Skip to content
Cloudflare API
Start here
API Reference

Origin TLS Client Auth

List Certificates
client.originTLSClientAuth.list(OriginTLSClientAuthListParams { zone_id } params, RequestOptionsoptions?): SinglePage<OriginTLSClientAuthListResponse { id, certificate, enabled, private_key } >
GET/zones/{zone_id}/origin_tls_client_auth
Get Certificate Details
client.originTLSClientAuth.get(stringcertificateId, OriginTLSClientAuthGetParams { zone_id } params, RequestOptionsoptions?): OriginTLSClientAuthGetResponse { id, certificate, enabled, private_key }
GET/zones/{zone_id}/origin_tls_client_auth/{certificate_id}
Upload Certificate
client.originTLSClientAuth.create(OriginTLSClientAuthCreateParams { zone_id, certificate, private_key } params, RequestOptionsoptions?): OriginTLSClientAuthCreateResponse { id, certificate, enabled, private_key }
POST/zones/{zone_id}/origin_tls_client_auth
Delete Certificate
client.originTLSClientAuth.delete(stringcertificateId, OriginTLSClientAuthDeleteParams { zone_id } params, RequestOptionsoptions?): OriginTLSClientAuthDeleteResponse { id, certificate, enabled, private_key }
DELETE/zones/{zone_id}/origin_tls_client_auth/{certificate_id}
ModelsExpand Collapse
ZoneAuthenticatedOriginPull { id, certificate, expires_on, 4 more }
id?: string

Identifier.

maxLength32
certificate?: string

The zone’s leaf certificate.

expires_on?: string

When the certificate from the authority expires.

formatdate-time
issuer?: string

The certificate authority that issued the certificate.

signature?: string

The type of hash used for the certificate.

status?: "initializing" | "pending_deployment" | "pending_deletion" | 4 more

Status of the certificate activation.

One of the following:
"initializing"
"pending_deployment"
"pending_deletion"
"active"
"deleted"
"deployment_timed_out"
"deletion_timed_out"
uploaded_on?: string

This is the time the certificate was uploaded.

formatdate-time
OriginTLSClientAuthListResponse extends ZoneAuthenticatedOriginPull { id, certificate, expires_on, 4 more } { id, certificate, enabled, private_key }
id?: string

Identifier.

maxLength32
certificate?: string

The zone’s leaf certificate.

enabled?: boolean

Indicates whether zone-level authenticated origin pulls is enabled.

private_key?: string

The zone’s private key.

OriginTLSClientAuthGetResponse extends ZoneAuthenticatedOriginPull { id, certificate, expires_on, 4 more } { id, certificate, enabled, private_key }
id?: string

Identifier.

maxLength32
certificate?: string

The zone’s leaf certificate.

enabled?: boolean

Indicates whether zone-level authenticated origin pulls is enabled.

private_key?: string

The zone’s private key.

OriginTLSClientAuthCreateResponse extends ZoneAuthenticatedOriginPull { id, certificate, expires_on, 4 more } { id, certificate, enabled, private_key }
id?: string

Identifier.

maxLength32
certificate?: string

The zone’s leaf certificate.

enabled?: boolean

Indicates whether zone-level authenticated origin pulls is enabled.

private_key?: string

The zone’s private key.

OriginTLSClientAuthDeleteResponse extends ZoneAuthenticatedOriginPull { id, certificate, expires_on, 4 more } { id, certificate, enabled, private_key }
id?: string

Identifier.

maxLength32
certificate?: string

The zone’s leaf certificate.

enabled?: boolean

Indicates whether zone-level authenticated origin pulls is enabled.

private_key?: string

The zone’s private key.

