# Operations

## Retrieve information about all operations on a zone

`client.apiGateway.operations.list(OperationListParamsparams, RequestOptionsoptions?): V4PagePaginationArray<OperationListResponse>`

**get** `/zones/{zone_id}/api_gateway/operations`

Lists all API operations tracked by API Shield for a zone with pagination. Returns operation details including method, path, and feature configurations.

### Parameters

- `params: OperationListParams`

  - `zone_id: string`

    Path param: Identifier.

  - `direction?: "asc" | "desc"`

    Query param: Direction to order results.

    - `"asc"`

    - `"desc"`

  - `endpoint?: string`

    Query param: Filter results to only include endpoints containing this pattern.

  - `feature?: Array<"thresholds" | "parameter_schemas" | "schema_info">`

    Query param: Add feature(s) to the results. The feature name that is given here corresponds to the resulting feature object. Have a look at the top-level object description for more details on the specific meaning.

    - `"thresholds"`

    - `"parameter_schemas"`

    - `"schema_info"`

  - `host?: Array<string>`

    Query param: Filter results to only include the specified hosts.

  - `method?: Array<string>`

    Query param: Filter results to only include the specified HTTP methods.

  - `order?: "method" | "host" | "endpoint" | "thresholds.$key"`

    Query param: Field to order by. When requesting a feature, the feature keys are available for ordering as well, e.g., `thresholds.suggested_threshold`.

    - `"method"`

    - `"host"`

    - `"endpoint"`

    - `"thresholds.$key"`

  - `page?: number`

    Query param: Page number of paginated results.

  - `per_page?: number`

    Query param: Maximum number of results per page.

### Returns

- `OperationListResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `features?: APIShieldOperationFeatureThresholds | APIShieldOperationFeatureParameterSchemas | APIShieldOperationFeatureAPIRouting | 2 more`

    - `APIShieldOperationFeatureThresholds`

      - `thresholds?: Thresholds`

        - `auth_id_tokens?: number`

          The total number of auth-ids seen across this calculation.

        - `data_points?: number`

          The number of data points used for the threshold suggestion calculation.

        - `last_updated?: string`

        - `p50?: number`

          The p50 quantile of requests (in period_seconds).

        - `p90?: number`

          The p90 quantile of requests (in period_seconds).

        - `p99?: number`

          The p99 quantile of requests (in period_seconds).

        - `period_seconds?: number`

          The period over which this threshold is suggested.

        - `requests?: number`

          The estimated number of requests covered by these calculations.

        - `suggested_threshold?: number`

          The suggested threshold in requests done by the same auth_id or period_seconds.

    - `APIShieldOperationFeatureParameterSchemas`

      - `parameter_schemas: ParameterSchemas`

        - `last_updated?: string`

        - `parameter_schemas?: ParameterSchemas`

          An operation schema object containing a response.

          - `parameters?: Array<unknown>`

            An array containing the learned parameter schemas.

          - `responses?: unknown`

            An empty response object. This field is required to yield a valid operation schema.

    - `APIShieldOperationFeatureAPIRouting`

      - `api_routing?: APIRouting`

        API Routing settings on endpoint.

        - `last_updated?: string`

        - `route?: string`

          Target route.

    - `APIShieldOperationFeatureConfidenceIntervals`

      - `confidence_intervals?: ConfidenceIntervals`

        - `last_updated?: string`

        - `suggested_threshold?: SuggestedThreshold`

          - `confidence_intervals?: ConfidenceIntervals`

            - `p90?: P90`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p95?: P95`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p99?: P99`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

          - `mean?: number`

            Suggested threshold.

    - `APIShieldOperationFeatureSchemaInfo`

      - `schema_info?: SchemaInfo`

        - `active_schema?: ActiveSchema`

          Schema active on endpoint.

          - `id?: string`

            UUID.

          - `created_at?: string`

          - `is_learned?: boolean`

            True if schema is Cloudflare-provided.

          - `name?: string`

            Schema file name.

        - `learned_available?: boolean`

          True if a Cloudflare-provided learned schema is available for this endpoint.

        - `mitigation_action?: "none" | "log" | "block" | null`

          Action taken on requests failing validation.

