API Reference

Bot Management

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Update Zone Bot Management Config

client.botManagement.update(BotManagementUpdateParamsparams, RequestOptionsoptions?): BotManagementUpdateResponse

PUT/zones/{zone_id}/bot_management

Updates the Bot Management configuration for a zone.

This API is used to update:

• Bot Fight Mode
• Super Bot Fight Mode
• Bot Management for Enterprise

See Bot Plans for more information on the different plans
If you recently upgraded or downgraded your plan, refer to the following examples to clean up old configurations. Copy and paste the example body to remove old zone configurations based on your current plan.

Clean up configuration for Bot Fight Mode plan

{
  "sbfm_likely_automated": "allow", 
  "sbfm_definitely_automated": "allow", 
  "sbfm_verified_bots": "allow", 
  "sbfm_static_resource_protection": false, 
  "optimize_wordpress": false, 
  "suppress_session_score": false
}

Clean up configuration for SBFM Pro plan

{
  "sbfm_likely_automated": "allow", 
  "fight_mode": false 
}

Clean up configuration for SBFM Biz plan

{
  "fight_mode": false
}

Clean up configuration for BM Enterprise Subscription plan

It is strongly recommended that you ensure you have custom rules in place to protect your zone before disabling the SBFM rules. Without these protections, your zone is vulnerable to attacks.

{
  "sbfm_likely_automated": "allow", 
  "sbfm_definitely_automated": "allow", 
  "sbfm_verified_bots": "allow", 
  "sbfm_static_resource_protection": false, 
  "optimize_wordpress": false, 
  "fight_mode": false
}

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Bot Management Write

ParametersExpand Collapse

BotManagementUpdateParams = BotFightModeConfiguration | SuperBotFightModeDefinitelyConfiguration | SuperBotFightModeLikelyConfiguration | SubscriptionConfiguration

BotManagementUpdateParamsBase

BotFightModeConfiguration extends BotManagementUpdateParamsBase

SuperBotFightModeDefinitelyConfiguration extends BotManagementUpdateParamsBase

SuperBotFightModeLikelyConfiguration extends BotManagementUpdateParamsBase

SubscriptionConfiguration extends BotManagementUpdateParamsBase

ReturnsExpand Collapse

BotManagementUpdateResponse = BotFightModeConfiguration { ai_bots_protection, cf_robots_variant, crawler_protection, 5 more } | SuperBotFightModeDefinitelyConfiguration { ai_bots_protection, cf_robots_variant, crawler_protection, 8 more } | SuperBotFightModeLikelyConfiguration { ai_bots_protection, cf_robots_variant, crawler_protection, 9 more } | SubscriptionConfiguration { ai_bots_protection, auto_update_model, bm_cookie_enabled, 7 more }

One of the following:

BotFightModeConfiguration { ai_bots_protection, cf_robots_variant, crawler_protection, 5 more }

ai_bots_protection?: "block" | "disabled" | "only_on_ad_pages"

Enable rule to block AI Scrapers and Crawlers. Please note the value only_on_ad_pages is currently not available for Enterprise customers.

One of the following:

"block"

"disabled"

"only_on_ad_pages"

cf_robots_variant?: "off" | "policy_only"

Specifies the Robots Access Control License variant to use.

One of the following:

"off"

"policy_only"

crawler_protection?: "enabled" | "disabled"

Enable rule to punish AI Scrapers and Crawlers via a link maze.

One of the following:

"enabled"

"disabled"

enable_js?: boolean

Use lightweight, invisible JavaScript detections to improve Bot Management. Learn more about JavaScript Detections.

fight_mode?: boolean

Whether to enable Bot Fight Mode.

is_robots_txt_managed?: boolean

Enable cloudflare managed robots.txt. If an existing robots.txt is detected, then managed robots.txt will be prepended to the existing robots.txt.

stale_zone_configuration?: StaleZoneConfiguration { optimize_wordpress, sbfm_definitely_automated, sbfm_likely_automated, 3 more }

A read-only field that shows which unauthorized settings are currently active on the zone. These settings typically result from upgrades or downgrades.

optimize_wordpress?: boolean

Indicates that the zone's wordpress optimization for SBFM is turned on.

sbfm_definitely_automated?: string

Indicates that the zone's definitely automated requests are being blocked or challenged.

sbfm_likely_automated?: string

Indicates that the zone's likely automated requests are being blocked or challenged.

sbfm_static_resource_protection?: string

Indicates that the zone's static resource protection is turned on.

sbfm_verified_bots?: string

Indicates that the zone's verified bot requests are being blocked.

suppress_session_score?: boolean

Indicates that the zone's session score tracking is disabled.

using_latest_model?: boolean

A read-only field that indicates whether the zone currently is running the latest ML model.

