API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Token Validation

Token ValidationConfiguration

List token validation configurations

client.tokenValidation.configuration.list(ConfigurationListParams { zone_id, page, per_page } params, RequestOptionsoptions?): V4PagePaginationArray<TokenConfig { id, created_at, credentials, 5 more } >

GET/zones/{zone_id}/token_validation/config

Get a single Token Configuration

client.tokenValidation.configuration.get(stringconfigId, ConfigurationGetParams { zone_id } params, RequestOptionsoptions?): TokenConfig { id, created_at, credentials, 5 more }

GET/zones/{zone_id}/token_validation/config/{config_id}

Create a new Token Validation configuration

client.tokenValidation.configuration.create(ConfigurationCreateParams { zone_id, credentials, description, 3 more } params, RequestOptionsoptions?): TokenConfig { id, created_at, credentials, 5 more }

POST/zones/{zone_id}/token_validation/config

Edit an existing Token Configuration

client.tokenValidation.configuration.edit(stringconfigId, ConfigurationEditParams { zone_id, description, title, token_sources } params, RequestOptionsoptions?): ConfigurationEditResponse { id, description, title, token_sources }

PATCH/zones/{zone_id}/token_validation/config/{config_id}

Delete Token Configuration

client.tokenValidation.configuration.delete(stringconfigId, ConfigurationDeleteParams { zone_id } params, RequestOptionsoptions?): ConfigurationDeleteResponse { id }

DELETE/zones/{zone_id}/token_validation/config/{config_id}

ModelsExpand Collapse

TokenConfig { id, created_at, credentials, 5 more }

id: string

UUID.

maxLength36

minLength36

created_at: string

formatdate-time

credentials: Credentials { keys }

keys: Array<APIShieldCredentialsJWTKeyRSA { alg, e, kid, 2 more } | APIShieldCredentialsJWTKeyEcEs256 { alg, crv, kid, 3 more } | APIShieldCredentialsJWTKeyEcEs384 { alg, crv, kid, 3 more } >

One of the following:

APIShieldCredentialsJWTKeyRSA { alg, e, kid, 2 more }

JSON representation of an RSA key.

alg: "RS256" | "RS384" | "RS512" | 3 more

Algorithm

One of the following:

"RS256"

"RS384"

"RS512"

"PS256"

"PS384"

"PS512"

e: string

RSA exponent

kid: string

Key ID

kty: "RSA"

Key Type

n: string

RSA modulus

APIShieldCredentialsJWTKeyEcEs256 { alg, crv, kid, 3 more }

JSON representation of an ES256 key

alg: "ES256"

Algorithm

crv: "P-256"

Curve

kid: string

Key ID

kty: "EC"

Key Type

x: string

X EC coordinate

y: string

Y EC coordinate

APIShieldCredentialsJWTKeyEcEs384 { alg, crv, kid, 3 more }

JSON representation of an ES384 key

alg: "ES384"

Algorithm

crv: "P-384"

Curve

kid: string

Key ID

kty: "EC"

Key Type

x: string

X EC coordinate

y: string

Y EC coordinate

description: string

maxLength500

last_updated: string

formatdate-time

title: string

maxLength50

token_sources: Array<string>

token_type: "JWT"

ConfigurationEditResponse { id, description, title, token_sources }

id?: string

UUID.

maxLength36

minLength36

description?: string

maxLength500

title?: string

maxLength50

token_sources?: Array<string>

ConfigurationDeleteResponse { id }

id?: string

UUID.

maxLength36

minLength36

Token ValidationConfigurationCredentials

Update Token Configuration credentials

client.tokenValidation.configuration.credentials.update(stringconfigId, CredentialUpdateParams { zone_id, keys } params, RequestOptionsoptions?): CredentialUpdateResponse { errors, keys, messages, success }

PUT/zones/{zone_id}/token_validation/config/{config_id}/credentials

ModelsExpand Collapse

CredentialUpdateResponse { errors, keys, messages, success }

errors: Message { code, message, documentation_url, source }

keys: Array<APIShieldCredentialsJWTKeyRSA { alg, e, kid, 2 more } | APIShieldCredentialsJWTKeyEcEs256 { alg, crv, kid, 3 more } | APIShieldCredentialsJWTKeyEcEs384 { alg, crv, kid, 3 more } >