          - `"none"`

          - `"log"`

          - `"block"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const operationListResponse of client.apiGateway.operations.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(operationListResponse.operation_id);
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "endpoint": "/api/v1/users/{var1}",
      "host": "www.example.com",
      "last_updated": "2014-01-01T05:20:00.12345Z",
      "method": "GET",
      "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "features": {
        "thresholds": {
          "auth_id_tokens": 0,
          "data_points": 0,
          "last_updated": "2014-01-01T05:20:00.12345Z",
          "p50": 0,
          "p90": 0,
          "p99": 0,
          "period_seconds": 0,
          "requests": 0,
          "suggested_threshold": 0
        }
      }
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000,
    "total_pages": 100
  }
}
```

## Retrieve information about an operation

`client.apiGateway.operations.get(stringoperationId, OperationGetParamsparams, RequestOptionsoptions?): OperationGetResponse`

**get** `/zones/{zone_id}/api_gateway/operations/{operation_id}`

Gets detailed information about a specific API operation in API Shield, including its schema validation settings and traffic statistics.

### Parameters

- `operationId: string`

  UUID.

- `params: OperationGetParams`

  - `zone_id: string`

    Path param: Identifier.

  - `feature?: Array<"thresholds" | "parameter_schemas" | "schema_info">`

    Query param: Add feature(s) to the results. The feature name that is given here corresponds to the resulting feature object. Have a look at the top-level object description for more details on the specific meaning.

    - `"thresholds"`

    - `"parameter_schemas"`

    - `"schema_info"`

### Returns

- `OperationGetResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `features?: APIShieldOperationFeatureThresholds | APIShieldOperationFeatureParameterSchemas | APIShieldOperationFeatureAPIRouting | 2 more`

    - `APIShieldOperationFeatureThresholds`

      - `thresholds?: Thresholds`

        - `auth_id_tokens?: number`

          The total number of auth-ids seen across this calculation.

        - `data_points?: number`

          The number of data points used for the threshold suggestion calculation.

        - `last_updated?: string`

        - `p50?: number`

          The p50 quantile of requests (in period_seconds).

        - `p90?: number`

          The p90 quantile of requests (in period_seconds).

        - `p99?: number`

          The p99 quantile of requests (in period_seconds).

        - `period_seconds?: number`

          The period over which this threshold is suggested.

        - `requests?: number`

          The estimated number of requests covered by these calculations.

        - `suggested_threshold?: number`

          The suggested threshold in requests done by the same auth_id or period_seconds.

    - `APIShieldOperationFeatureParameterSchemas`

      - `parameter_schemas: ParameterSchemas`

        - `last_updated?: string`

        - `parameter_schemas?: ParameterSchemas`

          An operation schema object containing a response.

          - `parameters?: Array<unknown>`

            An array containing the learned parameter schemas.

          - `responses?: unknown`

            An empty response object. This field is required to yield a valid operation schema.

    - `APIShieldOperationFeatureAPIRouting`

      - `api_routing?: APIRouting`

        API Routing settings on endpoint.

        - `last_updated?: string`

        - `route?: string`

          Target route.

    - `APIShieldOperationFeatureConfidenceIntervals`

      - `confidence_intervals?: ConfidenceIntervals`

        - `last_updated?: string`

        - `suggested_threshold?: SuggestedThreshold`

          - `confidence_intervals?: ConfidenceIntervals`

            - `p90?: P90`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p95?: P95`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p99?: P99`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

          - `mean?: number`

            Suggested threshold.

    - `APIShieldOperationFeatureSchemaInfo`

      - `schema_info?: SchemaInfo`

        - `active_schema?: ActiveSchema`

          Schema active on endpoint.

          - `id?: string`

            UUID.

          - `created_at?: string`

          - `is_learned?: boolean`

            True if schema is Cloudflare-provided.

          - `name?: string`

            Schema file name.

        - `learned_available?: boolean`

          True if a Cloudflare-provided learned schema is available for this endpoint.

        - `mitigation_action?: "none" | "log" | "block" | null`

          Action taken on requests failing validation.

          - `"none"`

          - `"log"`

          - `"block"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const operation = await client.apiGateway.operations.get('f174e90a-fafe-4643-bbbc-4a0ed4fc8415', {
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

console.log(operation.operation_id);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "endpoint": "/api/v1/users/{var1}",
    "host": "www.example.com",
    "last_updated": "2014-01-01T05:20:00.12345Z",
    "method": "GET",
    "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "features": {
      "thresholds": {
        "auth_id_tokens": 0,
        "data_points": 0,
        "last_updated": "2014-01-01T05:20:00.12345Z",
        "p50": 0,
        "p90": 0,
        "p99": 0,
        "period_seconds": 0,
        "requests": 0,
        "suggested_threshold": 0
      }
    }
  },
  "success": true
}
```

## Add one operation to a zone

`client.apiGateway.operations.create(OperationCreateParamsparams, RequestOptionsoptions?): OperationCreateResponse`

**post** `/zones/{zone_id}/api_gateway/operations/item`

Add one operation to a zone. Endpoints can contain path variables. Host, method, endpoint will be normalized to a canoncial form when creating an operation and must be unique on the zone. Inserting an operation that matches an existing one will return the record of the already existing operation and update its last_updated date.

### Parameters

- `params: OperationCreateParams`

  - `zone_id: string`

    Path param: Identifier.

  - `endpoint: string`

    Body param: The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    Body param: RFC3986-compliant host.

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    Body param: The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

### Returns

- `OperationCreateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `features?: APIShieldOperationFeatureThresholds | APIShieldOperationFeatureParameterSchemas | APIShieldOperationFeatureAPIRouting | 2 more`

    - `APIShieldOperationFeatureThresholds`

      - `thresholds?: Thresholds`

        - `auth_id_tokens?: number`

          The total number of auth-ids seen across this calculation.

        - `data_points?: number`

          The number of data points used for the threshold suggestion calculation.

        - `last_updated?: string`

        - `p50?: number`

          The p50 quantile of requests (in period_seconds).

        - `p90?: number`

          The p90 quantile of requests (in period_seconds).

        - `p99?: number`

          The p99 quantile of requests (in period_seconds).

        - `period_seconds?: number`

          The period over which this threshold is suggested.

        - `requests?: number`

          The estimated number of requests covered by these calculations.

        - `suggested_threshold?: number`

          The suggested threshold in requests done by the same auth_id or period_seconds.

    - `APIShieldOperationFeatureParameterSchemas`

      - `parameter_schemas: ParameterSchemas`

        - `last_updated?: string`

        - `parameter_schemas?: ParameterSchemas`

          An operation schema object containing a response.

          - `parameters?: Array<unknown>`

            An array containing the learned parameter schemas.

          - `responses?: unknown`

            An empty response object. This field is required to yield a valid operation schema.

    - `APIShieldOperationFeatureAPIRouting`

      - `api_routing?: APIRouting`

        API Routing settings on endpoint.

        - `last_updated?: string`

        - `route?: string`

          Target route.

    - `APIShieldOperationFeatureConfidenceIntervals`

      - `confidence_intervals?: ConfidenceIntervals`

        - `last_updated?: string`

        - `suggested_threshold?: SuggestedThreshold`

          - `confidence_intervals?: ConfidenceIntervals`

            - `p90?: P90`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p95?: P95`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p99?: P99`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

          - `mean?: number`

            Suggested threshold.

