Zero Trust
ZeroTrust
Access
ZeroTrust.Access
ZeroTrust.Access.AIControls
ZeroTrust.Access.AIControls.Mcp
ZeroTrust.Access.AIControls.Mcp.Portals
Methods
List MCP Portals
Create a new MCP Portal
Read details of an MCP Portal
Update a MCP Portal
Delete a MCP Portal
ZeroTrust.Access.AIControls.Mcp.Servers
Methods
List MCP Servers
Create a new MCP Server
Read the details of a MCP Server
Update a MCP Server
Delete a MCP Server
Sync MCP Server Capabilities
ZeroTrust.Access.Applications
Methods
Lists all Access applications in an account or zone.
Fetches information about an Access application.
Adds a new application to Access.
Updates an Access application.
Deletes an application from Access.
Revokes all tokens issued for an application.
Domain types
The identity providers selected for application.
Identifier.
Configuration for provisioning to this application via SCIM. This is currently in closed beta.
The application type.
The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action.
The format of the name identifier sent to the SaaS application.
Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
Attributes for configuring OAuth 2 authentication scheme for SCIM provisioning to an application.
Attributes for configuring OAuth Bearer Token authentication scheme for SCIM provisioning to an application.
Transformations and filters applied to resources before they are provisioned in the remote SCIM service.
A domain that Access will secure.
ZeroTrust.Access.Applications.CAs
Methods
Lists short-lived certificate CAs and their public keys.
Fetches a short-lived certificate CA and its public key.
Generates a new short-lived certificate CA and public key.
Deletes a short-lived certificate CA.
Domain types
ZeroTrust.Access.Applications.Policies
Methods
Lists Access policies configured for an application. Returns both exclusively scoped and reusable policies used by the application.
Fetches a single Access policy configured for an application. Returns both exclusively owned and reusable policies used by the application.
Creates a policy applying exclusive to a single application that defines the users or groups who can reach it. We recommend creating a reusable policy instead and subsequently referencing its ID in the application's 'policies' array.
Updates an Access policy specific to an application. To update a reusable policy, use the /account or zones/{account or zone_id}/policies/{uid} endpoint.
Deletes an Access policy specific to an application. To delete a reusable policy, use the /account or zones/{account or zone_id}/policies/{uid} endpoint.
Domain types
Enforces a device posture rule has run successfully
Matches an Access group.
Matches any valid Access Service Token
Enforce different MFA options
Matches an Azure group. Requires an Azure identity provider.
Matches any valid client certificate.
Matches a specific country
Match an entire email domain.
Matches an email address from a list.
Matches a specific email.
Matches everyone.
Create Allow or Block policies which evaluate the user based on custom criteria.
Matches a Github organization. Requires a Github identity provider.
Matches an Access group.
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
Matches an IP address from a list.
Matches an IP address block.
Matches an Okta group. Requires an Okta identity provider.
Matches a SAML group. Requires a SAML identity provider.
Matches a specific Access Service Token
ZeroTrust.Access.Applications.PolicyTests
Methods
Fetches the current status of a given Access policy test.
Starts an Access policy test.
ZeroTrust.Access.Applications.PolicyTests.Users
Methods
Fetches a single page of user results from an Access policy test.
ZeroTrust.Access.Applications.Settings
Methods
Updates Access application settings.
Updates Access application settings.
ZeroTrust.Access.Applications.UserPolicyChecks
Methods
Tests if a specific user has permission to access an application.
Domain types
ZeroTrust.Access.Bookmarks
Methods
Lists Bookmark applications.
Fetches a single Bookmark application.
Create a new Bookmark application.
Updates a configured Bookmark application.
Deletes a Bookmark application.
Domain types
ZeroTrust.Access.Certificates
Methods
Lists all mTLS root certificates.
Fetches a single mTLS certificate.
Adds a new mTLS root certificate to Access.
Updates a configured mTLS certificate.
Deletes an mTLS certificate.
