Cloudflare API | Keyless Certificates › list

API Reference

Account & User Management

Resource Sharing

AI

Certificate Management

Certificate Authorities

Client Certificates

Custom Certificates

Custom Hostnames

Keyless Certificates

List Keyless SSL Configurations

Get Keyless SSL Configuration

Create Keyless SSL Configuration

Edit Keyless SSL Configuration

Delete Keyless SSL Configuration

MTLS Certificates

Origin CA Certificates

Origin Post Quantum Encryption

Origin TLS Client Auth

Cloudflare One

DNS

Account Custom Nameservers

Domain/Zone Management

IP Addresses

Media

Networking

Magic Cloud Networking

Magic Network Monitoring

Network Interconnects

Observability

Security Center

Radar

Routing & Performance

Rules

Cloud Connector

Managed Transforms

URL Normalization

Security

Schema Validation

Content Scanning

Leaked Credential Checks

Token Validation

Storage & Databases

R2 Data Catalog

Threat Intelligence

Brand Protection

Workers & Pages

Browser Rendering

Durable Objects

Workers For Platforms

Shared

Keyless Certificates

KeylessCertificates

Methods

client.keylessCertificates.list(, ):

<

KeylessCertificate

>

get/zones/{zone_id}/keyless_certificates

List all Keyless SSL configurations for a given zone.

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

SSL and Certificates Write SSL and Certificates Read

Parameters

params:

KeylessCertificateListParams

zone_id: string

(maxLength: 32)

Identifier.

Returns

KeylessCertificate

id: string

(maxLength: 32)

Keyless certificate identifier tag.

created_on: string

(format: date-time)

When the Keyless SSL was created.

enabled: boolean

Whether or not the Keyless SSL is on or off.

host: string

(format: hostname, maxLength: 253)

The keyless SSL name.

modified_on: string

(format: date-time)

When the Keyless SSL was last modified.

name: string

(maxLength: 180)

The keyless SSL name.

permissions: Array<string>

Available permissions for the Keyless SSL for the current user requesting the item.

port: number

(maxLength: 65535, default: 24008)

The keyless SSL port used to communicate between Cloudflare and the client's Keyless SSL server.

status: "active" | "deleted"

Status of the Keyless SSL.

tunnel?:

Configuration for using Keyless SSL through a Cloudflare Tunnel

Request example

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const keylessCertificate of client.keylessCertificates.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(keylessCertificate.id);
}

200Example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "4d2844d2ce78891c34d0b6c0535a291e",
      "created_on": "2014-01-01T05:20:00Z",
      "enabled": false,
      "host": "example.com",
      "modified_on": "2014-01-01T05:20:00Z",
      "name": "example.com Keyless SSL",
      "permissions": [
        "#ssl:read",
        "#ssl:edit"
      ],
      "port": 24008,
      "status": "active",
      "tunnel": {
        "private_ip": "10.0.0.1",
        "vnet_id": "7365377a-85a4-4390-9480-531ef7dc7a3c"
      }
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}

client.keylessCertificates.get(, , ):

KeylessCertificate

get/zones/{zone_id}/keyless_certificates/{keyless_certificate_id}

Get details for one Keyless SSL configuration.

client.keylessCertificates.create(, ):

KeylessCertificate

post/zones/{zone_id}/keyless_certificates

Creates a Keyless SSL configuration that allows SSL/TLS termination without exposing private keys to Cloudflare. Keys remain on your infrastructure.

client.keylessCertificates.edit(, , ):

KeylessCertificate

patch/zones/{zone_id}/keyless_certificates/{keyless_certificate_id}

This will update attributes of a Keyless SSL. Consists of one or more of the following: host,name,port.

client.keylessCertificates.delete(, , ):

KeylessCertificateDeleteResponse

delete/zones/{zone_id}/keyless_certificates/{keyless_certificate_id}

Removes a Keyless SSL configuration. SSL connections will no longer use the keyless server for cryptographic operations.

Domain types

KeylessCertificate{…}

Tunnel{…}

Configuration for using Keyless SSL through a Cloudflare Tunnel