Skip to content
Cloudflare API
Start here
API Reference

Schema Validation

Schema ValidationSchemas

List all uploaded schemas
client.schemaValidation.schemas.list(SchemaListParams { zone_id, omit_source, page, 2 more } params, RequestOptionsoptions?): V4PagePaginationArray<PublicSchema { created_at, kind, name, 3 more } >
GET/zones/{zone_id}/schema_validation/schemas
Get details of a schema
client.schemaValidation.schemas.get(stringschemaId, SchemaGetParams { zone_id, omit_source } params, RequestOptionsoptions?): PublicSchema { created_at, kind, name, 3 more }
GET/zones/{zone_id}/schema_validation/schemas/{schema_id}
Upload a schema
client.schemaValidation.schemas.create(SchemaCreateParams { zone_id, kind, name, 2 more } params, RequestOptionsoptions?): PublicSchema { created_at, kind, name, 3 more }
POST/zones/{zone_id}/schema_validation/schemas
Edit details of a schema to enable validation
client.schemaValidation.schemas.edit(stringschemaId, SchemaEditParams { zone_id, validation_enabled } params, RequestOptionsoptions?): PublicSchema { created_at, kind, name, 3 more }
PATCH/zones/{zone_id}/schema_validation/schemas/{schema_id}
Delete a schema
client.schemaValidation.schemas.delete(stringschemaId, SchemaDeleteParams { zone_id } params, RequestOptionsoptions?): SchemaDeleteResponse { id }
DELETE/zones/{zone_id}/schema_validation/schemas/{schema_id}
ModelsExpand Collapse
PublicSchema { created_at, kind, name, 3 more }

A schema used in schema validation

created_at: string
formatdate-time
kind: "openapi_v3"

The kind of the schema

name: string

A human-readable name for the schema

schema_id: string

A unique identifier of this schema

maxLength36
minLength36
formatuuid
source: string

The raw schema, e.g., the OpenAPI schema, either as JSON or YAML

validation_enabled?: boolean

An indicator if this schema is enabled

SchemaDeleteResponse { id }
id: string

The ID of the schema that was just deleted

formatuuid

Schema ValidationSettings

Get global schema validation settings
client.schemaValidation.settings.get(SettingGetParams { zone_id } params, RequestOptionsoptions?): SettingGetResponse { validation_default_mitigation_action, validation_override_mitigation_action }
GET/zones/{zone_id}/schema_validation/settings
Update global schema validation settings
client.schemaValidation.settings.update(SettingUpdateParams { zone_id, validation_default_mitigation_action, validation_override_mitigation_action } params, RequestOptionsoptions?): SettingUpdateResponse { validation_default_mitigation_action, validation_override_mitigation_action }
PUT/zones/{zone_id}/schema_validation/settings
Edit global schema validation settings
client.schemaValidation.settings.edit(SettingEditParams { zone_id, validation_default_mitigation_action, validation_override_mitigation_action } params, RequestOptionsoptions?): SettingEditResponse { validation_default_mitigation_action, validation_override_mitigation_action }
PATCH/zones/{zone_id}/schema_validation/settings
ModelsExpand Collapse
SettingGetResponse { validation_default_mitigation_action, validation_override_mitigation_action }
validation_default_mitigation_action: "none" | "log" | "block"

The default mitigation action used

Mitigation actions are as follows:

  • log - log request when request does not conform to schema
  • block - deny access to the site when request does not conform to schema
  • none - skip running schema validation
One of the following:
"none"
"log"
"block"
validation_override_mitigation_action?: "none"

When not null, this overrides global both zone level and operation level mitigation actions. This can serve as a quick way to disable schema validation for the whole zone.

  • "none" will skip running schema validation entirely for the request
SettingUpdateResponse { validation_default_mitigation_action, validation_override_mitigation_action }
validation_default_mitigation_action: "none" | "log" | "block"

The default mitigation action used

Mitigation actions are as follows:

  • log - log request when request does not conform to schema
  • block - deny access to the site when request does not conform to schema
  • none - skip running schema validation
One of the following:
"none"
"log"
"block"
validation_override_mitigation_action?: "none"

When not null, this overrides global both zone level and operation level mitigation actions. This can serve as a quick way to disable schema validation for the whole zone.

