Cloudflare API | Origin TLS Client Auth

Upload your own certificate you want Cloudflare to use for edge-to-origin communication to override the shared certificate. Please note that it is important to keep only one certificate active. Also, make sure to enable zone-level authenticated origin pulls by making a PUT call to settings endpoint to see the uploaded certificate in use.

client.originTLSClientAuth.delete(, , ):

OriginTLSClientAuthDeleteResponse

Deprecated

delete/zones/{zone_id}/origin_tls_client_auth/{certificate_id}

Deprecated

Use zone_certificates.delete for zone-level certificates. This method will be removed in a future major version.

Delete Certificate

Origin TLS Client Auth

Hostname Certificates

OriginTLSClientAuth.HostnameCertificates

Methods

client.originTLSClientAuth.hostnameCertificates.list(, ):

SinglePage

HostnameCertificateListResponse

get/zones/{zone_id}/origin_tls_client_auth/hostnames/certificates

List Certificates

client.originTLSClientAuth.hostnameCertificates.get(, , ):

HostnameCertificateGetResponse

get/zones/{zone_id}/origin_tls_client_auth/hostnames/certificates/{certificate_id}

Get the certificate by ID to be used for client authentication on a hostname.

client.originTLSClientAuth.hostnameCertificates.create(, ):

HostnameCertificateCreateResponse

post/zones/{zone_id}/origin_tls_client_auth/hostnames/certificates

Upload a certificate to be used for client authentication on a hostname. 10 hostname certificates per zone are allowed.

client.originTLSClientAuth.hostnameCertificates.delete(, , ):

HostnameCertificateDeleteResponse

delete/zones/{zone_id}/origin_tls_client_auth/hostnames/certificates/{certificate_id}

Delete Hostname Client Certificate

Domain types

Certificate{…}

Origin TLS Client Auth

Hostnames

OriginTLSClientAuth.Hostnames

Methods

client.originTLSClientAuth.hostnames.get(, , ):

AuthenticatedOriginPull

get/zones/{zone_id}/origin_tls_client_auth/hostnames/{hostname}

Get the Hostname Status for Client Authentication

client.originTLSClientAuth.hostnames.update(, ):

SinglePage

HostnameUpdateResponse

put/zones/{zone_id}/origin_tls_client_auth/hostnames

Associate a hostname to a certificate and enable, disable or invalidate the association. If disabled, client certificate will not be sent to the hostname even if activated at the zone level. 100 maximum associations on a single certificate are allowed. Note: Use a null value for parameter enabled to invalidate the association.

Domain types

AuthenticatedOriginPull{…}

Origin TLS Client Auth

Settings

OriginTLSClientAuth.Settings

Methods

client.originTLSClientAuth.settings.get(, ):

SettingGetResponse

get/zones/{zone_id}/origin_tls_client_auth/settings

Get whether zone-level authenticated origin pulls is enabled or not. It is false by default.

client.originTLSClientAuth.settings.update(, ):

SettingUpdateResponse

put/zones/{zone_id}/origin_tls_client_auth/settings

Enable or disable zone-level authenticated origin pulls. 'enabled' should be set true either before/after the certificate is uploaded to see the certificate in use.

Origin TLS Client Auth