SuperBotFightModeDefinitelyConfiguration { ai_bots_protection, cf_robots_variant, crawler_protection, 8 more }

ai_bots_protection?: "block" | "disabled" | "only_on_ad_pages"

Enable rule to block AI Scrapers and Crawlers. Please note the value only_on_ad_pages is currently not available for Enterprise customers.

One of the following:

"block"

"disabled"

"only_on_ad_pages"

cf_robots_variant?: "off" | "policy_only"

Specifies the Robots Access Control License variant to use.

One of the following:

"off"

"policy_only"

crawler_protection?: "enabled" | "disabled"

Enable rule to punish AI Scrapers and Crawlers via a link maze.

One of the following:

"enabled"

"disabled"

enable_js?: boolean

Use lightweight, invisible JavaScript detections to improve Bot Management. Learn more about JavaScript Detections.

is_robots_txt_managed?: boolean

Enable cloudflare managed robots.txt. If an existing robots.txt is detected, then managed robots.txt will be prepended to the existing robots.txt.

optimize_wordpress?: boolean

Whether to optimize Super Bot Fight Mode protections for Wordpress.

sbfm_definitely_automated?: "allow" | "block" | "managed_challenge"

Super Bot Fight Mode (SBFM) action to take on definitely automated requests.

One of the following:

"allow"

"block"

"managed_challenge"

sbfm_static_resource_protection?: boolean

Super Bot Fight Mode (SBFM) to enable static resource protection. Enable if static resources on your application need bot protection. Note: Static resource protection can also result in legitimate traffic being blocked.

sbfm_verified_bots?: "allow" | "block"

Super Bot Fight Mode (SBFM) action to take on verified bots requests.

One of the following:

"allow"

"block"

stale_zone_configuration?: StaleZoneConfiguration { fight_mode, sbfm_likely_automated }

A read-only field that shows which unauthorized settings are currently active on the zone. These settings typically result from upgrades or downgrades.

fight_mode?: boolean

Indicates that the zone's Bot Fight Mode is turned on.

sbfm_likely_automated?: string

Indicates that the zone's likely automated requests are being blocked or challenged.

using_latest_model?: boolean

A read-only field that indicates whether the zone currently is running the latest ML model.

SuperBotFightModeLikelyConfiguration { ai_bots_protection, cf_robots_variant, crawler_protection, 9 more }

ai_bots_protection?: "block" | "disabled" | "only_on_ad_pages"

Enable rule to block AI Scrapers and Crawlers. Please note the value only_on_ad_pages is currently not available for Enterprise customers.

One of the following:

"block"

"disabled"

"only_on_ad_pages"

cf_robots_variant?: "off" | "policy_only"

Specifies the Robots Access Control License variant to use.

One of the following:

"off"

"policy_only"

crawler_protection?: "enabled" | "disabled"

Enable rule to punish AI Scrapers and Crawlers via a link maze.

One of the following:

"enabled"

"disabled"

enable_js?: boolean

Use lightweight, invisible JavaScript detections to improve Bot Management. Learn more about JavaScript Detections.

is_robots_txt_managed?: boolean

Enable cloudflare managed robots.txt. If an existing robots.txt is detected, then managed robots.txt will be prepended to the existing robots.txt.

optimize_wordpress?: boolean

Whether to optimize Super Bot Fight Mode protections for Wordpress.

sbfm_definitely_automated?: "allow" | "block" | "managed_challenge"

Super Bot Fight Mode (SBFM) action to take on definitely automated requests.

One of the following:

"allow"

"block"

"managed_challenge"

sbfm_likely_automated?: "allow" | "block" | "managed_challenge"

Super Bot Fight Mode (SBFM) action to take on likely automated requests.

One of the following:

"allow"

"block"

"managed_challenge"

sbfm_static_resource_protection?: boolean

Super Bot Fight Mode (SBFM) to enable static resource protection. Enable if static resources on your application need bot protection. Note: Static resource protection can also result in legitimate traffic being blocked.

sbfm_verified_bots?: "allow" | "block"

Super Bot Fight Mode (SBFM) action to take on verified bots requests.

