parent_org_id": "4536bcfad5faccb111b47003c79917fa", "parent_org_name": "Demo Parent Organization" }, "settings": { "abuse_contact_email": "abuse_contact_email", "enforce_twofactor": true } } } ``` ## Create an account `client.accounts.create(AccountCreateParamsbody, RequestOptionsoptions?): Account` **post** `/accounts` Create an account (only available for tenant admins at this time) ### Parameters - `body: AccountCreateParams` - `name: string` Account name - `type?: "standard" | "enterprise"` - `"standard"` - `"enterprise"` - `unit?: Unit` information related to the tenant unit, and optionally, an id of the unit to create the account on. see https://developers.cloudflare.com/tenant/how-to/manage-accounts/ - `id?: string` Tenant unit ID ### Returns - `Account` - `id: string` Identifier - `name: string` Account name - `type: "standard" | "enterprise"` - `"standard"` - `"enterprise"` - `created_on?: string` Timestamp for the creation of the account - `managed_by?: ManagedBy` Parent container details - `parent_org_id?: string` ID of the parent Organization, if one exists - `parent_org_name?: string` Name of the parent Organization, if one exists - `settings?: Settings` Account settings - `abuse_contact_email?: string` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor?: boolean` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const account = await client.accounts.create({ name: 'name' }); console.log(account.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "name": "Demo Account", "type": "standard", "created_on": "2014-03-01T12:21:02.0000Z", "managed_by": { "parent_org_id": "4536bcfad5faccb111b47003c79917fa", "parent_org_name": "Demo Parent Organization" }, "settings": { "abuse_contact_email": "abuse_contact_email", "enforce_twofactor": true } } } ``` ## Update Account `client.accounts.update(AccountUpdateParamsparams, RequestOptionsoptions?): Account` **put** `/accounts/{account_id}` Update an existing account. ### Parameters - `params: AccountUpdateParams` - `account_id: string` Path param: Account identifier tag. - `id: string` Body param: Identifier - `name: string` Body param: Account name - `type: "standard" | "enterprise"` Body param - `"standard"` - `"enterprise"` - `managed_by?: ManagedBy` Body param: Parent container details - `parent_org_id?: string` ID of the parent Organization, if one exists - `parent_org_name?: string` Name of the parent Organization, if one exists - `settings?: Settings` Body param: Account settings - `abuse_contact_email?: string` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor?: boolean` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Returns - `Account` - `id: string` Identifier - `name: string` Account name - `type: "standard" | "enterprise"` - `"standard"` - `"enterprise"` - `created_on?: string` Timestamp for the creation of the account - `managed_by?: ManagedBy` Parent container details - `parent_org_id?: string` ID of the parent Organization, if one exists - `parent_org_name?: string` Name of the parent Organization, if one exists - `settings?: Settings` Account settings - `abuse_contact_email?: string` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor?: boolean` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const account = await client.accounts.update({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', id: '023e105f4ecef8ad9ca31a8372d0c353', name: 'Demo Account', type: 'standard', }); console.log(account.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "name": "Demo Account", "type": "standard", "created_on": "2014-03-01T12:21:02.0000Z", "managed_by": { "parent_org_id": "4536bcfad5faccb111b47003c79917fa", "parent_org_name": "Demo Parent Organization" }, "settings": { "abuse_contact_email": "abuse_contact_email", "enforce_twofactor": true } } } ``` ## Delete a specific account `client.accounts.delete(AccountDeleteParamsparams, RequestOptionsoptions?): AccountDeleteResponse | null` **delete** `/accounts/{account_id}` Delete a specific account (only available for tenant admins at this time). This is a permanent operation that will delete any zones or other resources under the account ### Parameters - `params: AccountDeleteParams` - `account_id: string` The account ID of the account to be deleted ### Returns - `AccountDeleteResponse` - `id: string` Identifier ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const account = await client.accounts.delete({ account_id: 'account_id' }); console.log(account.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### Account - `Account` - `id: string` Identifier - `name: string` Account name - `type: "standard" | "enterprise"` - `"standard"` - `"enterprise"` - `created_on?: string` Timestamp for the creation of the account - `managed_by?: ManagedBy` Parent container details - `parent_org_id?: string` ID of the parent Organization, if one exists - `parent_org_name?: string` Name of the parent Organization, if one exists - `settings?: Settings` Account settings - `abuse_contact_email?: string` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor?: boolean` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Account Delete Response - `AccountDeleteResponse` - `id: string` Identifier # Account Organizations # Account Profile # Members ## List Members `client.accounts.members.list(MemberListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/members` List all members of an account. ### Parameters - `params: MemberListParams` - `account_id: string` Path param: Account identifier tag. - `direction?: "asc" | "desc"` Query param: Direction to order results. - `"asc"` - `"desc"` - `order?: "user.first_name" | "user.last_name" | "user.email" | "status"` Query param: Field to order results by. - `"user.first_name"` - `"user.last_name"` - `"user.email"` - `"status"` - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Maximum number of results per page. - `status?: "accepted" | "pending" | "rejected"` Query param: A member's status in the account. - `"accepted"` - `"pending"` - `"rejected"` ### Returns - `Member` - `id?: string` Membership identifier tag. - `email?: string` The contact email address of the user. - `policies?: Array` Access policy for the membership - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. - `roles?: Array` Roles assigned to this Member. - `id: string` Role identifier tag. - `description: string` Description of role's permissions. - `name: string` Role name. - `permissions: Permissions` - `analytics?: PermissionGrant` - `read?: boolean` - `write?: boolean` - `billing?: PermissionGrant` - `cache_purge?: PermissionGrant` - `dns?: PermissionGrant` - `dns_records?: PermissionGrant` - `lb?: PermissionGrant` - `logs?: PermissionGrant` - `organization?: PermissionGrant` - `ssl?: PermissionGrant` - `waf?: PermissionGrant` - `zone_settings?: PermissionGrant` - `zones?: PermissionGrant` - `status?: "accepted" | "pending"` A member's status in the account. - `"accepted"` - `"pending"` - `user?: User` Details of the user associated to the membership. - `email: string` The contact email address of the user. - `id?: string` Identifier - `first_name?: string | null` User's first name - `last_name?: string | null` User's last name - `two_factor_authentication_enabled?: boolean` Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const member of client.accounts.members.