    - `APIShieldOperationFeatureSchemaInfo`

      - `schema_info?: SchemaInfo`

        - `active_schema?: ActiveSchema`

          Schema active on endpoint.

          - `id?: string`

            UUID.

          - `created_at?: string`

          - `is_learned?: boolean`

            True if schema is Cloudflare-provided.

          - `name?: string`

            Schema file name.

        - `learned_available?: boolean`

          True if a Cloudflare-provided learned schema is available for this endpoint.

        - `mitigation_action?: "none" | "log" | "block" | null`

          Action taken on requests failing validation.

          - `"none"`

          - `"log"`

          - `"block"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const operation = await client.apiGateway.operations.create({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  endpoint: '/api/v1/users/{var1}',
  host: 'www.example.com',
  method: 'GET',
});

console.log(operation.operation_id);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "endpoint": "/api/v1/users/{var1}",
    "host": "www.example.com",
    "last_updated": "2014-01-01T05:20:00.12345Z",
    "method": "GET",
    "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "features": {
      "thresholds": {
        "auth_id_tokens": 0,
        "data_points": 0,
        "last_updated": "2014-01-01T05:20:00.12345Z",
        "p50": 0,
        "p90": 0,
        "p99": 0,
        "period_seconds": 0,
        "requests": 0,
        "suggested_threshold": 0
      }
    }
  },
  "success": true
}
```

## Delete an operation

`client.apiGateway.operations.delete(stringoperationId, OperationDeleteParamsparams, RequestOptionsoptions?): OperationDeleteResponse`

**delete** `/zones/{zone_id}/api_gateway/operations/{operation_id}`

Removes a single API operation from API Shield endpoint management. The operation will no longer be tracked or protected by API Shield rules.

### Parameters

- `operationId: string`

  UUID.

- `params: OperationDeleteParams`

  - `zone_id: string`

    Identifier.

### Returns

- `OperationDeleteResponse`

  - `errors: Message`

    - `code: number`

    - `message: string`

    - `documentation_url?: string`

    - `source?: Source`

      - `pointer?: string`

  - `messages: Message`

  - `success: true`

    Whether the API call was successful.

    - `true`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const operation = await client.apiGateway.operations.delete(
  'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' },
);

console.log(operation.errors);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true
}
```

## Add operations to a zone

`client.apiGateway.operations.bulkCreate(OperationBulkCreateParamsparams, RequestOptionsoptions?): SinglePage<OperationBulkCreateResponse>`

**post** `/zones/{zone_id}/api_gateway/operations`

Add one or more operations to a zone. Endpoints can contain path variables. Host, method, endpoint will be normalized to a canoncial form when creating an operation and must be unique on the zone. Inserting an operation that matches an existing one will return the record of the already existing operation and update its last_updated date.

### Parameters

- `params: OperationBulkCreateParams`

  - `zone_id: string`

    Path param: Identifier.

  - `body: Array<Body>`

    Body param

    - `endpoint: string`

      The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

    - `host: string`

      RFC3986-compliant host.

    - `method: "GET" | "POST" | "HEAD" | 6 more`

      The HTTP method used to access the endpoint.

      - `"GET"`

      - `"POST"`

      - `"HEAD"`

      - `"OPTIONS"`

      - `"PUT"`

      - `"DELETE"`

      - `"CONNECT"`

      - `"PATCH"`

      - `"TRACE"`

### Returns

- `OperationBulkCreateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `features?: APIShieldOperationFeatureThresholds | APIShieldOperationFeatureParameterSchemas | APIShieldOperationFeatureAPIRouting | 2 more`

    - `APIShieldOperationFeatureThresholds`

      - `thresholds?: Thresholds`

        - `auth_id_tokens?: number`

          The total number of auth-ids seen across this calculation.

        - `data_points?: number`

          The number of data points used for the threshold suggestion calculation.

        - `last_updated?: string`

        - `p50?: number`

          The p50 quantile of requests (in period_seconds).

        - `p90?: number`

          The p90 quantile of requests (in period_seconds).

        - `p99?: number`

          The p99 quantile of requests (in period_seconds).

        - `period_seconds?: number`

          The period over which this threshold is suggested.

        - `requests?: number`

          The estimated number of requests covered by these calculations.

        - `suggested_threshold?: number`

          The suggested threshold in requests done by the same auth_id or period_seconds.

    - `APIShieldOperationFeatureParameterSchemas`

      - `parameter_schemas: ParameterSchemas`

        - `last_updated?: string`

        - `parameter_schemas?: ParameterSchemas`

          An operation schema object containing a response.

          - `parameters?: Array<unknown>`

            An array containing the learned parameter schemas.

          - `responses?: unknown`

            An empty response object. This field is required to yield a valid operation schema.

    - `APIShieldOperationFeatureAPIRouting`

      - `api_routing?: APIRouting`

        API Routing settings on endpoint.

        - `last_updated?: string`

        - `route?: string`

          Target route.

    - `APIShieldOperationFeatureConfidenceIntervals`

      - `confidence_intervals?: ConfidenceIntervals`

        - `last_updated?: string`

        - `suggested_threshold?: SuggestedThreshold`

          - `confidence_intervals?: ConfidenceIntervals`

            - `p90?: P90`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p95?: P95`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p99?: P99`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

          - `mean?: number`

            Suggested threshold.

    - `APIShieldOperationFeatureSchemaInfo`

      - `schema_info?: SchemaInfo`

        - `active_schema?: ActiveSchema`

          Schema active on endpoint.

          - `id?: string`

            UUID.

          - `created_at?: string`

          - `is_learned?: boolean`

            True if schema is Cloudflare-provided.

          - `name?: string`

            Schema file name.

        - `learned_available?: boolean`

          True if a Cloudflare-provided learned schema is available for this endpoint.

