# Token Validation # Configuration ## List token validation configurations `client.tokenValidation.configuration.list(ConfigurationListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/token_validation/config` Lists all token validation configurations for this zone ### Parameters - `params: ConfigurationListParams` - `zone_id: string` Path param: Identifier. - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Maximum number of results per page. ### Returns - `TokenConfig` - `id: string` UUID. - `created_at: string` - `credentials: Credentials` - `keys: Array` - `APIShieldCredentialsJWTKeyRSA` JSON representation of an RSA key. - `alg: "RS256" | "RS384" | "RS512" | 3 more` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: string` RSA exponent - `kid: string` Key ID - `kty: "RSA"` Key Type - `"RSA"` - `n: string` RSA modulus - `APIShieldCredentialsJWTKeyEcEs256` JSON representation of an ES256 key - `alg: "ES256"` Algorithm - `"ES256"` - `crv: "P-256"` Curve - `"P-256"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `APIShieldCredentialsJWTKeyEcEs384` JSON representation of an ES384 key - `alg: "ES384"` Algorithm - `"ES384"` - `crv: "P-384"` Curve - `"P-384"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `description: string` - `last_updated: string` - `title: string` - `token_sources: Array` - `token_type: "JWT"` - `"JWT"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const tokenConfig of client.tokenValidation.configuration.list({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(tokenConfig.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "credentials": { "keys": [ { "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY" } ] }, "description": "Long description for Token Validation Configuration", "last_updated": "2014-01-01T05:20:00.12345Z", "title": "Example Token Validation Configuration", "token_sources": [ "http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]" ], "token_type": "JWT" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get a single Token Configuration `client.tokenValidation.configuration.get(stringconfigId, ConfigurationGetParamsparams, RequestOptionsoptions?): TokenConfig` **get** `/zones/{zone_id}/token_validation/config/{config_id}` Get a single Token Configuration ### Parameters - `configId: string` UUID. - `params: ConfigurationGetParams` - `zone_id: string` Identifier. ### Returns - `TokenConfig` - `id: string` UUID. - `created_at: string` - `credentials: Credentials` - `keys: Array` - `APIShieldCredentialsJWTKeyRSA` JSON representation of an RSA key. - `alg: "RS256" | "RS384" | "RS512" | 3 more` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: string` RSA exponent - `kid: string` Key ID - `kty: "RSA"` Key Type - `"RSA"` - `n: string` RSA modulus - `APIShieldCredentialsJWTKeyEcEs256` JSON representation of an ES256 key - `alg: "ES256"` Algorithm - `"ES256"` - `crv: "P-256"` Curve - `"P-256"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `APIShieldCredentialsJWTKeyEcEs384` JSON representation of an ES384 key - `alg: "ES384"` Algorithm - `"ES384"` - `crv: "P-384"` Curve - `"P-384"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `description: string` - `last_updated: string` - `title: string` - `token_sources: Array` - `token_type: "JWT"` - `"JWT"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const tokenConfig = await client.tokenValidation.configuration.get( '4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(tokenConfig.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "credentials": { "keys": [ { "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY" } ] }, "description": "Long description for Token Validation Configuration", "last_updated": "2014-01-01T05:20:00.12345Z", "title": "Example Token Validation Configuration", "token_sources": [ "http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]" ], "token_type": "JWT" }, "success": true } ``` ## Create a new Token Validation configuration `client.tokenValidation.configuration.create(ConfigurationCreateParamsparams, RequestOptionsoptions?): TokenConfig` **post** `/zones/{zone_id}/token_validation/config` Create a new Token Validation configuration ### Parameters - `params: ConfigurationCreateParams` - `zone_id: string` Path param: Identifier. - `credentials: Credentials` Body param - `keys: Array` - `APIShieldCredentialsJWTKeyRSA` JSON representation of an RSA key. - `alg: "RS256" | "RS384" | "RS512" | 3 more` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: string` RSA exponent - `kid: string` Key ID - `kty: "RSA"` Key Type - `"RSA"` - `n: string` RSA modulus - `APIShieldCredentialsJWTKeyEcEs256` JSON representation of an ES256 key - `alg: "ES256"` Algorithm - `"ES256"` - `crv: "P-256"` Curve - `"P-256"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `APIShieldCredentialsJWTKeyEcEs384` JSON representation of an ES384 key - `alg: "ES384"` Algorithm - `"ES384"` - `crv: "P-384"` Curve - `"P-384"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `description: string` Body param - `title: string` Body param - `token_sources: Array` Body param - `token_type: "JWT"` Body param - `"JWT"` ### Returns - `TokenConfig` - `id: string` UUID. - `created_at: string` - `credentials: Credentials` - `keys: Array` - `APIShieldCredentialsJWTKeyRSA` JSON representation of an RSA key. - `alg: "RS256" | "RS384" | "RS512" | 3 more` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: string` RSA exponent - `kid: string` Key ID - `kty: "RSA"` Key Type - `"RSA"` - `n: string` RSA modulus - `APIShieldCredentialsJWTKeyEcEs256` JSON representation of an ES256 key - `alg: "ES256"` Algorithm - `"ES256"` - `crv: "P-256"` Curve - `"P-256"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `APIShieldCredentialsJWTKeyEcEs384` JSON representation of an ES384 key - `alg: "ES384"` Algorithm - `"ES384"` - `crv: "P-384"` Curve - `"P-384"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `description: string` - `last_updated: string` - `title: string` - `token_sources: Array` - `token_type: "JWT"` - `"JWT"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const tokenConfig = await client.tokenValidation.configuration.create({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', credentials: { keys: [ { alg: 'ES256', crv: 'P-256', kid: '38013f13-c266-4eec-a72a-92ec92779f21', kty: 'EC', x: 'KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ', y: 'lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY', }, ], }, description: 'Long description for Token Validation Configuration', title: 'Example Token Validation Configuration', token_sources: ['http.request.headers["x-auth"][0]', 'http.request.cookies["Authorization"][0]'], token_type: 'JWT', }); console.log(tokenConfig.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "credentials": { "keys": [ { "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY" } ] }, "description": "Long description for Token Validation Configuration", "last_updated": "2014-01-01T05:20:00.12345Z", "title": "Example Token Validation Configuration", "token_sources": [ "http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]" ], "token_type": "JWT" }, "success": true } ``` ## Edit an existing Token Configuration `client.tokenValidation.configuration.edit(stringconfigId, ConfigurationEditParamsparams, RequestOptionsoptions?): ConfigurationEditResponse` **patch** `/zones/{zone_id}/token_validation/config/{config_id}` Edit fields of an existing Token Configuration ### Parameters - `configId: string` UUID. - `params: ConfigurationEditParams` - `zone_id: string` Path param: Identifier. - `description?: string` Body param - `title?: string` Body param - `token_sources?: Array` Body param ### Returns - `ConfigurationEditResponse` - `id?: string` UUID. - `description?: string` - `title?: string` - `token_sources?: Array` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.tokenValidation.configuration.edit( '4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "Long description for Token Validation Configuration", "title": "Example Token Validation Configuration", "token_sources": [ "http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]" ] }, "success": true } ``` ## Delete Token Configuration `client.tokenValidation.configuration.delete(stringconfigId, ConfigurationDeleteParamsparams, RequestOptionsoptions?): ConfigurationDeleteResponse` **delete** `/zones/{zone_id}/token_validation/config/{config_id}` Delete Token Configuration ### Parameters - `configId: string` UUID. - `params: ConfigurationDeleteParams` - `zone_id: string` Identifier. ### Returns - `ConfigurationDeleteResponse` - `id?: string` UUID. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const configuration = await client.tokenValidation.configuration.delete( '4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(configuration.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### Token Config - `TokenConfig` - `id: string` UUID. - `created_at: string` - `credentials: Credentials` - `keys: Array` - `APIShieldCredentialsJWTKeyRSA` JSON representation of an RSA key. - `alg: "RS256" | "RS384" | "RS512" | 3 more` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: string` RSA exponent - `kid: string` Key ID - `kty: "RSA"` Key Type - `"RSA"` - `n: string` RSA modulus - `APIShieldCredentialsJWTKeyEcEs256` JSON representation of an ES256 key - `alg: "ES256"` Algorithm - `"ES256"` - `crv: "P-256"` Curve - `"P-256"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `APIShieldCredentialsJWTKeyEcEs384` JSON representation of an ES384 key - `alg: "ES384"` Algorithm - `"ES384"` - `crv: "P-384"` Curve - `"P-384"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `description: string` - `last_updated: string` - `title: string` - `token_sources: Array` - `token_type: "JWT"` - `"JWT"` ### Configuration Edit Response - `ConfigurationEditResponse` - `id?: string` UUID. - `description?: string` - `title?: string` - `token_sources?: Array` ### Configuration Delete Response - `ConfigurationDeleteResponse` - `id?: string` UUID. # Credentials ## Update Token Configuration credentials `client.tokenValidation.configuration.credentials.update(stringconfigId, CredentialUpdateParamsparams, RequestOptionsoptions?): CredentialUpdateResponse` **put** `/zones/{zone_id}/token_validation/config/{config_id}/credentials` Update Token Configuration credentials ### Parameters - `configId: string` UUID. - `params: CredentialUpdateParams` - `zone_id: string` Path param: Identifier. - `keys: Array` Body param - `APIShieldCredentialsJWTKeyRSA` JSON representation of an RSA key. - `alg: "RS256" | "RS384" | "RS512" | 3 more` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: string` RSA exponent - `kid: string` Key ID - `kty: "RSA"` Key Type - `"RSA"` - `n: string` RSA modulus - `APIShieldCredentialsJWTKeyEcEs256` JSON representation of an ES256 key - `alg: "ES256"` Algorithm - `"ES256"` - `crv: "P-256"` Curve - `"P-256"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `APIShieldCredentialsJWTKeyEcEs384` JSON representation of an ES384 key - `alg: "ES384"` Algorithm - `"ES384"` - `crv: "P-384"` Curve - `"P-384"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate ### Returns - `CredentialUpdateResponse` - `errors: Message` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `keys: Array` - `APIShieldCredentialsJWTKeyRSA` JSON representation of an RSA key. - `alg: "RS256" | "RS384" | "RS512" | 3 more` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: string` RSA exponent - `kid: string` Key ID - `kty: "RSA"` Key Type - `"RSA"` - `n: string` RSA modulus - `APIShieldCredentialsJWTKeyEcEs256` JSON representation of an ES256 key - `alg: "ES256"` Algorithm - `"ES256"` - `crv: "P-256"` Curve - `"P-256"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `APIShieldCredentialsJWTKeyEcEs384` JSON representation of an ES384 key - `alg: "ES384"` Algorithm - `"ES384"` - `crv: "P-384"` Curve - `"P-384"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `messages: Message` - `success: true` Whether the API call was successful. - `true` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const credential = await client.tokenValidation.configuration.credentials.update( '4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', keys: [ { alg: 'ES256', crv: 'P-256', kid: '38013f13-c266-4eec-a72a-92ec92779f21', kty: 'EC', x: 'KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ', y: 'lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY', }, ], }, ); console.log(credential.errors); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "keys": [ { "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY" } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Credential Update Response - `CredentialUpdateResponse` - `errors: Message` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `keys: Array` - `APIShieldCredentialsJWTKeyRSA` JSON representation of an RSA key. - `alg: "RS256" | "RS384" | "RS512" | 3 more` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: string` RSA exponent - `kid: string` Key ID - `kty: "RSA"` Key Type - `"RSA"` - `n: string` RSA modulus - `APIShieldCredentialsJWTKeyEcEs256` JSON representation of an ES256 key - `alg: "ES256"` Algorithm - `"ES256"` - `crv: "P-256"` Curve - `"P-256"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `APIShieldCredentialsJWTKeyEcEs384` JSON representation of an ES384 key - `alg: "ES384"` Algorithm - `"ES384"` - `crv: "P-384"` Curve - `"P-384"` - `kid: string` Key ID - `kty: "EC"` Key Type - `"EC"` - `x: string` X EC coordinate - `y: string` Y EC coordinate - `messages: Message` - `success: true` Whether the API call was successful. - `true` # Rules ## List token validation rules `client.tokenValidation.rules.list(RuleListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/token_validation/rules` List token validation rules ### Parameters - `params: RuleListParams` - `zone_id: string` Path param: Identifier. - `id?: string` Query param: Select rules with these IDs. - `action?: "log" | "block"` Query param: Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `enabled?: boolean` Query param: Toggle rule on or off. - `host?: string` Query param: Select rules with this host in `include`. - `hostname?: string` Query param: Select rules with this host in `include`. - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Maximum number of results per page. - `rule_id?: string` Query param: Select rules with these IDs. - `token_configuration?: Array` Query param: Select rules using any of these token configurations. ### Returns - `TokenValidationRule` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` A human-readable description that gives more details than `title`. - `enabled: boolean` Toggle rule on or off. - `expression: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` A human-readable name for the rule. - `id?: string` UUID. - `created_at?: string` - `last_updated?