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(member.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "4536bcfad5faccb111b47003c79917fa", "email": "user@example.com", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ], "roles": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "status": "accepted", "user": { "email": "user@example.com", "id": "023e105f4ecef8ad9ca31a8372d0c353", "first_name": "John", "last_name": "Appleseed", "two_factor_authentication_enabled": true } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Member Details `client.accounts.members.get(stringmemberId, MemberGetParamsparams, RequestOptionsoptions?): Member` **get** `/accounts/{account_id}/members/{member_id}` Get information about a specific member of an account. ### Parameters - `memberId: string` Membership identifier tag. - `params: MemberGetParams` - `account_id: string` Account identifier tag. ### Returns - `Member` - `id?: string` Membership identifier tag. - `email?: string` The contact email address of the user. - `policies?: Array` Access policy for the membership - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. - `roles?: Array` Roles assigned to this Member. - `id: string` Role identifier tag. - `description: string` Description of role's permissions. - `name: string` Role name. - `permissions: Permissions` - `analytics?: PermissionGrant` - `read?: boolean` - `write?: boolean` - `billing?: PermissionGrant` - `cache_purge?: PermissionGrant` - `dns?: PermissionGrant` - `dns_records?: PermissionGrant` - `lb?: PermissionGrant` - `logs?: PermissionGrant` - `organization?: PermissionGrant` - `ssl?: PermissionGrant` - `waf?: PermissionGrant` - `zone_settings?: PermissionGrant` - `zones?: PermissionGrant` - `status?: "accepted" | "pending"` A member's status in the account. - `"accepted"` - `"pending"` - `user?: User` Details of the user associated to the membership. - `email: string` The contact email address of the user. - `id?: string` Identifier - `first_name?: string | null` User's first name - `last_name?: string | null` User's last name - `two_factor_authentication_enabled?: boolean` Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const member = await client.accounts.members.get('4536bcfad5faccb111b47003c79917fa', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(member.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4536bcfad5faccb111b47003c79917fa", "email": "user@example.com", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ], "roles": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "status": "accepted", "user": { "email": "user@example.com", "id": "023e105f4ecef8ad9ca31a8372d0c353", "first_name": "John", "last_name": "Appleseed", "two_factor_authentication_enabled": true } } } ``` ## Add Member `client.accounts.members.create(MemberCreateParamsparams, RequestOptionsoptions?): Member` **post** `/accounts/{account_id}/members` Add a user to the list of members for this account. ### Parameters - `MemberCreateParams = IAMCreateMemberWithRoles | IAMCreateMemberWithPolicies` - `MemberCreateParamsBase` - `IAMCreateMemberWithRoles extends MemberCreateParamsBase` - `IAMCreateMemberWithPolicies extends MemberCreateParamsBase` ### Returns - `Member` - `id?: string` Membership identifier tag. - `email?: string` The contact email address of the user. - `policies?: Array` Access policy for the membership - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. - `roles?: Array` Roles assigned to this Member. - `id: string` Role identifier tag. - `description: string` Description of role's permissions. - `name: string` Role name. - `permissions: Permissions` - `analytics?: PermissionGrant` - `read?: boolean` - `write?: boolean` - `billing?: PermissionGrant` - `cache_purge?: PermissionGrant` - `dns?: PermissionGrant` - `dns_records?: PermissionGrant` - `lb?: PermissionGrant` - `logs?: PermissionGrant` - `organization?: PermissionGrant` - `ssl?: PermissionGrant` - `waf?: PermissionGrant` - `zone_settings?: PermissionGrant` - `zones?: PermissionGrant` - `status?: "accepted" | "pending"` A member's status in the account. - `"accepted"` - `"pending"` - `user?: User` Details of the user associated to the membership. - `email: string` The contact email address of the user. - `id?: string` Identifier - `first_name?: string | null` User's first name - `last_name?: string | null` User's last name - `two_factor_authentication_enabled?: boolean` Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const member = await client.accounts.members.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', email: 'user@example.com', roles: ['3536bcfad5faccb999b47003c79917fb'], }); console.log(member.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4536bcfad5faccb111b47003c79917fa", "email": "user@example.com", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ], "roles": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "status": "accepted", "user": { "email": "user@example.com", "id": "023e105f4ecef8ad9ca31a8372d0c353", "first_name": "John", "last_name": "Appleseed", "two_factor_authentication_enabled": true } } } ``` ## Update Member `client.accounts.members.update(stringmemberId, MemberUpdateParamsparams, RequestOptionsoptions?): Member` **put** `/accounts/{account_id}/members/{member_id}` Modify an account member. ### Parameters - `memberId: string` Membership identifier tag. - `MemberUpdateParams = IAMUpdateMemberWithRoles | IAMUpdateMemberWithPolicies` - `MemberUpdateParamsBase` - `IAMUpdateMemberWithRoles extends MemberUpdateParamsBase` - `IAMUpdateMemberWithPolicies extends MemberUpdateParamsBase` ### Returns - `Member` - `id?: string` Membership identifier tag. - `email?: string` The contact email address of the user. - `policies?: Array` Access policy for the membership - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. - `roles?: Array` Roles assigned to this Member. - `id: string` Role identifier tag. - `description: string` Description of role's permissions. - `name: string` Role name. - `permissions: Permissions` - `analytics?: PermissionGrant` - `read?: boolean` - `write?: boolean` - `billing?: PermissionGrant` - `cache_purge?: PermissionGrant` - `dns?: PermissionGrant` - `dns_records?: PermissionGrant` - `lb?: PermissionGrant` - `logs?: PermissionGrant` - `organization?: PermissionGrant` - `ssl?: PermissionGrant` - `waf?: PermissionGrant` - `zone_settings?: PermissionGrant` - `zones?: PermissionGrant` - `status?: "accepted" | "pending"` A member's status in the account. - `"accepted"` - `"pending"` - `user?: User` Details of the user associated to the membership. - `email: string` The contact email address of the user. - `id?: string` Identifier - `first_name?: string | null` User's first name - `last_name?: string | null` User's last name - `two_factor_authentication_enabled?: boolean` Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const member = await client.accounts.members.update('4536bcfad5faccb111b47003c79917fa', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(member.