# IAM # Permission Groups ## List Account Permission Groups `client.iam.permissionGroups.list(PermissionGroupListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/iam/permission_groups` List all the permissions groups for an account. ### Parameters - `params: PermissionGroupListParams` - `account_id: string` Path param: Account identifier tag. - `id?: string` Query param: ID of the permission group to be fetched. - `label?: string` Query param: Label of the permission group to be fetched. - `name?: string` Query param: Name of the permission group to be fetched. - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Maximum number of results per page. ### Returns - `PermissionGroupListResponse` A named group of permissions that map to a group of operations against resources. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const permissionGroupListResponse of client.iam.permissionGroups.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(permissionGroupListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Permission Group Details `client.iam.permissionGroups.get(stringpermissionGroupId, PermissionGroupGetParamsparams, RequestOptionsoptions?): PermissionGroupGetResponse` **get** `/accounts/{account_id}/iam/permission_groups/{permission_group_id}` Get information about a specific permission group in an account. ### Parameters - `permissionGroupId: string` Permission Group identifier tag. - `params: PermissionGroupGetParams` - `account_id: string` Account identifier tag. ### Returns - `PermissionGroupGetResponse` A named group of permissions that map to a group of operations against resources. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const permissionGroup = await client.iam.permissionGroups.get('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(permissionGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "meta": { "key": "key", "value": "value" }, "name": "Load Balancer" } } ``` ## Domain Types ### Permission Group List Response - `PermissionGroupListResponse` A named group of permissions that map to a group of operations against resources. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. ### Permission Group Get Response - `PermissionGroupGetResponse` A named group of permissions that map to a group of operations against resources. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. # Resource Groups ## List Resource Groups `client.iam.resourceGroups.list(ResourceGroupListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/iam/resource_groups` List all the resource groups for an account. ### Parameters - `params: ResourceGroupListParams` - `account_id: string` Path param: Account identifier tag. - `id?: string` Query param: ID of the resource group to be fetched. - `name?: string` Query param: Name of the resource group to be fetched. ### Returns - `ResourceGroupListResponse` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const resourceGroupListResponse of client.iam.resourceGroups.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(resourceGroupListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ``` ## Resource Group Details `client.iam.resourceGroups.get(stringresourceGroupId, ResourceGroupGetParamsparams, RequestOptionsoptions?): ResourceGroupGetResponse` **get** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Get information about a specific resource group in an account. ### Parameters - `resourceGroupId: string` Resource Group identifier tag. - `params: ResourceGroupGetParams` - `account_id: string` Account identifier tag. ### Returns - `ResourceGroupGetResponse` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const resourceGroup = await client.iam.resourceGroups.get('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(resourceGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Create Resource Group `client.iam.resourceGroups.create(ResourceGroupCreateParamsparams, RequestOptionsoptions?): ResourceGroupCreateResponse` **post** `/accounts/{account_id}/iam/resource_groups` Create a new Resource Group under the specified account. ### Parameters - `params: ResourceGroupCreateParams` - `account_id: string` Path param: Account identifier tag. - `name: string` Body param: Name of the resource group - `scope: Scope` Body param: A scope is a combination of scope objects which provides additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. The number of Scope objects should not be zero. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) ### Returns - `ResourceGroupCreateResponse` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const resourceGroup = await client.iam.resourceGroups.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', name: 'NewResourceGroup', scope: { key: 'com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4', objects: [{ key: 'com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5' }], }, }); console.log(resourceGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Update Resource Group `client.iam.resourceGroups.update(stringresourceGroupId, ResourceGroupUpdateParamsparams, RequestOptionsoptions?): ResourceGroupUpdateResponse` **put** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Modify an existing resource group. ### Parameters - `resourceGroupId: string` Resource Group identifier tag. - `params: ResourceGroupUpdateParams` - `account_id: string` Path param: Account identifier tag. - `name?: string` Body param: Name of the resource group - `scope?: Scope` Body param: A scope is a combination of scope objects which provides additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. The number of Scope objects should not be zero. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) ### Returns - `ResourceGroupUpdateResponse` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const resourceGroup = await client.iam.resourceGroups.update('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(resourceGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Remove Resource Group `client.iam.resourceGroups.delete(stringresourceGroupId, ResourceGroupDeleteParamsparams, RequestOptionsoptions?): ResourceGroupDeleteResponse | null` **delete** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Remove a resource group from an account. ### Parameters - `resourceGroupId: string` Resource Group identifier tag. - `params: ResourceGroupDeleteParams` - `account_id: string` Account identifier tag. ### Returns - `ResourceGroupDeleteResponse` - `id: string` Identifier ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const resourceGroup = await client.iam.resourceGroups.delete('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(resourceGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### Resource Group List Response - `ResourceGroupListResponse` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Resource Group Get Response - `ResourceGroupGetResponse` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Resource Group Create Response - `ResourceGroupCreateResponse` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Resource Group Update Response - `ResourceGroupUpdateResponse` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Resource Group Delete Response - `ResourceGroupDeleteResponse` - `id: string` Identifier # User Groups ## List User Groups `client.iam.userGroups.list(UserGroupListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/iam/user_groups` List all the user groups for an account. ### Parameters - `params: UserGroupListParams` - `account_id: string` Path param: Account identifier tag. - `id?: string` Query param: ID of the user group to be fetched. - `direction?: string` Query param: The sort order of returned user groups by name. Default sort order is ascending. To switch to descending, set this parameter to "desc" - `fuzzyName?: string` Query param: A string used for searching for user groups containing that substring. - `name?: string` Query param: Name of the user group to be fetched. - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Maximum number of results per page. ### Returns - `UserGroupListResponse` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies?: Array` Policies attached to the User group - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const userGroupListResponse of client.iam.userGroups.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(userGroupListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## User Group Details `client.iam.userGroups.get(stringuserGroupId, UserGroupGetParamsparams, RequestOptionsoptions?): UserGroupGetResponse` **get** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Get information about a specific user group in an account. ### Parameters - `userGroupId: string` User Group identifier tag. - `params: UserGroupGetParams` - `account_id: string` Account identifier tag. ### Returns - `UserGroupGetResponse` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies?: Array` Policies attached to the User group - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const userGroup = await client.iam.userGroups.get('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(userGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Create User Group `client.iam.userGroups.create(UserGroupCreateParamsparams, RequestOptionsoptions?): UserGroupCreateResponse` **post** `/accounts/{account_id}/iam/user_groups` Create a new user group under the specified account. ### Parameters - `params: UserGroupCreateParams` - `account_id: string` Path param: Account identifier tag. - `name: string` Body param: Name of the User group. - `policies: Array` Body param: Policies attached to the User group - `access: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Permission Group identifier tag. - `resource_groups: Array` A set of resource groups that are specified to the policy. - `id: string` Resource Group identifier tag. ### Returns - `UserGroupCreateResponse` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies?: Array` Policies attached to the User group - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const userGroup = await client.iam.userGroups.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', name: 'My New User Group', policies: [ { access: 'allow', permission_groups: [ { id: 'c8fed203ed3043cba015a93ad1616f1f' }, { id: '82e64a83756745bbbb1c9c2701bf816b' }, ], resource_groups: [{ id: '6d7f2f5f5b1d4a0e9081fdc98d432fd1' }], }, ], }); console.log(userGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Update User Group `client.iam.userGroups.update(stringuserGroupId, UserGroupUpdateParamsparams, RequestOptionsoptions?): UserGroupUpdateResponse` **put** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Modify an existing user group. ### Parameters - `userGroupId: string` User Group identifier tag. - `params: UserGroupUpdateParams` - `account_id: string` Path param: Account identifier tag. - `name?: string` Body param: Name of the User group. - `policies?: Array` Body param: Policies attached to the User group - `id: string` Policy identifier. - `access: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Array` A set of permission groups