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const tokenValidationRule of client.tokenValidation.rules.list({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(tokenValidationRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create a token validation rule `client.tokenValidation.rules.create(RuleCreateParamsparams, RequestOptionsoptions?): TokenValidationRule` **post** `/zones/{zone_id}/token_validation/rules` Create a token validation rule. ### Parameters - `params: RuleCreateParams` - `zone_id: string` Path param: Identifier. - `action: "log" | "block"` Body param: Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` Body param: A human-readable description that gives more details than `title`. - `enabled: boolean` Body param: Toggle rule on or off. - `expression: string` Body param: Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Body param: Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` Body param: A human-readable name for the rule. ### Returns - `TokenValidationRule` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` A human-readable description that gives more details than `title`. - `enabled: boolean` Toggle rule on or off. - `expression: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` A human-readable name for the rule. - `id?: string` UUID. - `created_at?: string` - `last_updated?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const tokenValidationRule = await client.tokenValidation.rules.create({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', action: 'log', description: 'Long description for Token Validation Rule', enabled: true, expression: 'is_jwt_valid("52973293-cb04-4a97-8f55-e7d2ad1107dd") or is_jwt_valid("46eab8d1-6376-45e3-968f-2c649d77d423")', selector: {}, title: 'Example Token Validation Rule', }); console.log(tokenValidationRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Bulk create token validation rules `client.tokenValidation.rules.bulkCreate(RuleBulkCreateParamsparams, RequestOptionsoptions?): SinglePage` **post** `/zones/{zone_id}/token_validation/rules/bulk` Create zone token validation rules. A request can create multiple Token Validation Rules. ### Parameters - `params: RuleBulkCreateParams` - `zone_id: string` Path param: Identifier. - `body: Array` Body param - `action: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` A human-readable description that gives more details than `title`. - `enabled: boolean` Toggle rule on or off. - `expression: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` A human-readable name for the rule. ### Returns - `TokenValidationRule` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` A human-readable description that gives more details than `title`. - `enabled: boolean` Toggle rule on or off. - `expression: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` A human-readable name for the rule. - `id?: string` UUID. - `created_at?: string` - `last_updated?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const tokenValidationRule of client.tokenValidation.rules.bulkCreate({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', body: [ { action: 'log', description: 'Long description for Token Validation Rule', enabled: true, expression: 'is_jwt_valid("52973293-cb04-4a97-8f55-e7d2ad1107dd") or is_jwt_valid("46eab8d1-6376-45e3-968f-2c649d77d423")', selector: {}, title: 'Example Token Validation Rule', }, ], })) { console.log(tokenValidationRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Bulk edit token validation rules `client.tokenValidation.rules.bulkEdit(RuleBulkEditParamsparams, RequestOptionsoptions?): SinglePage` **patch** `/zones/{zone_id}/token_validation/rules/bulk` Edit token validation rules. A request can update multiple Token Validation Rules. Rules can be re-ordered using the `position` field. Returns all updated rules. ### Parameters - `params: RuleBulkEditParams` - `zone_id: string` Path param: Identifier. - `body: Array` Body param - `id: string` Rule ID this patch applies to - `action?: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description?: string` A human-readable description that gives more details than `title`. - `enabled?: boolean` Toggle rule on or off. - `expression?: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `position?: APIShieldIndex | APIShieldBefore | APIShieldAfter` Update rule order among zone rules. - `APIShieldIndex` - `index: number` Move rule to this position - `APIShieldBefore` Move rule to after rule with ID. - `before?: string` Move rule to before rule with this ID. - `APIShieldAfter` Move rule to before rule with ID. - `after?: string` Move rule to after rule with this ID. - `selector?: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title?: string` A human-readable name for the rule. ### Returns - `TokenValidationRule` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` A human-readable description that gives more details than `title`. - `enabled: boolean` Toggle rule on or off. - `expression: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` A human-readable name for the rule. - `id?: string` UUID. - `created_at?: string` - `last_updated?