  • "none" will skip running schema validation entirely for the request
SettingEditResponse { validation_default_mitigation_action, validation_override_mitigation_action }
validation_default_mitigation_action: "none" | "log" | "block"

The default mitigation action used

Mitigation actions are as follows:

  • log - log request when request does not conform to schema
  • block - deny access to the site when request does not conform to schema
  • none - skip running schema validation
One of the following:
"none"
"log"
"block"
validation_override_mitigation_action?: "none"

When not null, this overrides global both zone level and operation level mitigation actions. This can serve as a quick way to disable schema validation for the whole zone.

  • "none" will skip running schema validation entirely for the request

Schema ValidationSettingsOperations

List per-operation schema validation settings
client.schemaValidation.settings.operations.list(OperationListParams { zone_id, page, per_page } params, RequestOptionsoptions?): V4PagePaginationArray<OperationListResponse { mitigation_action, operation_id } >
GET/zones/{zone_id}/schema_validation/settings/operations
Get per-operation schema validation setting
client.schemaValidation.settings.operations.get(stringoperationId, OperationGetParams { zone_id } params, RequestOptionsoptions?): OperationGetResponse { mitigation_action, operation_id }
GET/zones/{zone_id}/schema_validation/settings/operations/{operation_id}
Update per-operation schema validation setting
client.schemaValidation.settings.operations.update(stringoperationId, OperationUpdateParams { zone_id, mitigation_action } params, RequestOptionsoptions?): OperationUpdateResponse { mitigation_action, operation_id }
PUT/zones/{zone_id}/schema_validation/settings/operations/{operation_id}
Bulk edit per-operation schema validation settings
client.schemaValidation.settings.operations.bulkEdit(OperationBulkEditParams { zone_id, body } params, RequestOptionsoptions?): OperationBulkEditResponse { mitigation_action, operation_id }
PATCH/zones/{zone_id}/schema_validation/settings/operations
Delete per-operation schema validation setting
client.schemaValidation.settings.operations.delete(stringoperationId, OperationDeleteParams { zone_id } params, RequestOptionsoptions?): OperationDeleteResponse { operation_id }
DELETE/zones/{zone_id}/schema_validation/settings/operations/{operation_id}
ModelsExpand Collapse
OperationListResponse { mitigation_action, operation_id }
mitigation_action: "log" | "block" | "none"

When set, this applies a mitigation action to this operation which supersedes a global schema validation setting just for this operation

  • "log" - log request when request does not conform to schema for this operation
  • "block" - deny access to the site when request does not conform to schema for this operation
  • "none" - will skip mitigation for this operation
One of the following:
"log"
"block"
"none"
operation_id: string

UUID.

maxLength36
minLength36
OperationGetResponse { mitigation_action, operation_id }
mitigation_action: "log" | "block" | "none"

When set, this applies a mitigation action to this operation which supersedes a global schema validation setting just for this operation

  • "log" - log request when request does not conform to schema for this operation
  • "block" - deny access to the site when request does not conform to schema for this operation
  • "none" - will skip mitigation for this operation
One of the following:
"log"
"block"
"none"
operation_id: string

UUID.

maxLength36
minLength36
OperationUpdateResponse { mitigation_action, operation_id }
mitigation_action: "log" | "block" | "none"

When set, this applies a mitigation action to this operation which supersedes a global schema validation setting just for this operation

  • "log" - log request when request does not conform to schema for this operation
  • "block" - deny access to the site when request does not conform to schema for this operation
  • "none" - will skip mitigation for this operation
One of the following:
"log"
"block"
"none"
operation_id: string

UUID.

maxLength36
minLength36
OperationBulkEditResponse = Record<string, item>

Operation ID to per operation setting mapping

mitigation_action: "log" | "block" | "none"

When set, this applies a mitigation action to this operation which supersedes a global schema validation setting just for this operation

  • "log" - log request when request does not conform to schema for this operation
  • "block" - deny access to the site when request does not conform to schema for this operation
  • "none" - will skip mitigation for this operation
One of the following:
"log"
"block"
"none"
operation_id: string

UUID.

maxLength36
minLength36
OperationDeleteResponse { operation_id }
operation_id?: string

UUID.

maxLength36
minLength36