that are specified to the policy. - `id: string` Permission Group identifier tag. - `resource_groups: Array` A set of resource groups that are specified to the policy. - `id: string` Resource Group identifier tag. ### Returns - `UserGroupUpdateResponse` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies?: Array` Policies attached to the User group - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const userGroup = await client.iam.userGroups.update('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(userGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Remove User Group `client.iam.userGroups.delete(stringuserGroupId, UserGroupDeleteParamsparams, RequestOptionsoptions?): UserGroupDeleteResponse | null` **delete** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Remove a user group from an account. ### Parameters - `userGroupId: string` User Group identifier tag. - `params: UserGroupDeleteParams` - `account_id: string` Account identifier tag. ### Returns - `UserGroupDeleteResponse` - `id: string` Identifier ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const userGroup = await client.iam.userGroups.delete('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(userGroup.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### User Group List Response - `UserGroupListResponse` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies?: Array` Policies attached to the User group - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### User Group Get Response - `UserGroupGetResponse` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies?: Array` Policies attached to the User group - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### User Group Create Response - `UserGroupCreateResponse` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies?: Array` Policies attached to the User group - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### User Group Update Response - `UserGroupUpdateResponse` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies?: Array` Policies attached to the User group - `id?: string` Policy identifier. - `access?: "allow" | "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups?: Array` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta?: Meta` Attributes associated to the permission group. - `key?: string` - `value?: string` - `name?: string` Name of the permission group. - `resource_groups?: Array` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: Array` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: Array` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta?: Meta` Attributes associated to the resource group. - `key?: string` - `value?: string` - `name?: string` Name of the resource group. ### User Group Delete Response - `UserGroupDeleteResponse` - `id: string` Identifier # Members ## List User Group Members `client.iam.userGroups.members.list(stringuserGroupId, MemberListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` List all the members attached to a user group. ### Parameters - `userGroupId: string` User Group identifier tag. - `params: MemberListParams` - `account_id: string` Path param: Account identifier tag. - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Maximum number of results per page. ### Returns - `MemberListResponse` Member attached to a User Group. - `id: string` Account member identifier. - `email?: string` The contact email address of the user. - `status?: "accepted" | "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const memberListResponse of client.iam.userGroups.members.list( '023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, )) { console.log(memberListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Add User Group Members `client.iam.userGroups.members.create(stringuserGroupId, MemberCreateParamsparams, RequestOptionsoptions?): MemberCreateResponse` **post** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` Add members to a User Group. ### Parameters - `userGroupId: string` User Group identifier tag. - `params: MemberCreateParams` - `account_id: string` Path param: Account identifier tag. - `body: Array` Body param - `id: string` The identifier of an existing account Member. ### Returns - `MemberCreateResponse` Member attached to a User Group. - `id: string` Account member identifier. - `email?: string` The contact email address of the user. - `status?: "accepted" | "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const member = await client.iam.userGroups.members.create('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', body: [{ id: '023e105f4ecef8ad9ca31a8372d0c353' }], }); console.log(member.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } } ``` ## Update User Group Members `client.iam.userGroups.members.update(stringuserGroupId, MemberUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` Replace the set of members attached to a User Group. ### Parameters - `userGroupId: string` User Group identifier tag. - `params: MemberUpdateParams` - `account_id: string` Path param: Account identifier tag. - `body: Array` Body param: Set/Replace members to a user group. - `id: string` The identifier of an existing account Member. ### Returns - `MemberUpdateResponse` Member attached to a User Group. - `id: string` Account member identifier. - `email?: string` The contact email address of the user. - `status?: "accepted" | "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const memberUpdateResponse of client.iam.userGroups.members.update( '023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', body: [{ id: '023e105f4ecef8ad9ca31a8372d0c353' }], }, )) { console.log(memberUpdateResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } ] } ``` ## Remove User Group Member `client.iam.userGroups.members.delete(stringuserGroupId, stringmemberId, MemberDeleteParamsparams, RequestOptionsoptions?): MemberDeleteResponse` **delete** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}` Remove a member from User Group ### Parameters - `userGroupId: string` User Group identifier tag. - `memberId: string` The identifier of an existing account Member. - `params: MemberDeleteParams` - `account_id: string` Account identifier tag. ### Returns - `MemberDeleteResponse` Member attached to a User Group. - `id: string` Account member identifier. - `email?: string` The contact email address of the user. - `status?: "accepted" | "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const member = await client.iam.userGroups.members.delete( '023e105f4ecef8ad9ca31a8372d0c353', '023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(member.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } } ``` ## Domain Types ### Member List Response - `MemberListResponse` Member attached to a User Group. - `id: string` Account member identifier. - `email?: string` The contact email address of the user. - `status?: "accepted" | "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Member Create Response - `MemberCreateResponse` Member attached to a User Group. - `id: string` Account member identifier. - `email?: string` The contact email address of the user. - `status?: "accepted" | "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Member Update Response - `MemberUpdateResponse` Member attached to a User Group. - `id: string` Account member identifier. - `email?: string` The contact email address of the user. - `status?: "accepted" | "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Member Delete Response - `MemberDeleteResponse` Member attached to a User Group. - `id: string` Account member identifier. - `email?: string` The contact email address of the user. - `status?: "accepted" | "pending"` The member's status in the account. - `"accepted"` - `"pending"` # SSO ## Get all SSO connectors `client.iam.sso.list(SSOListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/sso_connectors` Get all SSO connectors ### Parameters - `params: SSOListParams` - `account_id: string` Account identifier tag. ### Returns - `SSOListResponse` - `id?: string` SSO Connector identifier tag. - `created_on?: string` Timestamp for the creation of the SSO connector - `email_domain?: string` - `enabled?: boolean` - `updated_on?: string` Timestamp for the last update of the SSO connector - `use_fedramp_language?: boolean` Controls the display of FedRAMP language to the user during SSO login - `verification?: Verification` - `code?: string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status?: "awaiting" | "pending" | "failed" | "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const ssoListResponse of client.iam.sso.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(ssoListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get single SSO connector `client.iam.sso.get(stringssoConnectorId, SSOGetParamsparams, RequestOptionsoptions?): SSOGetResponse` **get** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Get single SSO connector ### Parameters - `ssoConnectorId: string` SSO Connector identifier tag. - `params: SSOGetParams` - `account_id: string` Account identifier tag. ### Returns - `SSOGetResponse` - `id?: string` SSO Connector identifier tag. - `created_on?: string` Timestamp for the creation of the SSO connector - `email_domain?: string` - `enabled?: boolean` - `updated_on?: string` Timestamp for the last update of the SSO connector - `use_fedramp_language?: boolean` Controls the display of FedRAMP language to the user during SSO login - `verification?: Verification` - `code?: string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status?: "awaiting" | "pending" | "failed" | "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const sso = await client.iam.sso.get('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(sso.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Initialize new SSO connector `client.iam.sso.create(SSOCreateParamsparams, RequestOptionsoptions?): SSOCreateResponse` **post** `/accounts/{account_id}/sso_connectors` Initialize new SSO connector ### Parameters - `params: SSOCreateParams` - `account_id: string` Path param: Account identifier tag. - `email_domain: string` Body param: Email domain of the new SSO connector - `begin_verification?: boolean` Body param: Begin the verification process after creation - `use_fedramp_language?: boolean` Body param: Controls the display of FedRAMP language to the user during SSO login ### Returns - `SSOCreateResponse` - `id?: string` SSO Connector identifier tag. - `created_on?: string` Timestamp for the creation of the SSO connector - `email_domain?: string` - `enabled?: boolean` - `updated_on?: string` Timestamp for the last update of the SSO connector - `use_fedramp_language?: boolean` Controls the display of FedRAMP language to the user during SSO login - `verification?: Verification` - `code?: string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status?: "awaiting" | "pending" | "failed" | "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const sso = await client.iam.sso.create({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', email_domain: 'example.com', }); console.log(sso.