        - `mitigation_action?: "none" | "log" | "block" | null`

          Action taken on requests failing validation.

          - `"none"`

          - `"log"`

          - `"block"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const operationBulkCreateResponse of client.apiGateway.operations.bulkCreate({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  body: [
    {
      endpoint: '/api/v1/users/{var1}',
      host: 'www.example.com',
      method: 'GET',
    },
  ],
})) {
  console.log(operationBulkCreateResponse.operation_id);
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "endpoint": "/api/v1/users/{var1}",
      "host": "www.example.com",
      "last_updated": "2014-01-01T05:20:00.12345Z",
      "method": "GET",
      "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "features": {
        "thresholds": {
          "auth_id_tokens": 0,
          "data_points": 0,
          "last_updated": "2014-01-01T05:20:00.12345Z",
          "p50": 0,
          "p90": 0,
          "p99": 0,
          "period_seconds": 0,
          "requests": 0,
          "suggested_threshold": 0
        }
      }
    }
  ],
  "success": true
}
```

## Delete multiple operations

`client.apiGateway.operations.bulkDelete(OperationBulkDeleteParamsparams, RequestOptionsoptions?): OperationBulkDeleteResponse`

**delete** `/zones/{zone_id}/api_gateway/operations`

Bulk removes multiple API operations from API Shield endpoint management in a single request. Efficient for cleaning up unused endpoints.

### Parameters

- `params: OperationBulkDeleteParams`

  - `zone_id: string`

    Identifier.

### Returns

- `OperationBulkDeleteResponse`

  - `errors: Message`

    - `code: number`

    - `message: string`

    - `documentation_url?: string`

    - `source?: Source`

      - `pointer?: string`

  - `messages: Message`

  - `success: true`

    Whether the API call was successful.

    - `true`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const response = await client.apiGateway.operations.bulkDelete({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

console.log(response.errors);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true
}
```

## Domain Types

### API Shield

- `APIShield`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

### Operation List Response

- `OperationListResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `features?: APIShieldOperationFeatureThresholds | APIShieldOperationFeatureParameterSchemas | APIShieldOperationFeatureAPIRouting | 2 more`

    - `APIShieldOperationFeatureThresholds`

      - `thresholds?: Thresholds`

        - `auth_id_tokens?: number`

          The total number of auth-ids seen across this calculation.

        - `data_points?: number`

          The number of data points used for the threshold suggestion calculation.

        - `last_updated?: string`

        - `p50?: number`

          The p50 quantile of requests (in period_seconds).

        - `p90?: number`

          The p90 quantile of requests (in period_seconds).

        - `p99?: number`

          The p99 quantile of requests (in period_seconds).

        - `period_seconds?: number`

          The period over which this threshold is suggested.

        - `requests?: number`

          The estimated number of requests covered by these calculations.

        - `suggested_threshold?: number`

          The suggested threshold in requests done by the same auth_id or period_seconds.

    - `APIShieldOperationFeatureParameterSchemas`

      - `parameter_schemas: ParameterSchemas`

        - `last_updated?: string`

        - `parameter_schemas?: ParameterSchemas`

          An operation schema object containing a response.

          - `parameters?: Array<unknown>`

            An array containing the learned parameter schemas.

          - `responses?: unknown`

            An empty response object. This field is required to yield a valid operation schema.

    - `APIShieldOperationFeatureAPIRouting`

      - `api_routing?: APIRouting`

        API Routing settings on endpoint.

        - `last_updated?: string`

        - `route?: string`

          Target route.

    - `APIShieldOperationFeatureConfidenceIntervals`

      - `confidence_intervals?: ConfidenceIntervals`

        - `last_updated?: string`

        - `suggested_threshold?: SuggestedThreshold`

          - `confidence_intervals?: ConfidenceIntervals`

            - `p90?: P90`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p95?: P95`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p99?: P99`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

          - `mean?: number`

            Suggested threshold.

    - `APIShieldOperationFeatureSchemaInfo`

      - `schema_info?: SchemaInfo`

        - `active_schema?: ActiveSchema`

          Schema active on endpoint.

          - `id?: string`

            UUID.

          - `created_at?: string`

          - `is_learned?: boolean`

            True if schema is Cloudflare-provided.

          - `name?: string`

            Schema file name.

        - `learned_available?: boolean`

          True if a Cloudflare-provided learned schema is available for this endpoint.

        - `mitigation_action?: "none" | "log" | "block" | null`

          Action taken on requests failing validation.

          - `"none"`

          - `"log"`

          - `"block"`

### Operation Get Response

- `OperationGetResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `features?: APIShieldOperationFeatureThresholds | APIShieldOperationFeatureParameterSchemas | APIShieldOperationFeatureAPIRouting | 2 more`

    - `APIShieldOperationFeatureThresholds`

      - `thresholds?: Thresholds`

        - `auth_id_tokens?: number`

          The total number of auth-ids seen across this calculation.

        - `data_points?: number`

          The number of data points used for the threshold suggestion calculation.

        - `last_updated?: string`

        - `p50?: number`

          The p50 quantile of requests (in period_seconds).

        - `p90?: number`

          The p90 quantile of requests (in period_seconds).

        - `p99?: number`

          The p99 quantile of requests (in period_seconds).

        - `period_seconds?: number`

          The period over which this threshold is suggested.

        - `requests?: number`

          The estimated number of requests covered by these calculations.

        - `suggested_threshold?: number`

          The suggested threshold in requests done by the same auth_id or period_seconds.

    - `APIShieldOperationFeatureParameterSchemas`

      - `parameter_schemas: ParameterSchemas`

        - `last_updated?: string`

        - `parameter_schemas?: ParameterSchemas`

          An operation schema object containing a response.

          - `parameters?: Array<unknown>`

            An array containing the learned parameter schemas.