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4536bcfad5faccb111b47003c79917fa", "email": "user@example.com", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ], "roles": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "status": "accepted", "user": { "email": "user@example.com", "id": "023e105f4ecef8ad9ca31a8372d0c353", "first_name": "John", "last_name": "Appleseed", "two_factor_authentication_enabled": true } } } ``` ## Remove Member `client.accounts.members.delete(stringmemberId, MemberDeleteParamsparams, RequestOptionsoptions?): MemberDeleteResponse | null` **delete** `/accounts/{account_id}/members/{member_id}` Remove a member from an account. ### Parameters - `memberId: string` Membership identifier tag. - `params: MemberDeleteParams` - `account_id: string` Account identifier tag. ### Returns - `MemberDeleteResponse` - `id: string` Identifier ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const member = await client.accounts.members.delete('4536bcfad5faccb111b47003c79917fa', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(member.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### Status - `Status = "member" | "invited"` Whether the user is a member of the organization or has an invitation pending. - `"member"` - `"invited"` ### Member Delete Response - `MemberDeleteResponse` - `id: string` Identifier # Roles ## List Roles `client.accounts.roles.list(RoleListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/roles` Get all available roles for an account. ### Parameters - `params: RoleListParams` - `account_id: string` Path param: Account identifier tag. - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Number of roles per page. ### Returns - `Role` - `id: string` Role identifier tag. - `description: string` Description of role's permissions. - `name: string` Role name. - `permissions: Permissions` - `analytics?: PermissionGrant` - `read?: boolean` - `write?: boolean` - `billing?: PermissionGrant` - `cache_purge?: PermissionGrant` - `dns?: PermissionGrant` - `dns_records?: PermissionGrant` - `lb?: PermissionGrant` - `logs?: PermissionGrant` - `organization?: PermissionGrant` - `ssl?: PermissionGrant` - `waf?: PermissionGrant` - `zone_settings?: PermissionGrant` - `zones?: PermissionGrant` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const role of client.accounts.roles.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(role.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Role Details `client.accounts.roles.get(stringroleId, RoleGetParamsparams, RequestOptionsoptions?): Role` **get** `/accounts/{account_id}/roles/{role_id}` Get information about a specific role for an account. ### Parameters - `roleId: string` Role identifier tag. - `params: RoleGetParams` - `account_id: string` Account identifier tag. ### Returns - `Role` - `id: string` Role identifier tag. - `description: string` Description of role's permissions. - `name: string` Role name. - `permissions: Permissions` - `analytics?: PermissionGrant` - `read?: boolean` - `write?: boolean` - `billing?: PermissionGrant` - `cache_purge?: PermissionGrant` - `dns?: PermissionGrant` - `dns_records?: PermissionGrant` - `lb?: PermissionGrant` - `logs?: PermissionGrant` - `organization?: PermissionGrant` - `ssl?: PermissionGrant` - `waf?: PermissionGrant` - `zone_settings?: PermissionGrant` - `zones?: PermissionGrant` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const role = await client.accounts.roles.get('3536bcfad5faccb999b47003c79917fb', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(role.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } } ``` # Subscriptions ## List Subscriptions `client.accounts.subscriptions.get(SubscriptionGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/subscriptions` Lists all of an account's subscriptions. ### Parameters - `params: SubscriptionGetParams` - `account_id: string` Identifier ### Returns - `Subscription` - `id?: string` Subscription identifier tag. - `currency?: string` The monetary unit in which pricing information is displayed. - `current_period_end?: string` The end of the current period and also when the next billing is due. - `current_period_start?: string` When the current billing period started. May match initial_period_start if this is the first period. - `frequency?: "weekly" | "monthly" | "quarterly" | "yearly"` How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `price?: number` The price of the subscription that will be billed, in US dollars. - `rate_plan?: RatePlan` The rate plan applied to the subscription. - `id?: "free" | "lite" | "pro" | 7 more` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency?: string` The currency applied to the rate plan subscription. - `externally_managed?: boolean` Whether this rate plan is managed externally from Cloudflare. - `is_contract?: boolean` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name?: string` The full name of the rate plan. - `scope?: string` The scope that this rate plan applies to. - `sets?: Array` The list of sets this rate plan applies to. Returns array of strings. - `state?: "Trial" | "Provisioned" | "Paid" | 4 more` The state that the subscription is in. - `"Trial"` - `"Provisioned"` - `"Paid"` - `"AwaitingPayment"` - `"Cancelled"` - `"Failed"` - `"Expired"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const subscription of client.accounts.subscriptions.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(subscription.