Domain types
A fully-qualified domain name (FQDN).
ZeroTrust.Access.Certificates.Settings
Methods
List all mTLS hostname settings for this account or zone.
Updates an mTLS certificate's hostname settings.
Domain types
ZeroTrust.Access.CustomPages
Methods
List custom pages
Fetches a custom page and also returns its HTML.
Create a custom page
Update a custom page
Delete a custom page
Domain types
ZeroTrust.Access.GatewayCA
Methods
Lists SSH Certificate Authorities (CA).
Adds a new SSH Certificate Authority (CA).
Deletes an SSH Certificate Authority.
ZeroTrust.Access.Groups
Methods
Lists all Access groups.
Fetches a single Access group.
Creates a new Access group.
Updates a configured Access group.
Deletes an Access group.
Domain types
ZeroTrust.Access.Infrastructure
ZeroTrust.Access.Infrastructure.Targets
Methods
Lists and sorts an account’s targets. Filters are optional and are ANDed together.
Get target
Create new target
Update target
Delete target
Adds one or more targets.
Removes one or more targets.
Removes one or more targets.
ZeroTrust.Access.Keys
Methods
Gets the Access key rotation settings for an account.
Updates the Access key rotation settings for an account.
Perfoms a key rotation for an account.
ZeroTrust.Access.Logs
ZeroTrust.Access.Logs.AccessRequests
Methods
Gets a list of Access authentication audit logs for an account.
ZeroTrust.Access.Logs.SCIM
Domain types
ZeroTrust.Access.Logs.SCIM.Updates
Methods
Lists Access SCIM update logs that maintain a record of updates made to User and Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM).
ZeroTrust.Access.Policies
Methods
Lists Access reusable policies.
Fetches a single Access reusable policy.
Creates a new Access reusable policy.
Updates a Access reusable policy.
Deletes an Access reusable policy.
Domain types
A group of email addresses that can approve a temporary authentication request.
ZeroTrust.Access.ServiceTokens
Methods
Lists all service tokens.
Fetches a single service token.
Generates a new service token. Note: This is the only time you can get the Client Secret. If you lose the Client Secret, you will have to rotate the Client Secret or create a new service token.
Updates a configured service token.
Deletes a service token.
Refreshes the expiration of a service token.
Generates a new Client Secret for a service token and revokes the old one.
Domain types
ZeroTrust.Access.Users
Methods
Gets a list of users for an account.
Domain types
ZeroTrust.Access.Users.ActiveSessions
Methods
Get active sessions for a single user.
Get an active session for a single user.
ZeroTrust.Access.Users.FailedLogins
Methods
Get all failed login attempts for a single user.
ZeroTrust.Access.Users.LastSeenIdentity
Methods
Get last seen identity for a single user.
Domain types
Connectivity Settings
ZeroTrust.ConnectivitySettings
Methods
Gets the Zero Trust Connectivity Settings for the given account.
Updates the Zero Trust Connectivity Settings for the given account.
Devices
ZeroTrust.Devices
Methods
List WARP devices. Not supported when multi-user mode is enabled for the account.
Deprecated: please use one of the following endpoints instead:
- GET /accounts/{account_id}/devices/physical-devices
- GET /accounts/{account_id}/devices/registrations
Fetches a single WARP device. Not supported when multi-user mode is enabled for the account.
Deprecated: please use one of the following endpoints instead:
- GET /accounts/{account_id}/devices/physical-devices/{device_id}
- GET /accounts/{account_id}/devices/registrations/{registration_id}
Domain types
ZeroTrust.Devices.Devices
Methods
Lists WARP devices.
Fetches a single WARP device.
Deletes a WARP device.
Revokes all WARP registrations associated with the specified device.
ZeroTrust.Devices.DEXTests
Methods
Fetch all DEX tests
Fetch a single DEX test.
Create a DEX test.
Update a DEX test.
Delete a Device DEX test. Returns the remaining device dex tests for the account.
Domain types
The configuration object which contains the details for the WARP client to conduct the test.