          - `responses?: unknown`

            An empty response object. This field is required to yield a valid operation schema.

    - `APIShieldOperationFeatureAPIRouting`

      - `api_routing?: APIRouting`

        API Routing settings on endpoint.

        - `last_updated?: string`

        - `route?: string`

          Target route.

    - `APIShieldOperationFeatureConfidenceIntervals`

      - `confidence_intervals?: ConfidenceIntervals`

        - `last_updated?: string`

        - `suggested_threshold?: SuggestedThreshold`

          - `confidence_intervals?: ConfidenceIntervals`

            - `p90?: P90`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p95?: P95`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p99?: P99`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

          - `mean?: number`

            Suggested threshold.

    - `APIShieldOperationFeatureSchemaInfo`

      - `schema_info?: SchemaInfo`

        - `active_schema?: ActiveSchema`

          Schema active on endpoint.

          - `id?: string`

            UUID.

          - `created_at?: string`

          - `is_learned?: boolean`

            True if schema is Cloudflare-provided.

          - `name?: string`

            Schema file name.

        - `learned_available?: boolean`

          True if a Cloudflare-provided learned schema is available for this endpoint.

        - `mitigation_action?: "none" | "log" | "block" | null`

          Action taken on requests failing validation.

          - `"none"`

          - `"log"`

          - `"block"`

### Operation Create Response

- `OperationCreateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `features?: APIShieldOperationFeatureThresholds | APIShieldOperationFeatureParameterSchemas | APIShieldOperationFeatureAPIRouting | 2 more`

    - `APIShieldOperationFeatureThresholds`

      - `thresholds?: Thresholds`

        - `auth_id_tokens?: number`

          The total number of auth-ids seen across this calculation.

        - `data_points?: number`

          The number of data points used for the threshold suggestion calculation.

        - `last_updated?: string`

        - `p50?: number`

          The p50 quantile of requests (in period_seconds).

        - `p90?: number`

          The p90 quantile of requests (in period_seconds).

        - `p99?: number`

          The p99 quantile of requests (in period_seconds).

        - `period_seconds?: number`

          The period over which this threshold is suggested.

        - `requests?: number`

          The estimated number of requests covered by these calculations.

        - `suggested_threshold?: number`

          The suggested threshold in requests done by the same auth_id or period_seconds.

    - `APIShieldOperationFeatureParameterSchemas`

      - `parameter_schemas: ParameterSchemas`

        - `last_updated?: string`

        - `parameter_schemas?: ParameterSchemas`

          An operation schema object containing a response.

          - `parameters?: Array<unknown>`

            An array containing the learned parameter schemas.

          - `responses?: unknown`

            An empty response object. This field is required to yield a valid operation schema.

    - `APIShieldOperationFeatureAPIRouting`

      - `api_routing?: APIRouting`

        API Routing settings on endpoint.

        - `last_updated?: string`

        - `route?: string`

          Target route.

    - `APIShieldOperationFeatureConfidenceIntervals`

      - `confidence_intervals?: ConfidenceIntervals`

        - `last_updated?: string`

        - `suggested_threshold?: SuggestedThreshold`

          - `confidence_intervals?: ConfidenceIntervals`

            - `p90?: P90`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p95?: P95`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p99?: P99`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

          - `mean?: number`

            Suggested threshold.

    - `APIShieldOperationFeatureSchemaInfo`

      - `schema_info?: SchemaInfo`

        - `active_schema?: ActiveSchema`

          Schema active on endpoint.

          - `id?: string`

            UUID.

          - `created_at?: string`

          - `is_learned?: boolean`

            True if schema is Cloudflare-provided.

          - `name?: string`

            Schema file name.

        - `learned_available?: boolean`

          True if a Cloudflare-provided learned schema is available for this endpoint.

        - `mitigation_action?: "none" | "log" | "block" | null`

          Action taken on requests failing validation.

          - `"none"`

          - `"log"`

          - `"block"`

### Operation Delete Response

- `OperationDeleteResponse`

  - `errors: Message`

    - `code: number`

    - `message: string`

    - `documentation_url?: string`

    - `source?: Source`

      - `pointer?: string`

  - `messages: Message`

  - `success: true`

    Whether the API call was successful.

    - `true`

### Operation Bulk Create Response

- `OperationBulkCreateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `features?: APIShieldOperationFeatureThresholds | APIShieldOperationFeatureParameterSchemas | APIShieldOperationFeatureAPIRouting | 2 more`

    - `APIShieldOperationFeatureThresholds`

      - `thresholds?: Thresholds`

        - `auth_id_tokens?: number`

          The total number of auth-ids seen across this calculation.

        - `data_points?: number`

          The number of data points used for the threshold suggestion calculation.

        - `last_updated?: string`

        - `p50?: number`

          The p50 quantile of requests (in period_seconds).

        - `p90?: number`

          The p90 quantile of requests (in period_seconds).

        - `p99?: number`

          The p99 quantile of requests (in period_seconds).

        - `period_seconds?: number`

          The period over which this threshold is suggested.

        - `requests?: number`

          The estimated number of requests covered by these calculations.

        - `suggested_threshold?: number`

          The suggested threshold in requests done by the same auth_id or period_seconds.

    - `APIShieldOperationFeatureParameterSchemas`

      - `parameter_schemas: ParameterSchemas`

        - `last_updated?: string`

        - `parameter_schemas?: ParameterSchemas`

          An operation schema object containing a response.

          - `parameters?: Array<unknown>`

            An array containing the learned parameter schemas.

          - `responses?: unknown`

            An empty response object. This field is required to yield a valid operation schema.

    - `APIShieldOperationFeatureAPIRouting`

      - `api_routing?: APIRouting`

        API Routing settings on endpoint.

        - `last_updated?: string`

        - `route?: string`

          Target route.