Origin TLS Client AuthHostnames

Get the Hostname Status for Client Authentication
client.originTLSClientAuth.hostnames.get(stringhostname, HostnameGetParams { zone_id } params, RequestOptionsoptions?): AuthenticatedOriginPull { cert_id, cert_status, cert_updated_at, 11 more }
GET/zones/{zone_id}/origin_tls_client_auth/hostnames/{hostname}
Enable or Disable a Hostname for Client Authentication
client.originTLSClientAuth.hostnames.update(HostnameUpdateParams { zone_id, config } params, RequestOptionsoptions?): SinglePage<HostnameUpdateResponse { id, cert_id, certificate, 3 more } >
PUT/zones/{zone_id}/origin_tls_client_auth/hostnames
ModelsExpand Collapse
AuthenticatedOriginPull { cert_id, cert_status, cert_updated_at, 11 more }
cert_id?: string

Identifier.

maxLength32
cert_status?: "initializing" | "pending_deployment" | "pending_deletion" | 4 more

Status of the certificate or the association.

One of the following:
"initializing"
"pending_deployment"
"pending_deletion"
"active"
"deleted"
"deployment_timed_out"
"deletion_timed_out"
cert_updated_at?: string

The time when the certificate was updated.

formatdate-time
cert_uploaded_on?: string

The time when the certificate was uploaded.

formatdate-time
certificate?: string

The hostname certificate.

created_at?: string

The time when the certificate was created.

formatdate-time
enabled?: boolean | null

Indicates whether hostname-level authenticated origin pulls is enabled. A null value voids the association.

expires_on?: string

The date when the certificate expires.

formatdate-time
hostname?: string

The hostname on the origin for which the client certificate uploaded will be used.

maxLength255
issuer?: string

The certificate authority that issued the certificate.

serial_number?: string

The serial number on the uploaded certificate.

signature?: string

The type of hash used for the certificate.

status?: "initializing" | "pending_deployment" | "pending_deletion" | 4 more

Status of the certificate or the association.

One of the following:
"initializing"
"pending_deployment"
"pending_deletion"
"active"
"deleted"
"deployment_timed_out"
"deletion_timed_out"
updated_at?: string

The time when the certificate was updated.

formatdate-time
HostnameUpdateResponse extends AuthenticatedOriginPull { cert_id, cert_status, cert_updated_at, 11 more } { id, cert_id, certificate, 3 more }
id?: string

Identifier.

maxLength32
cert_id?: string

Identifier.

maxLength32
certificate?: string

The hostname certificate.

enabled?: boolean | null

Indicates whether hostname-level authenticated origin pulls is enabled. A null value voids the association.

hostname?: string

The hostname on the origin for which the client certificate uploaded will be used.

maxLength255
private_key?: string

The hostname certificate’s private key.

Origin TLS Client AuthHostnamesCertificates

List Certificates
client.originTLSClientAuth.hostnames.certificates.list(CertificateListParams { zone_id } params, RequestOptionsoptions?): SinglePage<CertificateListResponse { id, certificate, expires_on, 5 more } >
GET/zones/{zone_id}/origin_tls_client_auth/hostnames/certificates
Get the Hostname Client Certificate
client.originTLSClientAuth.hostnames.certificates.get(stringcertificateId, CertificateGetParams { zone_id } params, RequestOptionsoptions?): CertificateGetResponse { id, certificate, expires_on, 5 more }
GET/zones/{zone_id}/origin_tls_client_auth/hostnames/certificates/{certificate_id}
Upload a Hostname Client Certificate
client.originTLSClientAuth.hostnames.certificates.create(CertificateCreateParams { zone_id, certificate, private_key } params, RequestOptionsoptions?): CertificateCreateResponse { id, certificate, expires_on, 5 more }
POST/zones/{zone_id}/origin_tls_client_auth/hostnames/certificates
Delete Hostname Client Certificate
client.originTLSClientAuth.hostnames.certificates.delete(stringcertificateId, CertificateDeleteParams { zone_id } params, RequestOptionsoptions?): CertificateDeleteResponse { id, certificate, expires_on, 5 more }
DELETE/zones/{zone_id}/origin_tls_client_auth/hostnames/certificates/{certificate_id}
ModelsExpand Collapse
Certificate { id, certificate, expires_on, 5 more }
id?: string

Identifier.

maxLength32
certificate?: string

The hostname certificate.

expires_on?: string

The date when the certificate expires.

formatdate-time
issuer?: string

The certificate authority that issued the certificate.

serial_number?: string

The serial number on the uploaded certificate.

signature?: string

The type of hash used for the certificate.

status?: "initializing" | "pending_deployment" | "pending_deletion" | 4 more

Status of the certificate or the association.