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "506e3185e9c882d175a2d0cb0093d9f2", "currency": "USD", "current_period_end": "2014-03-31T12:20:00Z", "current_period_start": "2014-05-11T12:20:00Z", "frequency": "monthly", "price": 20, "rate_plan": { "id": "free", "currency": "USD", "externally_managed": false, "is_contract": false, "public_name": "Business Plan", "scope": "zone", "sets": [ "string" ] }, "state": "Paid" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Create Subscription `client.accounts.subscriptions.create(SubscriptionCreateParamsparams, RequestOptionsoptions?): Subscription` **post** `/accounts/{account_id}/subscriptions` Creates an account subscription. ### Parameters - `params: SubscriptionCreateParams` - `account_id: string` Path param: Identifier - `frequency?: "weekly" | "monthly" | "quarterly" | "yearly"` Body param: How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `rate_plan?: RatePlan` Body param: The rate plan applied to the subscription. - `id?: "free" | "lite" | "pro" | 7 more` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency?: string` The currency applied to the rate plan subscription. - `externally_managed?: boolean` Whether this rate plan is managed externally from Cloudflare. - `is_contract?: boolean` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name?: string` The full name of the rate plan. - `scope?: string` The scope that this rate plan applies to. - `sets?: Array` The list of sets this rate plan applies to. Returns array of strings. ### Returns - `Subscription` - `id?: string` Subscription identifier tag. - `currency?: string` The monetary unit in which pricing information is displayed. - `current_period_end?: string` The end of the current period and also when the next billing is due. - `current_period_start?: string` When the current billing period started. May match initial_period_start if this is the first period. - `frequency?: "weekly" | "monthly" | "quarterly" | "yearly"` How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `price?: number` The price of the subscription that will be billed, in US dollars. - `rate_plan?: RatePlan` The rate plan applied to the subscription. - `id?: "free" | "lite" | "pro" | 7 more` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency?: string` The currency applied to the rate plan subscription. - `externally_managed?: boolean` Whether this rate plan is managed externally from Cloudflare. - `is_contract?: boolean` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name?: string` The full name of the rate plan. - `scope?: string` The scope that this rate plan applies to. - `sets?: Array` The list of sets this rate plan applies to. Returns array of strings. - `state?: "Trial" | "Provisioned" | "Paid" | 4 more` The state that the subscription is in. - `"Trial"` - `"Provisioned"` - `"Paid"` - `"AwaitingPayment"` - `"Cancelled"` - `"Failed"` - `"Expired"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const subscription = await client.accounts.subscriptions.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(subscription.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "506e3185e9c882d175a2d0cb0093d9f2", "currency": "USD", "current_period_end": "2014-03-31T12:20:00Z", "current_period_start": "2014-05-11T12:20:00Z", "frequency": "monthly", "price": 20, "rate_plan": { "id": "free", "currency": "USD", "externally_managed": false, "is_contract": false, "public_name": "Business Plan", "scope": "zone", "sets": [ "string" ] }, "state": "Paid" }, "success": true } ``` ## Update Subscription `client.accounts.subscriptions.update(stringsubscriptionIdentifier, SubscriptionUpdateParamsparams, RequestOptionsoptions?): Subscription` **put** `/accounts/{account_id}/subscriptions/{subscription_identifier}` Updates an account subscription. ### Parameters - `subscriptionIdentifier: string` Subscription identifier tag. - `params: SubscriptionUpdateParams` - `account_id: string` Path param: Identifier - `frequency?: "weekly" | "monthly" | "quarterly" | "yearly"` Body param: How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `rate_plan?: RatePlan` Body param: The rate plan applied to the subscription. - `id?: "free" | "lite" | "pro" | 7 more` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency?: string` The currency applied to the rate plan subscription. - `externally_managed?: boolean` Whether this rate plan is managed externally from Cloudflare. - `is_contract?: boolean` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name?: string` The full name of the rate plan. - `scope?: string` The scope that this rate plan applies to. - `sets?: Array` The list of sets this rate plan applies to. Returns array of strings. ### Returns - `Subscription` - `id?: string` Subscription identifier tag. - `currency?: string` The monetary unit in which pricing information is displayed. - `current_period_end?: string` The end of the current period and also when the next billing is due. - `current_period_start?: string` When the current billing period started. May match initial_period_start if this is the first period. - `frequency?: "weekly" | "monthly" | "quarterly" | "yearly"` How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `price?: number` The price of the subscription that will be billed, in US dollars. - `rate_plan?: RatePlan` The rate plan applied to the subscription. - `id?: "free" | "lite" | "pro" | 7 more` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency?: string` The currency applied to the rate plan subscription. - `externally_managed?: boolean` Whether this rate plan is managed externally from Cloudflare. - `is_contract?: boolean` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name?: string` The full name of the rate plan. - `scope?: string` The scope that this rate plan applies to. - `sets?: Array` The list of sets this rate plan applies to. Returns array of strings. - `state?: "Trial" | "Provisioned" | "Paid" | 4 more` The state that the subscription is in. - `"Trial"` - `"Provisioned"` - `"Paid"` - `"AwaitingPayment"` - `"Cancelled"` - `"Failed"` - `"Expired"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const subscription = await client.accounts.subscriptions.update( '506e3185e9c882d175a2d0cb0093d9f2', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(subscription.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "506e3185e9c882d175a2d0cb0093d9f2", "currency": "USD", "current_period_end": "2014-03-31T12:20:00Z", "current_period_start": "2014-05-11T12:20:00Z", "frequency": "monthly", "price": 20, "rate_plan": { "id": "free", "currency": "USD", "externally_managed": false, "is_contract": false, "public_name": "Business Plan", "scope": "zone", "sets": [ "string" ] }, "state": "Paid" }, "success": true } ``` ## Delete Subscription `client.accounts.subscriptions.delete(stringsubscriptionIdentifier, SubscriptionDeleteParamsparams, RequestOptionsoptions?): SubscriptionDeleteResponse` **delete** `/accounts/{account_id}/subscriptions/{subscription_identifier}` Deletes an account's subscription. ### Parameters - `subscriptionIdentifier: string` Subscription identifier tag. - `params: SubscriptionDeleteParams` - `account_id: string` Identifier ### Returns - `SubscriptionDeleteResponse` - `subscription_id?: string` Subscription identifier tag. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const subscription = await client.accounts.subscriptions.delete( '506e3185e9c882d175a2d0cb0093d9f2', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(subscription.subscription_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "subscription_id": "506e3185e9c882d175a2d0cb0093d9f2" }, "success": true } ``` ## Domain Types ### Subscription Delete Response - `SubscriptionDeleteResponse` - `subscription_id?: string` Subscription identifier tag. # Tokens ## List Tokens `client.accounts.tokens.list(TokenListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/tokens` List all Account Owned API tokens created for this account. ### Parameters - `params: TokenListParams` - `account_id: string` Path param: Account identifier tag. - `direction?: "asc" | "desc"` Query param: Direction to order results. - `"asc"` - `"desc"` - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Maximum number of results per page. ### Returns - `Token` - `id?: string` Token identifier tag. - `condition?: Condition` - `request_ip?: RequestIP` Client IP restrictions. - `in?: Array` List of IPv4/IPv6 CIDR addresses. - `not_in?: Array` List of IPv4/IPv6 CIDR addresses. - `expires_on?: string` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on?: string` The time on which the token was created. - `last_used_on?: string` Last time the token was used. - `modified_on?: string` Last time the token was modified. - `name?: string` Token name. - `not_before?: string` The time before which the token MUST NOT be accepted for processing. - `policies?: Array` List of access policies assigned to the token. - `id: string` Policy identifier. - `effect: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resources: Record | Record>` A list of resource names that the policy applies to. - `Record` - `Record>` - `status?: "active" | "disabled" | "expired"` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const token of client.accounts.tokens.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(token.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Token Details `client.accounts.tokens.get(stringtokenId, TokenGetParamsparams, RequestOptionsoptions?): Token` **get** `/accounts/{account_id}/tokens/{token_id}` Get information about a specific Account Owned API token. ### Parameters - `tokenId: string` Token identifier tag. - `params: TokenGetParams` - `account_id: string` Account identifier tag. ### Returns - `Token` - `id?: string` Token identifier tag. - `condition?: Condition` - `request_ip?: RequestIP` Client IP restrictions. - `in?: Array` List of IPv4/IPv6 CIDR addresses. - `not_in?: Array` List of IPv4/IPv6 CIDR addresses. - `expires_on?: string` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on?: string` The time on which the token was created. - `last_used_on?: string` Last time the token was used. - `modified_on?: string` Last time the token was modified. - `name?: string` Token name. - `not_before?: string` The time before which the token MUST NOT be accepted for processing. - `policies?: Array` List of access policies assigned to the token. - `id: string` Policy identifier. - `effect: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resources: Record | Record>` A list of resource names that the policy applies to. - `Record` - `Record>` - `status?: "active" | "disabled" | "expired"` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const token = await client.accounts.tokens.get('ed17574386854bf78a67040be0a770b0', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(token.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } } ``` ## Create Token `client.accounts.tokens.create(TokenCreateParamsparams, RequestOptionsoptions?): TokenCreateResponse` **post** `/accounts/{account_id}/tokens` Create a new Account Owned API token. ### Parameters - `params: TokenCreateParams` - `account_id: string` Path param: Account identifier tag. - `name: string` Body param: Token name. - `policies: Array` Body param: List of access policies assigned to the token. - `id: string` Policy identifier. - `effect: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resources: Record | Record>` A list of resource names that the policy applies to. - `Record` - `Record>` - `condition?: Condition` Body param - `request_ip?: RequestIP` Client IP restrictions. - `in?: Array` List of IPv4/IPv6 CIDR addresses. - `not_in?: Array` List of IPv4/IPv6 CIDR addresses. - `expires_on?: string` Body param: The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before?: string` Body param: The time before which the token MUST NOT be accepted for processing. ### Returns - `TokenCreateResponse` - `id?: string` Token identifier tag. - `condition?: Condition` - `request_ip?: RequestIP` Client IP restrictions. - `in?: Array` List of IPv4/IPv6 CIDR addresses. - `not_in?: Array` List of IPv4/IPv6 CIDR addresses. - `expires_on?: string` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on?: string` The time on which the token was created. - `last_used_on?: string` Last time the token was used. - `modified_on?: string` Last time the token was modified. - `name?: string` Token name. - `not_before?: string` The time before which the token MUST NOT be accepted for processing. - `policies?: Array` List of access policies assigned to the token. - `id: string` Policy identifier. - `effect: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resources: Record | Record>` A list of resource names that the policy applies to. - `Record` - `Record>` - `status?: "active" | "disabled" | "expired"` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `value?: TokenValue` The token value. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const token = await client.accounts.tokens.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', name: 'readonly token', policies: [ { effect: 'allow', permission_groups: [ { id: 'c8fed203ed3043cba015a93ad1616f1f' }, { id: '82e64a83756745bbbb1c9c2701bf816b' }, ], resources: { foo: 'string' }, }, ], }); console.log(token.