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Update SSO connector state `client.iam.sso.update(stringssoConnectorId, SSOUpdateParamsparams, RequestOptionsoptions?): SSOUpdateResponse` **patch** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Update SSO connector state ### Parameters - `ssoConnectorId: string` SSO Connector identifier tag. - `params: SSOUpdateParams` - `account_id: string` Path param: Account identifier tag. - `enabled?: boolean` Body param: SSO Connector enabled state - `use_fedramp_language?: boolean` Body param: Controls the display of FedRAMP language to the user during SSO login ### Returns - `SSOUpdateResponse` - `id?: string` SSO Connector identifier tag. - `created_on?: string` Timestamp for the creation of the SSO connector - `email_domain?: string` - `enabled?: boolean` - `updated_on?: string` Timestamp for the last update of the SSO connector - `use_fedramp_language?: boolean` Controls the display of FedRAMP language to the user during SSO login - `verification?: Verification` - `code?: string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status?: "awaiting" | "pending" | "failed" | "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const sso = await client.iam.sso.update('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(sso.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Delete SSO connector `client.iam.sso.delete(stringssoConnectorId, SSODeleteParamsparams, RequestOptionsoptions?): SSODeleteResponse | null` **delete** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Delete SSO connector ### Parameters - `ssoConnectorId: string` SSO Connector identifier tag. - `params: SSODeleteParams` - `account_id: string` Account identifier tag. ### Returns - `SSODeleteResponse` - `id: string` Identifier ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const sso = await client.iam.sso.delete('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(sso.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Begin SSO connector verification `client.iam.sso.beginVerification(stringssoConnectorId, SSOBeginVerificationParamsparams, RequestOptionsoptions?): SSOBeginVerificationResponse` **post** `/accounts/{account_id}/sso_connectors/{sso_connector_id}/begin_verification` Begin SSO connector verification ### Parameters - `ssoConnectorId: string` SSO Connector identifier tag. - `params: SSOBeginVerificationParams` - `account_id: string` Account identifier tag. ### Returns - `SSOBeginVerificationResponse` - `errors: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `messages: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `success: true` Whether the API call was successful. - `true` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.iam.sso.beginVerification('023e105f4ecef8ad9ca31a8372d0c353', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(response.errors); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### SSO List Response - `SSOListResponse` - `id?: string` SSO Connector identifier tag. - `created_on?: string` Timestamp for the creation of the SSO connector - `email_domain?: string` - `enabled?: boolean` - `updated_on?: string` Timestamp for the last update of the SSO connector - `use_fedramp_language?: boolean` Controls the display of FedRAMP language to the user during SSO login - `verification?: Verification` - `code?: string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status?: "awaiting" | "pending" | "failed" | "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Get Response - `SSOGetResponse` - `id?: string` SSO Connector identifier tag. - `created_on?: string` Timestamp for the creation of the SSO connector - `email_domain?: string` - `enabled?: boolean` - `updated_on?: string` Timestamp for the last update of the SSO connector - `use_fedramp_language?: boolean` Controls the display of FedRAMP language to the user during SSO login - `verification?: Verification` - `code?: string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status?: "awaiting" | "pending" | "failed" | "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Create Response - `SSOCreateResponse` - `id?: string` SSO Connector identifier tag. - `created_on?: string` Timestamp for the creation of the SSO connector - `email_domain?: string` - `enabled?: boolean` - `updated_on?: string` Timestamp for the last update of the SSO connector - `use_fedramp_language?: boolean` Controls the display of FedRAMP language to the user during SSO login - `verification?: Verification` - `code?: string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status?: "awaiting" | "pending" | "failed" | "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Update Response - `SSOUpdateResponse` - `id?: string` SSO Connector identifier tag. - `created_on?: string` Timestamp for the creation of the SSO connector - `email_domain?: string` - `enabled?: boolean` - `updated_on?: string` Timestamp for the last update of the SSO connector - `use_fedramp_language?: boolean` Controls the display of FedRAMP language to the user during SSO login - `verification?: Verification` - `code?: string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status?: "awaiting" | "pending" | "failed" | "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Delete Response - `SSODeleteResponse` - `id: string` Identifier ### SSO Begin Verification Response - `SSOBeginVerificationResponse` - `errors: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `messages: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `success: true` Whether the API call was successful. - `true`