One of the following:

"allow"

"block"

stale_zone_configuration?: StaleZoneConfiguration { fight_mode }

A read-only field that shows which unauthorized settings are currently active on the zone. These settings typically result from upgrades or downgrades.

fight_mode?: boolean

Indicates that the zone's Bot Fight Mode is turned on.

using_latest_model?: boolean

A read-only field that indicates whether the zone currently is running the latest ML model.

SubscriptionConfiguration { ai_bots_protection, auto_update_model, bm_cookie_enabled, 7 more }

ai_bots_protection?: "block" | "disabled" | "only_on_ad_pages"

Enable rule to block AI Scrapers and Crawlers. Please note the value only_on_ad_pages is currently not available for Enterprise customers.

One of the following:

"block"

"disabled"

"only_on_ad_pages"

auto_update_model?: boolean

Automatically update to the newest bot detection models created by Cloudflare as they are released. Learn more.

bm_cookie_enabled?: boolean

Indicates that the bot management cookie can be placed on end user devices accessing the site. Defaults to true

cf_robots_variant?: "off" | "policy_only"

Specifies the Robots Access Control License variant to use.

One of the following:

"off"

"policy_only"

crawler_protection?: "enabled" | "disabled"

Enable rule to punish AI Scrapers and Crawlers via a link maze.

One of the following:

"enabled"

"disabled"

enable_js?: boolean

Use lightweight, invisible JavaScript detections to improve Bot Management. Learn more about JavaScript Detections.

is_robots_txt_managed?: boolean

Enable cloudflare managed robots.txt. If an existing robots.txt is detected, then managed robots.txt will be prepended to the existing robots.txt.

stale_zone_configuration?: StaleZoneConfiguration { fight_mode, optimize_wordpress, sbfm_definitely_automated, 3 more }

A read-only field that shows which unauthorized settings are currently active on the zone. These settings typically result from upgrades or downgrades.

fight_mode?: boolean

Indicates that the zone's Bot Fight Mode is turned on.

optimize_wordpress?: boolean

Indicates that the zone's wordpress optimization for SBFM is turned on.

sbfm_definitely_automated?: string

Indicates that the zone's definitely automated requests are being blocked or challenged.

sbfm_likely_automated?: string

Indicates that the zone's likely automated requests are being blocked or challenged.

sbfm_static_resource_protection?: string

Indicates that the zone's static resource protection is turned on.

sbfm_verified_bots?: string

Indicates that the zone's verified bot requests are being blocked.

suppress_session_score?: boolean

Whether to disable tracking the highest bot score for a session in the Bot Management cookie.

using_latest_model?: boolean

A read-only field that indicates whether the zone currently is running the latest ML model.

Update Zone Bot Management Config

TypeScript

HTTP

TypeScript

Python

Go

Terraform

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const botManagement = await client.botManagement.update({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  ai_bots_protection: 'disabled',
  cf_robots_variant: 'off',
  crawler_protection: 'disabled',
  enable_js: true,
  fight_mode: true,
});

console.log(botManagement);

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "ai_bots_protection": "block",
    "cf_robots_variant": "policy_only",
    "crawler_protection": "enabled",
    "enable_js": true,
    "fight_mode": true,
    "is_robots_txt_managed": false,
    "stale_zone_configuration": {
      "optimize_wordpress": true,
      "sbfm_definitely_automated": "sbfm_definitely_automated",
      "sbfm_likely_automated": "sbfm_likely_automated",
      "sbfm_static_resource_protection": "sbfm_static_resource_protection",
      "sbfm_verified_bots": "sbfm_verified_bots",
      "suppress_session_score": true
    },
    "using_latest_model": true
  }
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "ai_bots_protection": "block",
    "cf_robots_variant": "policy_only",
    "crawler_protection": "enabled",
    "enable_js": true,
    "fight_mode": true,
    "is_robots_txt_managed": false,
    "stale_zone_configuration": {
      "optimize_wordpress": true,
      "sbfm_definitely_automated": "sbfm_definitely_automated",
      "sbfm_likely_automated": "sbfm_likely_automated",
      "sbfm_static_resource_protection": "sbfm_static_resource_protection",
      "sbfm_verified_bots": "sbfm_verified_bots",
      "suppress_session_score": true
    },
    "using_latest_model": true
  }
}