    - `APIShieldOperationFeatureConfidenceIntervals`

      - `confidence_intervals?: ConfidenceIntervals`

        - `last_updated?: string`

        - `suggested_threshold?: SuggestedThreshold`

          - `confidence_intervals?: ConfidenceIntervals`

            - `p90?: P90`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p95?: P95`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

            - `p99?: P99`

              Upper and lower bound for percentile estimate

              - `lower?: number`

                Lower bound for percentile estimate

              - `upper?: number`

                Upper bound for percentile estimate

          - `mean?: number`

            Suggested threshold.

    - `APIShieldOperationFeatureSchemaInfo`

      - `schema_info?: SchemaInfo`

        - `active_schema?: ActiveSchema`

          Schema active on endpoint.

          - `id?: string`

            UUID.

          - `created_at?: string`

          - `is_learned?: boolean`

            True if schema is Cloudflare-provided.

          - `name?: string`

            Schema file name.

        - `learned_available?: boolean`

          True if a Cloudflare-provided learned schema is available for this endpoint.

        - `mitigation_action?: "none" | "log" | "block" | null`

          Action taken on requests failing validation.

          - `"none"`

          - `"log"`

          - `"block"`

### Operation Bulk Delete Response

- `OperationBulkDeleteResponse`

  - `errors: Message`

    - `code: number`

    - `message: string`

    - `documentation_url?: string`

    - `source?: Source`

      - `pointer?: string`

  - `messages: Message`

  - `success: true`

    Whether the API call was successful.

    - `true`

# Labels

## Replace label(s) on an operation in endpoint management

`client.apiGateway.operations.labels.update(stringoperationId, LabelUpdateParamsparams, RequestOptionsoptions?): LabelUpdateResponse`

**put** `/zones/{zone_id}/api_gateway/operations/{operation_id}/labels`

Replace label(s) on an operation in endpoint management

### Parameters

- `operationId: string`

  UUID.

- `params: LabelUpdateParams`

  - `zone_id: string`

    Path param: Identifier.

  - `managed?: Array<string>`

    Body param: List of managed label names. Omitting this property or passing an empty array will result in all managed labels being removed from the operation

  - `user?: Array<string>`

    Body param: List of user label names. Omitting this property or passing an empty array will result in all user labels being removed from the operation

### Returns

- `LabelUpdateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const label = await client.apiGateway.operations.labels.update(
  'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' },
);

console.log(label.operation_id);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "endpoint": "/api/v1/users/{var1}",
    "host": "www.example.com",
    "last_updated": "2014-01-01T05:20:00.12345Z",
    "method": "GET",
    "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "labels": [
      {
        "created_at": "2014-01-01T05:20:00.12345Z",
        "description": "All endpoints that deal with logins",
        "last_updated": "2014-01-01T05:20:00.12345Z",
        "metadata": {
          "foo": "bar"
        },
        "name": "login",
        "source": "user"
      }
    ]
  },
  "success": true
}
```

## Attach label(s) on an operation in endpoint management

`client.apiGateway.operations.labels.create(stringoperationId, LabelCreateParamsparams, RequestOptionsoptions?): LabelCreateResponse`

**post** `/zones/{zone_id}/api_gateway/operations/{operation_id}/labels`

Attach label(s) on an operation in endpoint management

### Parameters

- `operationId: string`

  UUID.

- `params: LabelCreateParams`

  - `zone_id: string`

    Path param: Identifier.

  - `managed?: Array<string>`

    Body param: List of managed label names.

  - `user?: Array<string>`

    Body param: List of user label names.

### Returns

- `LabelCreateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const label = await client.apiGateway.operations.labels.create(
  'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' },
);

console.log(label.operation_id);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "endpoint": "/api/v1/users/{var1}",
    "host": "www.example.com",
    "last_updated": "2014-01-01T05:20:00.12345Z",
    "method": "GET",
    "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "labels": [
      {
        "created_at": "2014-01-01T05:20:00.12345Z",
        "description": "All endpoints that deal with logins",
        "last_updated": "2014-01-01T05:20:00.12345Z",
        "metadata": {
          "foo": "bar"
        },
        "name": "login",
        "source": "user"
      }
    ]
  },
  "success": true
}
```

## Remove label(s) on an operation in endpoint management

`client.apiGateway.operations.labels.delete(stringoperationId, LabelDeleteParamsparams, RequestOptionsoptions?): LabelDeleteResponse`

**delete** `/zones/{zone_id}/api_gateway/operations/{operation_id}/labels`

Remove label(s) on an operation in endpoint management

### Parameters

- `operationId: string`

  UUID.

- `params: LabelDeleteParams`

  - `zone_id: string`

    Identifier.

### Returns

- `LabelDeleteResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const label = await client.apiGateway.operations.labels.delete(
  'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' },
);