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active", "value": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T" } } ``` ## Update Token `client.accounts.tokens.update(stringtokenId, TokenUpdateParamsparams, RequestOptionsoptions?): Token` **put** `/accounts/{account_id}/tokens/{token_id}` Update an existing token. ### Parameters - `tokenId: string` Token identifier tag. - `params: TokenUpdateParams` - `account_id: string` Path param: Account identifier tag. - `name: string` Body param: Token name. - `policies: Array` Body param: List of access policies assigned to the token. - `id: string` Policy identifier. - `effect: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resources: Record | Record>` A list of resource names that the policy applies to. - `Record` - `Record>` - `condition?: Condition` Body param - `request_ip?: RequestIP` Client IP restrictions. - `in?: Array` List of IPv4/IPv6 CIDR addresses. - `not_in?: Array` List of IPv4/IPv6 CIDR addresses. - `expires_on?: string` Body param: The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before?: string` Body param: The time before which the token MUST NOT be accepted for processing. - `status?: "active" | "disabled" | "expired"` Body param: Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Returns - `Token` - `id?: string` Token identifier tag. - `condition?: Condition` - `request_ip?: RequestIP` Client IP restrictions. - `in?: Array` List of IPv4/IPv6 CIDR addresses. - `not_in?: Array` List of IPv4/IPv6 CIDR addresses. - `expires_on?: string` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on?: string` The time on which the token was created. - `last_used_on?: string` Last time the token was used. - `modified_on?: string` Last time the token was modified. - `name?: string` Token name. - `not_before?: string` The time before which the token MUST NOT be accepted for processing. - `policies?: Array` List of access policies assigned to the token. - `id: string` Policy identifier. - `effect: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resources: Record | Record>` A list of resource names that the policy applies to. - `Record` - `Record>` - `status?: "active" | "disabled" | "expired"` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const token = await client.accounts.tokens.update('ed17574386854bf78a67040be0a770b0', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', name: 'readonly token', policies: [ { effect: 'allow', permission_groups: [ { id: 'c8fed203ed3043cba015a93ad1616f1f' }, { id: '82e64a83756745bbbb1c9c2701bf816b' }, ], resources: { foo: 'string' }, }, ], }); console.log(token.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } } ``` ## Delete Token `client.accounts.tokens.delete(stringtokenId, TokenDeleteParamsparams, RequestOptionsoptions?): TokenDeleteResponse | null` **delete** `/accounts/{account_id}/tokens/{token_id}` Destroy an Account Owned API token. ### Parameters - `tokenId: string` Token identifier tag. - `params: TokenDeleteParams` - `account_id: string` Account identifier tag. ### Returns - `TokenDeleteResponse` - `id: string` Identifier ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const token = await client.accounts.tokens.delete('ed17574386854bf78a67040be0a770b0', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(token.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Verify Token `client.accounts.tokens.verify(TokenVerifyParamsparams, RequestOptionsoptions?): TokenVerifyResponse` **get** `/accounts/{account_id}/tokens/verify` Test whether a token works. ### Parameters - `params: TokenVerifyParams` - `account_id: string` Account identifier tag. ### Returns - `TokenVerifyResponse` - `id: string` Token identifier tag. - `status: "active" | "disabled" | "expired"` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `expires_on?: string` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before?: string` The time before which the token MUST NOT be accepted for processing. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.accounts.tokens.verify({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "status": "active", "expires_on": "2020-01-01T00:00:00Z", "not_before": "2018-07-01T05:20:00Z" } } ``` ## Domain Types ### Token Create Response - `TokenCreateResponse` - `id?: string` Token identifier tag. - `condition?: Condition` - `request_ip?: RequestIP` Client IP restrictions. - `in?: Array` List of IPv4/IPv6 CIDR addresses. - `not_in?: Array` List of IPv4/IPv6 CIDR addresses. - `expires_on?: string` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on?: string` The time on which the token was created. - `last_used_on?: string` Last time the token was used. - `modified_on?: string` Last time the token was modified. - `name?: string` Token name. - `not_before?: string` The time before which the token MUST NOT be accepted for processing. - `policies?: Array` List of access policies assigned to the token. - `id: string` Policy identifier. - `effect: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resources: Record | Record>` A list of resource names that the policy applies to. - `Record` - `Record>` - `status?: "active" | "disabled" | "expired"` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `value?: TokenValue` The token value. ### Token Delete Response - `TokenDeleteResponse` - `id: string` Identifier ### Token Verify Response - `TokenVerifyResponse` - `id: string` Token identifier tag. - `status: "active" | "disabled" | "expired"` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `expires_on?: string` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before?: string` The time before which the token MUST NOT be accepted for processing. # Permission Groups ## List Permission Groups `client.accounts.tokens.permissionGroups.list(PermissionGroupListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/tokens/permission_groups` Find all available permission groups for Account Owned API Tokens ### Parameters - `params: PermissionGroupListParams` - `account_id: string` Path param: Account identifier tag. - `name?: string` Query param: Filter by the name of the permission group. The value must be URL-encoded. - `scope?: string` Query param: Filter by the scope of the permission group. The value must be URL-encoded. ### Returns - `PermissionGroupListResponse` - `id?: string` Public ID. - `name?: string` Permission Group Name - `scopes?: Array<"com.cloudflare.api.account" | "com.cloudflare.api.account.zone" | "com.cloudflare.api.user" | "com.cloudflare.edge.r2.bucket">` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const permissionGroupListResponse of client.accounts.tokens.permissionGroups.