One of the following:
"initializing"
"pending_deployment"
"pending_deletion"
"active"
"deleted"
"deployment_timed_out"
"deletion_timed_out"
uploaded_on?: string

The time when the certificate was uploaded.

formatdate-time
CertificateListResponse { id, certificate, expires_on, 5 more }
id?: string

Identifier.

maxLength32
certificate?: string

The hostname certificate.

expires_on?: string

The date when the certificate expires.

formatdate-time
issuer?: string

The certificate authority that issued the certificate.

serial_number?: string

The serial number on the uploaded certificate.

signature?: string

The type of hash used for the certificate.

status?: "initializing" | "pending_deployment" | "pending_deletion" | 4 more

Status of the certificate or the association.

One of the following:
"initializing"
"pending_deployment"
"pending_deletion"
"active"
"deleted"
"deployment_timed_out"
"deletion_timed_out"
uploaded_on?: string

The time when the certificate was uploaded.

formatdate-time
CertificateGetResponse { id, certificate, expires_on, 5 more }
id?: string

Identifier.

maxLength32
certificate?: string

The hostname certificate.

expires_on?: string

The date when the certificate expires.

formatdate-time
issuer?: string

The certificate authority that issued the certificate.

serial_number?: string

The serial number on the uploaded certificate.

signature?: string

The type of hash used for the certificate.

status?: "initializing" | "pending_deployment" | "pending_deletion" | 4 more

Status of the certificate or the association.

One of the following:
"initializing"
"pending_deployment"
"pending_deletion"
"active"
"deleted"
"deployment_timed_out"
"deletion_timed_out"
uploaded_on?: string

The time when the certificate was uploaded.

formatdate-time
CertificateCreateResponse { id, certificate, expires_on, 5 more }
id?: string

Identifier.

maxLength32
certificate?: string

The hostname certificate.

expires_on?: string

The date when the certificate expires.

formatdate-time
issuer?: string

The certificate authority that issued the certificate.

serial_number?: string

The serial number on the uploaded certificate.

signature?: string

The type of hash used for the certificate.

status?: "initializing" | "pending_deployment" | "pending_deletion" | 4 more

Status of the certificate or the association.

One of the following:
"initializing"
"pending_deployment"
"pending_deletion"
"active"
"deleted"
"deployment_timed_out"
"deletion_timed_out"
uploaded_on?: string

The time when the certificate was uploaded.

formatdate-time
CertificateDeleteResponse { id, certificate, expires_on, 5 more }
id?: string

Identifier.

maxLength32
certificate?: string

The hostname certificate.

expires_on?: string

The date when the certificate expires.

formatdate-time
issuer?: string

The certificate authority that issued the certificate.

serial_number?: string

The serial number on the uploaded certificate.

signature?: string

The type of hash used for the certificate.

status?: "initializing" | "pending_deployment" | "pending_deletion" | 4 more

Status of the certificate or the association.

One of the following:
"initializing"
"pending_deployment"
"pending_deletion"
"active"
"deleted"
"deployment_timed_out"
"deletion_timed_out"
uploaded_on?: string

The time when the certificate was uploaded.

formatdate-time

Origin TLS Client AuthSettings

Get Enablement Setting for Zone
client.originTLSClientAuth.settings.get(SettingGetParams { zone_id } params, RequestOptionsoptions?): SettingGetResponse { enabled }
GET/zones/{zone_id}/origin_tls_client_auth/settings
Set Enablement for Zone
client.originTLSClientAuth.settings.update(SettingUpdateParams { zone_id, enabled } params, RequestOptionsoptions?): SettingUpdateResponse { enabled }
PUT/zones/{zone_id}/origin_tls_client_auth/settings
ModelsExpand Collapse
SettingGetResponse { enabled }
enabled?: boolean

Indicates whether zone-level authenticated origin pulls is enabled.

SettingUpdateResponse { enabled }
enabled?: boolean

Indicates whether zone-level authenticated origin pulls is enabled.