console.log(label.operation_id);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "endpoint": "/api/v1/users/{var1}",
    "host": "www.example.com",
    "last_updated": "2014-01-01T05:20:00.12345Z",
    "method": "GET",
    "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "labels": [
      {
        "created_at": "2014-01-01T05:20:00.12345Z",
        "description": "All endpoints that deal with logins",
        "last_updated": "2014-01-01T05:20:00.12345Z",
        "metadata": {
          "foo": "bar"
        },
        "name": "login",
        "source": "user"
      }
    ]
  },
  "success": true
}
```

## Bulk replace label(s) on operation(s) in endpoint management

`client.apiGateway.operations.labels.bulkUpdate(LabelBulkUpdateParamsparams, RequestOptionsoptions?): SinglePage<LabelBulkUpdateResponse>`

**put** `/zones/{zone_id}/api_gateway/operations/labels`

Bulk replace label(s) on operation(s) in endpoint management

### Parameters

- `params: LabelBulkUpdateParams`

  - `zone_id: string`

    Path param: Identifier.

  - `managed: Managed`

    Body param: Managed labels to replace for all affected operations

    - `labels: Array<string>`

      List of managed label names. Providing an empty array will result in all managed labels being removed from all affected operations

  - `selector: Selector`

    Body param: Operation IDs selector

    - `include: Include`

      - `operation_ids: Array<string>`

  - `user: User`

    Body param: User labels to replace for all affected operations

    - `labels: Array<string>`

      List of user label names. Providing an empty array will result in all user labels being removed from all affected operations

### Returns

- `LabelBulkUpdateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const labelBulkUpdateResponse of client.apiGateway.operations.labels.bulkUpdate({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  managed: { labels: ['login'] },
  selector: { include: { operation_ids: ['f174e90a-fafe-4643-bbbc-4a0ed4fc8415'] } },
  user: { labels: ['login'] },
})) {
  console.log(labelBulkUpdateResponse.operation_id);
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "endpoint": "/api/v1/users/{var1}",
      "host": "www.example.com",
      "last_updated": "2014-01-01T05:20:00.12345Z",
      "method": "GET",
      "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "labels": [
        {
          "created_at": "2014-01-01T05:20:00.12345Z",
          "description": "All endpoints that deal with logins",
          "last_updated": "2014-01-01T05:20:00.12345Z",
          "metadata": {
            "foo": "bar"
          },
          "name": "login",
          "source": "user"
        }
      ]
    }
  ],
  "success": true
}
```

## Bulk attach label(s) on operation(s) in endpoint management

`client.apiGateway.operations.labels.bulkCreate(LabelBulkCreateParamsparams, RequestOptionsoptions?): SinglePage<LabelBulkCreateResponse>`

**post** `/zones/{zone_id}/api_gateway/operations/labels`

Bulk attach label(s) on operation(s) in endpoint management

### Parameters

- `params: LabelBulkCreateParams`

  - `zone_id: string`

    Path param: Identifier.

  - `selector: Selector`

    Body param: Operation IDs selector

    - `include: Include`

      - `operation_ids: Array<string>`

  - `managed?: Managed`

    Body param

    - `labels?: Array<string>`

      List of managed label names.

  - `user?: User`

    Body param

    - `labels?: Array<string>`

      List of user label names.

### Returns

- `LabelBulkCreateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const labelBulkCreateResponse of client.apiGateway.operations.labels.bulkCreate({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  selector: { include: { operation_ids: ['f174e90a-fafe-4643-bbbc-4a0ed4fc8415'] } },
})) {
  console.log(labelBulkCreateResponse.operation_id);
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "endpoint": "/api/v1/users/{var1}",
      "host": "www.example.com",
      "last_updated": "2014-01-01T05:20:00.12345Z",
      "method": "GET",
      "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "labels": [
        {
          "created_at": "2014-01-01T05:20:00.12345Z",
          "description": "All endpoints that deal with logins",
          "last_updated": "2014-01-01T05:20:00.12345Z",
          "metadata": {
            "foo": "bar"
          },
          "name": "login",
          "source": "user"
        }
      ]
    }
  ],
  "success": true
}
```

## Bulk remove label(s) on operation(s) in endpoint management

`client.apiGateway.operations.labels.bulkDelete(LabelBulkDeleteParamsparams, RequestOptionsoptions?): SinglePage<LabelBulkDeleteResponse>`

**delete** `/zones/{zone_id}/api_gateway/operations/labels`

Bulk remove label(s) on operation(s) in endpoint management

### Parameters

- `params: LabelBulkDeleteParams`

  - `zone_id: string`

    Identifier.

### Returns

- `LabelBulkDeleteResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const labelBulkDeleteResponse of client.apiGateway.operations.labels.bulkDelete({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(labelBulkDeleteResponse.operation_id);
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "endpoint": "/api/v1/users/{var1}",
      "host": "www.example.com",
      "last_updated": "2014-01-01T05:20:00.12345Z",
      "method": "GET",
      "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "labels": [
        {
          "created_at": "2014-01-01T05:20:00.12345Z",
          "description": "All endpoints that deal with logins",
          "last_updated": "2014-01-01T05:20:00.12345Z",
          "metadata": {
            "foo": "bar"
          },
          "name": "login",
          "source": "user"
        }
      ]
    }
  ],
  "success": true
}
```

## Domain Types

### Label Update Response

- `LabelUpdateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Label Create Response

- `LabelCreateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Label Delete Response

- `LabelDeleteResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Label Bulk Update Response

- `LabelBulkUpdateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Label Bulk Create Response

- `LabelBulkCreateResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

### Label Bulk Delete Response

- `LabelBulkDeleteResponse`

  - `endpoint: string`

    The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

  - `host: string`

    RFC3986-compliant host.

  - `last_updated: string`

  - `method: "GET" | "POST" | "HEAD" | 6 more`

    The HTTP method used to access the endpoint.

    - `"GET"`

    - `"POST"`

    - `"HEAD"`

    - `"OPTIONS"`

    - `"PUT"`

    - `"DELETE"`

    - `"CONNECT"`

    - `"PATCH"`

    - `"TRACE"`

  - `operation_id: string`

    UUID.

  - `labels?: Array<Label>`

    - `created_at: string`

    - `description: string`

      The description of the label

    - `last_updated: string`

    - `metadata: unknown`

      Metadata for the label

    - `name: string`

      The name of the label

    - `source: "user" | "managed"`

      * `user` - label is owned by the user
      * `managed` - label is owned by cloudflare

      - `"user"`

      - `"managed"`

# Schema Validation

## Retrieve operation-level schema validation settings

`client.apiGateway.operations.schemaValidation.get(stringoperationId, SchemaValidationGetParamsparams, RequestOptionsoptions?): SchemaValidationGetResponse`

**get** `/zones/{zone_id}/api_gateway/operations/{operation_id}/schema_validation`

Retrieves operation-level schema validation settings on the zone

### Parameters

- `operationId: string`

  UUID.