One of the following:

APIShieldCredentialsJWTKeyRSA { alg, e, kid, 2 more }

JSON representation of an RSA key.

alg: "RS256" | "RS384" | "RS512" | 3 more

Algorithm

One of the following:

"RS256"

"RS384"

"RS512"

"PS256"

"PS384"

"PS512"

e: string

RSA exponent

kid: string

Key ID

kty: "RSA"

Key Type

n: string

RSA modulus

APIShieldCredentialsJWTKeyEcEs256 { alg, crv, kid, 3 more }

JSON representation of an ES256 key

alg: "ES256"

Algorithm

crv: "P-256"

Curve

kid: string

Key ID

kty: "EC"

Key Type

x: string

X EC coordinate

y: string

Y EC coordinate

APIShieldCredentialsJWTKeyEcEs384 { alg, crv, kid, 3 more }

JSON representation of an ES384 key

alg: "ES384"

Algorithm

crv: "P-384"

Curve

kid: string

Key ID

kty: "EC"

Key Type

x: string

X EC coordinate

y: string

Y EC coordinate

messages: Message { code, message, documentation_url, source }

success: true

Whether the API call was successful.

Token ValidationRules

List token validation rules

client.tokenValidation.rules.list(RuleListParams { zone_id, id, action, 7 more } params, RequestOptionsoptions?): V4PagePaginationArray<TokenValidationRule { action, description, enabled, 6 more } >

GET/zones/{zone_id}/token_validation/rules

Create a token validation rule

client.tokenValidation.rules.create(RuleCreateParams { zone_id, action, description, 4 more } params, RequestOptionsoptions?): TokenValidationRule { action, description, enabled, 6 more }

POST/zones/{zone_id}/token_validation/rules

Bulk create token validation rules

client.tokenValidation.rules.bulkCreate(RuleBulkCreateParams { zone_id, body } params, RequestOptionsoptions?): SinglePage<TokenValidationRule { action, description, enabled, 6 more } >

POST/zones/{zone_id}/token_validation/rules/bulk

Bulk edit token validation rules

client.tokenValidation.rules.bulkEdit(RuleBulkEditParams { zone_id, body } params, RequestOptionsoptions?): SinglePage<TokenValidationRule { action, description, enabled, 6 more } >

PATCH/zones/{zone_id}/token_validation/rules/bulk

Get a zone token validation rule

client.tokenValidation.rules.get(stringruleId, RuleGetParams { zone_id } params, RequestOptionsoptions?): TokenValidationRule { action, description, enabled, 6 more }

GET/zones/{zone_id}/token_validation/rules/{rule_id}

Delete a zone token validation rule

client.tokenValidation.rules.delete(stringruleId, RuleDeleteParams { zone_id } params, RequestOptionsoptions?): RuleDeleteResponse

DELETE/zones/{zone_id}/token_validation/rules/{rule_id}

Edit a zone token validation rule

client.tokenValidation.rules.edit(stringruleId, RuleEditParams { zone_id, action, description, 5 more } params, RequestOptionsoptions?): TokenValidationRule { action, description, enabled, 6 more }

PATCH/zones/{zone_id}/token_validation/rules/{rule_id}

ModelsExpand Collapse

TokenValidationRule { action, description, enabled, 6 more }

A Token Validation rule that can enforce security policies using JWT Tokens.

action: "log" | "block"

Action to take on requests that match operations included in selector and fail expression.

One of the following:

"log"

"block"

description: string

A human-readable description that gives more details than title.

maxLength500

enabled: boolean

Toggle rule on or off.

expression: string

Rule expression. Requests that fail to match this expression will be subject to action.

For details on expressions, see the Cloudflare Docs.

selector: Selector { exclude, include }

Select operations covered by this rule.

For details on selectors, see the Cloudflare Docs.

exclude?: Array<Exclude> | null

Ignore operations that were otherwise included by include.

operation_ids?: Array<string>

Excluded operation IDs.

include?: Array<Include> | null

Select all matching operations.

host?: Array<string>

Included hostnames.

title: string

A human-readable name for the rule.

maxLength50

id?: string

UUID.

maxLength36

minLength36

created_at?: string

formatdate-time

last_updated?: string

formatdate-time

RuleDeleteResponse = unknown