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(permissionGroupListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "7cf72faf220841aabcfdfab81c43c4f6", "name": "Billing Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "9d24387c6e8544e2bc4024a03991339f", "name": "Load Balancing: Monitors and Pools Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "d2a1802cc9a34e30852f8b33869b2f3c", "name": "Load Balancing: Monitors and Pools Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "8b47d2786a534c08a1f94ee8f9f599ef", "name": "Workers KV Storage Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "f7f0eda5697f475c90846e879bab8666", "name": "Workers KV Storage Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "1a71c399035b4950a1bd1466bbe4f420", "name": "Workers Scripts Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "e086da7e2179491d91ee5f35b3ca210a", "name": "Workers Scripts Write", "scopes": [ "com.cloudflare.api.account" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## List Permission Groups `client.accounts.tokens.permissionGroups.get(PermissionGroupGetParamsparams, RequestOptionsoptions?): PermissionGroupGetResponse` **get** `/accounts/{account_id}/tokens/permission_groups` Find all available permission groups for Account Owned API Tokens ### Parameters - `params: PermissionGroupGetParams` - `account_id: string` Path param: Account identifier tag. - `name?: string` Query param: Filter by the name of the permission group. The value must be URL-encoded. - `scope?: string` Query param: Filter by the scope of the permission group. The value must be URL-encoded. ### Returns - `PermissionGroupGetResponse = Array` - `id?: string` Public ID. - `name?: string` Permission Group Name - `scopes?: Array<"com.cloudflare.api.account" | "com.cloudflare.api.account.zone" | "com.cloudflare.api.user" | "com.cloudflare.edge.r2.bucket">` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const permissionGroups = await client.accounts.tokens.permissionGroups.get({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(permissionGroups); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "7cf72faf220841aabcfdfab81c43c4f6", "name": "Billing Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "9d24387c6e8544e2bc4024a03991339f", "name": "Load Balancing: Monitors and Pools Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "d2a1802cc9a34e30852f8b33869b2f3c", "name": "Load Balancing: Monitors and Pools Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "8b47d2786a534c08a1f94ee8f9f599ef", "name": "Workers KV Storage Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "f7f0eda5697f475c90846e879bab8666", "name": "Workers KV Storage Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "1a71c399035b4950a1bd1466bbe4f420", "name": "Workers Scripts Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "e086da7e2179491d91ee5f35b3ca210a", "name": "Workers Scripts Write", "scopes": [ "com.cloudflare.api.account" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Permission Group List Response - `PermissionGroupListResponse` - `id?: string` Public ID. - `name?: string` Permission Group Name - `scopes?: Array<"com.cloudflare.api.account" | "com.cloudflare.api.account.zone" | "com.cloudflare.api.user" | "com.cloudflare.edge.r2.bucket">` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` ### Permission Group Get Response - `PermissionGroupGetResponse = Array` - `id?: string` Public ID. - `name?: string` Permission Group Name - `scopes?: Array<"com.cloudflare.api.account" | "com.cloudflare.api.account.zone" | "com.cloudflare.api.user" | "com.cloudflare.edge.r2.bucket">` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` # Value ## Roll Token `client.accounts.tokens.value.update(stringtokenId, ValueUpdateParamsparams, RequestOptionsoptions?): TokenValue` **put** `/accounts/{account_id}/tokens/{token_id}/value` Roll the Account Owned API token secret. ### Parameters - `tokenId: string` Token identifier tag. - `params: ValueUpdateParams` - `account_id: string` Path param: Account identifier tag. - `body: unknown` Body param ### Returns - `TokenValue = string` The token value. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const tokenValue = await client.accounts.tokens.value.update('ed17574386854bf78a67040be0a770b0', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', body: {}, }); console.log(tokenValue); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T" } ``` # Logs # Audit ## Get account audit logs (Version 2) `client.accounts.logs.audit.list(AuditListParamsparams, RequestOptionsoptions?): CursorPaginationAfter` **get** `/accounts/{account_id}/logs/audit` Gets a list of audit logs for an account. ### Parameters - `params: AuditListParams` - `account_id: string` Path param: The unique id that identifies the account. - `before: string` Query param: Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `since: string` Query param: Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `id?: ID` Query param - `not?: Array` Filters out audit logs by their IDs. - `account_name?: AccountName` Query param - `not?: Array` Filters out audit logs by the account name. - `action_result?: ActionResult` Query param - `not?: Array<"success" | "failure">` Filters out audit logs by whether the action was successful or not. - `"success"` - `"failure"` - `action_type?: ActionType` Query param - `not?: Array<"create" | "delete" | "view" | "update">` Filters out audit logs by the action type. - `"create"` - `"delete"` - `"view"` - `"update"` - `actor_context?: ActorContext` Query param - `not?: Array<"api_key" | "api_token" | "dash" | 2 more>` Filters out audit logs by the actor context. - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `actor_email?: ActorEmail` Query param - `not?: Array` Filters out audit logs by the actor's email address. - `actor_id?: ActorID` Query param - `not?: Array` Filters out audit logs by the actor ID. This can be either the Account ID or User ID. - `actor_ip_address?: ActorIPAddress` Query param - `not?: Array` Filters out audit logs IP address where the action was initiated. - `actor_token_id?: ActorTokenID` Query param - `not?: Array` Filters out audit logs by the API token ID when the actor context is an api_token or oauth. - `actor_token_name?: ActorTokenName` Query param - `not?: Array` Filters out audit logs by the API token name when the actor context is an api_token or oauth. - `actor_type?: ActorType` Query param - `not?: Array<"account" | "cloudflare_admin" | "system" | "user">` Filters out audit logs by the actor type. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `audit_log_id?: AuditLogID` Query param - `not?: Array` Filters out audit logs by their IDs. - `cursor?: string` Query param: The cursor is an opaque token used to paginate through large sets of records. It indicates the position from which to continue when requesting the next set of records. A valid cursor value can be obtained from the cursor object in the result_info structure of a previous response. - `direction?: "desc" | "asc"` Query param: Sets sorting order. - `"desc"` - `"asc"` - `limit?: number` Query param: The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit. - `raw_cf_ray_id?: RawCfRayID` Query param - `not?: Array` Filters out audit logs by the response CF Ray ID. - `raw_method?: RawMethod` Query param - `not?: Array` Filters out audit logs by the HTTP method for the API call. - `raw_status_code?: RawStatusCode` Query param - `not?: Array` Filters out audit logs by the response status code that was returned. - `raw_uri?: RawURI` Query param - `not?: Array` Filters out audit logs by the request URI. - `resource_id?: ResourceID` Query param - `not?: Array` Filters out audit logs by the resource ID. - `resource_product?: ResourceProduct` Query param - `not?: Array` Filters out audit logs by the Cloudflare product associated with the changed resource. - `resource_scope?: ResourceScope` Query param - `not?: Array<"accounts" | "user" | "zones" | "memberships">` Filters out audit logs by the resource scope, specifying whether the resource is associated with an user, an account, a zone, or a membership. - `"accounts"` - `"user"` - `"zones"` - `"memberships"` - `resource_type?: ResourceType` Query param - `not?: Array` Filters out audit logs based on the unique type of resource changed by the action. - `zone_id?: ZoneID` Query param - `not?: Array` Filters out audit logs by the zone ID. - `zone_name?: ZoneName` Query param - `not?: Array` Filters out audit logs by the zone name associated with the change. ### Returns - `AuditListResponse` - `id?: string` A unique identifier for the audit log entry. - `account?: Account` Contains account related information. - `id?: string` A unique identifier for the account. - `name?: string` A string that identifies the account name. - `action?: Action` Provides information about the action performed. - `description?: string` A short description of the action performed. - `result?: string` The result of the action, indicating success or failure. - `time?: string` A timestamp indicating when the action was logged. - `type?: string` A short string that describes the action that was performed. - `actor?: Actor` Provides details about the actor who performed the action. - `id?: string` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context?: "api_key" | "api_token" | "dash" | 2 more` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email?: string` The email of the actor who performed the action. - `ip_address?: string` The IP address of the request that performed the action. - `token_id?: string` The API token ID when the actor context is an api_token or oauth. - `token_name?: string` The API token name when the actor context is an api_token or oauth. - `type?: "account" | "cloudflare_admin" | "system" | "user"` The type of actor. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `raw?: Raw` Provides raw information about the request and response. - `cf_ray_id?: string` The Cloudflare Ray ID for the request. - `method?: string` The HTTP method of the request. - `status_code?: number` The HTTP response status code returned by the API. - `uri?: string` The URI of the request. - `user_agent?: string` The client's user agent string sent with the request. - `resource?: Resource` Provides details about the affected resource. - `id?: string` The unique identifier for the affected resource. - `product?: string` The Cloudflare product associated with the resource. - `request?: unknown` - `response?: unknown` - `scope?: unknown` The scope of the resource. - `type?: string` The type of the resource. - `zone?: Zone` Provides details about the zone affected by the action. - `id?: string` A string that identifies the zone id. - `name?: string` A string that identifies the zone name. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const auditListResponse of client.accounts.logs.audit.list({ account_id: 'a67e14daa5f8dceeb91fe5449ba496ef', before: '2024-10-31', since: '2024-10-30', })) { console.log(auditListResponse.id); } ``` #### Response ```json { "errors": [ { "message": "message" } ], "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "account": { "id": "4bb334f7c94c4a29a045f03944f072e5", "name": "Example Account" }, "action": { "description": "Add Member", "result": "success", "time": "2024-04-26T17:31:07Z", "type": "create" }, "actor": { "id": "f6b5de0326bb5182b8a4840ee01ec774", "context": "dash", "email": "alice@example.com", "ip_address": "198.41.129.166", "token_id": "token_id", "token_name": "token_name", "type": "user" }, "raw": { "cf_ray_id": "8e9b1c60ef9e1c9a", "method": "POST", "status_code": 200, "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15" }, "resource": { "id": "id", "product": "members", "request": {}, "response": {}, "scope": {}, "type": "type" }, "zone": { "id": "id", "name": "example.com" } } ], "result_info": { "count": "1", "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE=" }, "success": true } ``` ## Domain Types ### Audit List Response - `AuditListResponse` - `id?: string` A unique identifier for the audit log entry. - `account?: Account` Contains account related information. - `id?: string` A unique identifier for the account. - `name?: string` A string that identifies the account name. - `action?: Action` Provides information about the action performed. - `description?: string` A short description of the action performed. - `result?: string` The result of the action, indicating success or failure. - `time?: string` A timestamp indicating when the action was logged. - `type?: string` A short string that describes the action that was performed. - `actor?: Actor` Provides details about the actor who performed the action. - `id?: string` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context?: "api_key" | "api_token" | "dash" | 2 more` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email?: string` The email of the actor who performed the action. - `ip_address?: string` The IP address of the request that performed the action. - `token_id?: string` The API token ID when the actor context is an api_token or oauth. - `token_name?: string` The API token name when the actor context is an api_token or oauth. - `type?: "account" | "cloudflare_admin" | "system" | "user"` The type of actor. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `raw?: Raw` Provides raw information about the request and response. - `cf_ray_id?: string` The Cloudflare Ray ID for the request. - `method?: string` The HTTP method of the request. - `status_code?: number` The HTTP response status code returned by the API. - `uri?: string` The URI of the request. - `user_agent?: string` The client's user agent string sent with the request. - `resource?: Resource` Provides details about the affected resource. - `id?: string` The unique identifier for the affected resource. - `product?: string` The Cloudflare product associated with the resource. - `request?: unknown` - `response?: unknown` - `scope?: unknown` The scope of the resource. - `type?: string` The type of the resource. - `zone?: Zone` Provides details about the zone affected by the action. - `id?: string` A string that identifies the zone id. - `name?: string` A string that identifies the zone name.