- `params: SchemaValidationGetParams`

  - `zone_id: string`

    Identifier.

### Returns

- `SchemaValidationGetResponse`

  - `mitigation_action?: "log" | "block" | "none" | null`

    When set, this applies a mitigation action to this operation

    - `log` log request when request does not conform to schema for this operation
    - `block` deny access to the site when request does not conform to schema for this operation
    - `none` will skip mitigation for this operation
    - `null` indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

    - `"log"`

    - `"block"`

    - `"none"`

  - `operation_id?: string`

    UUID.

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const schemaValidation = await client.apiGateway.operations.schemaValidation.get(
  'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' },
);

console.log(schemaValidation.operation_id);
```

#### Response

```json
{
  "mitigation_action": "block",
  "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
}
```

## Update operation-level schema validation settings

`client.apiGateway.operations.schemaValidation.update(stringoperationId, SchemaValidationUpdateParamsparams, RequestOptionsoptions?): SchemaValidationUpdateResponse`

**put** `/zones/{zone_id}/api_gateway/operations/{operation_id}/schema_validation`

Updates operation-level schema validation settings on the zone

### Parameters

- `operationId: string`

  UUID.

- `params: SchemaValidationUpdateParams`

  - `zone_id: string`

    Path param: Identifier.

  - `mitigation_action?: "log" | "block" | "none" | null`

    Body param: When set, this applies a mitigation action to this operation

    - `log` log request when request does not conform to schema for this operation
    - `block` deny access to the site when request does not conform to schema for this operation
    - `none` will skip mitigation for this operation
    - `null` indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

    - `"log"`

    - `"block"`

    - `"none"`

### Returns

- `SchemaValidationUpdateResponse`

  - `mitigation_action?: "log" | "block" | "none" | null`

    When set, this applies a mitigation action to this operation

    - `log` log request when request does not conform to schema for this operation
    - `block` deny access to the site when request does not conform to schema for this operation
    - `none` will skip mitigation for this operation
    - `null` indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

    - `"log"`

    - `"block"`

    - `"none"`

  - `operation_id?: string`

    UUID.

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const schemaValidation = await client.apiGateway.operations.schemaValidation.update(
  'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' },
);

console.log(schemaValidation.operation_id);
```

#### Response

```json
{
  "mitigation_action": "block",
  "operation_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
}
```

## Update multiple operation-level schema validation settings

`client.apiGateway.operations.schemaValidation.edit(SchemaValidationEditParamsparams, RequestOptionsoptions?): SettingsMultipleRequest`

**patch** `/zones/{zone_id}/api_gateway/operations/schema_validation`

Updates multiple operation-level schema validation settings on the zone

### Parameters

- `params: SchemaValidationEditParams`

  - `zone_id: string`

    Path param: Identifier.

  - `settings_multiple_request: SettingsMultipleRequest`

    Body param

    - `mitigation_action?: "log" | "block" | "none" | null`

      When set, this applies a mitigation action to this operation

      - `log` log request when request does not conform to schema for this operation
      - `block` deny access to the site when request does not conform to schema for this operation
      - `none` will skip mitigation for this operation
      - `null` indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

      - `"log"`

      - `"block"`

      - `"none"`

### Returns

- `SettingsMultipleRequest = Record<string, item>`

  - `mitigation_action?: "log" | "block" | "none" | null`

    When set, this applies a mitigation action to this operation

    - `log` log request when request does not conform to schema for this operation
    - `block` deny access to the site when request does not conform to schema for this operation
    - `none` will skip mitigation for this operation
    - `null` indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

    - `"log"`

    - `"block"`

    - `"none"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const settingsMultipleRequest = await client.apiGateway.operations.schemaValidation.edit({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  settings_multiple_request: {
    '3818d821-5901-4147-a474-f5f5aec1d54e': {},
    'b17c8043-99a0-4202-b7d9-8f7cdbee02cd': {},
  },
});

console.log(settingsMultipleRequest);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "3818d821-5901-4147-a474-f5f5aec1d54e": {
      "mitigation_action": "log"
    },
    "b17c8043-99a0-4202-b7d9-8f7cdbee02cd": {
      "mitigation_action": "block"
    }
  },
  "success": true
}
```

## Domain Types

### Settings Multiple Request

- `SettingsMultipleRequest = Record<string, item>`

  - `mitigation_action?: "log" | "block" | "none" | null`

    When set, this applies a mitigation action to this operation

    - `log` log request when request does not conform to schema for this operation
    - `block` deny access to the site when request does not conform to schema for this operation
    - `none` will skip mitigation for this operation
    - `null` indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

    - `"log"`

    - `"block"`

    - `"none"`

### Schema Validation Get Response

- `SchemaValidationGetResponse`

  - `mitigation_action?: "log" | "block" | "none" | null`

    When set, this applies a mitigation action to this operation

    - `log` log request when request does not conform to schema for this operation
    - `block` deny access to the site when request does not conform to schema for this operation
    - `none` will skip mitigation for this operation
    - `null` indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

    - `"log"`

    - `"block"`

    - `"none"`

  - `operation_id?: string`

    UUID.

### Schema Validation Update Response

- `SchemaValidationUpdateResponse`

  - `mitigation_action?: "log" | "block" | "none" | null`

    When set, this applies a mitigation action to this operation

    - `log` log request when request does not conform to schema for this operation
    - `block` deny access to the site when request does not conform to schema for this operation
    - `none` will skip mitigation for this operation
    - `null` indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

    - `"log"`

    - `"block"`

    - `"none"`

  - `operation_id?: string`

    UUID.