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const tokenValidationRule of client.tokenValidation.rules.bulkEdit({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', body: [{ id: '0d9bf70c-92e1-4bb3-9411-34a3bcc59003' }], })) { console.log(tokenValidationRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get a zone token validation rule `client.tokenValidation.rules.get(stringruleId, RuleGetParamsparams, RequestOptionsoptions?): TokenValidationRule` **get** `/zones/{zone_id}/token_validation/rules/{rule_id}` Get a zone token validation rule. ### Parameters - `ruleId: string` UUID. - `params: RuleGetParams` - `zone_id: string` Identifier. ### Returns - `TokenValidationRule` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` A human-readable description that gives more details than `title`. - `enabled: boolean` Toggle rule on or off. - `expression: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` A human-readable name for the rule. - `id?: string` UUID. - `created_at?: string` - `last_updated?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const tokenValidationRule = await client.tokenValidation.rules.get( '4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(tokenValidationRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Delete a zone token validation rule `client.tokenValidation.rules.delete(stringruleId, RuleDeleteParamsparams, RequestOptionsoptions?): RuleDeleteResponse` **delete** `/zones/{zone_id}/token_validation/rules/{rule_id}` Delete a zone token validation rule. ### Parameters - `ruleId: string` UUID. - `params: RuleDeleteParams` - `zone_id: string` Identifier. ### Returns - `RuleDeleteResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const rule = await client.tokenValidation.rules.delete('4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(rule); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {} } ``` ## Edit a zone token validation rule `client.tokenValidation.rules.edit(stringruleId, RuleEditParamsparams, RequestOptionsoptions?): TokenValidationRule` **patch** `/zones/{zone_id}/token_validation/rules/{rule_id}` Edit a zone token validation rule. ### Parameters - `ruleId: string` UUID. - `params: RuleEditParams` - `zone_id: string` Path param: Identifier. - `action?: "log" | "block"` Body param: Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description?: string` Body param: A human-readable description that gives more details than `title`. - `enabled?: boolean` Body param: Toggle rule on or off. - `expression?: string` Body param: Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `position?: APIShieldIndex | APIShieldBefore | APIShieldAfter` Body param: Update rule order among zone rules. - `APIShieldIndex` - `index: number` Move rule to this position - `APIShieldBefore` Move rule to after rule with ID. - `before?: string` Move rule to before rule with this ID. - `APIShieldAfter` Move rule to before rule with ID. - `after?: string` Move rule to after rule with this ID. - `selector?: Selector` Body param: Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title?: string` Body param: A human-readable name for the rule. ### Returns - `TokenValidationRule` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` A human-readable description that gives more details than `title`. - `enabled: boolean` Toggle rule on or off. - `expression: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` A human-readable name for the rule. - `id?: string` UUID. - `created_at?: string` - `last_updated?: string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const tokenValidationRule = await client.tokenValidation.rules.edit( '4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(tokenValidationRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Domain Types ### Token Validation Rule - `TokenValidationRule` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: "log" | "block"` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: string` A human-readable description that gives more details than `title`. - `enabled: boolean` Toggle rule on or off. - `expression: string` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude?: Array | null` Ignore operations that were otherwise included by `include`. - `operation_ids?: Array` Excluded operation IDs. - `include?: Array | null` Select all matching operations. - `host?: Array` Included hostnames. - `title: string` A human-readable name for the rule. - `id?: string` UUID. - `created_at?: string` - `last_updated?: string` ### Rule Delete Response - `RuleDeleteResponse = unknown`