ZeroTrust.Devices.FleetStatus
Methods
Get the live status of a latest device given device_id from the device_state table
ZeroTrust.Devices.Networks
Methods
Fetches a list of managed networks for an account.
Fetches details for a single managed network.
Creates a new device managed network.
Updates a configured device managed network.
Deletes a device managed network and fetches a list of the remaining device managed networks for an account.
Domain types
ZeroTrust.Devices.OverrideCodes
Methods
Fetches a one-time use admin override code for a device. This relies on the Admin Override setting being enabled in your device configuration. Not supported when multi-user mode is enabled for the account. Deprecated: please use GET /accounts/{account_id}/devices/registrations/{registration_id}/override_codes instead.
Fetches one-time use admin override codes for a registration. This relies on the Admin Override setting being enabled in your device configuration.
ZeroTrust.Devices.Policies
Domain types
ZeroTrust.Devices.Policies.Custom
Methods
Fetches a list of the device settings profiles for an account.
Fetches a device settings profile by ID.
Creates a device settings profile to be applied to certain devices matching the criteria.
Updates a configured device settings profile.
Deletes a device settings profile and fetches a list of the remaining profiles for an account.
ZeroTrust.Devices.Policies.Custom.Excludes
Methods
Fetches the list of routes excluded from the WARP client's tunnel for a specific device settings profile.
Sets the list of routes excluded from the WARP client's tunnel for a specific device settings profile.
ZeroTrust.Devices.Policies.Custom.FallbackDomains
Methods
Fetches the list of domains to bypass Gateway DNS resolution from a specified device settings profile. These domains will use the specified local DNS resolver instead.
Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. This will only apply to the specified device settings profile.
ZeroTrust.Devices.Policies.Custom.Includes
Methods
Fetches the list of routes included in the WARP client's tunnel for a specific device settings profile.
Sets the list of routes included in the WARP client's tunnel for a specific device settings profile.
ZeroTrust.Devices.Policies.Default
Methods
Fetches the default device settings profile for an account.
Updates the default device settings profile for an account.
ZeroTrust.Devices.Policies.Default.Certificates
Methods
Fetches device certificate provisioning.
Enable Zero Trust Clients to provision a certificate, containing a x509 subject, and referenced by Access device posture policies when the client visits MTLS protected domains. This facilitates device posture without a WARP session.
ZeroTrust.Devices.Policies.Default.Excludes
Methods
Fetches the list of routes excluded from the WARP client's tunnel.
Sets the list of routes excluded from the WARP client's tunnel.
ZeroTrust.Devices.Policies.Default.FallbackDomains
Methods
Fetches a list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead.
Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead.
ZeroTrust.Devices.Policies.Default.Includes
Methods
Fetches the list of routes included in the WARP client's tunnel.
Sets the list of routes included in the WARP client's tunnel.
ZeroTrust.Devices.Posture
Methods
Fetches device posture rules for a Zero Trust account.
Fetches a single device posture rule.
Creates a new device posture rule.
Updates a device posture rule.
Deletes a device posture rule.
Domain types
The value to be checked against.
ZeroTrust.Devices.Posture.Integrations
Methods
Fetches the list of device posture integrations for an account.
Fetches details for a single device posture integration.
Create a new device posture integration.
Updates a configured device posture integration.
Delete a configured device posture integration.
Domain types
ZeroTrust.Devices.Registrations
Methods
Lists WARP registrations.
Fetches a single WARP registration.
Deletes a WARP registration.
Deletes a list of WARP registrations.
Revokes a list of WARP registrations.
Unrevokes a list of WARP registrations.
ZeroTrust.Devices.Resilience
ZeroTrust.Devices.Resilience.GlobalWARPOverride
Methods
Fetch the Global WARP override state.
Sets the Global WARP override state.
ZeroTrust.Devices.Revoke
Methods
Revokes a list of devices. Not supported when multi-user mode is enabled.
Deprecated: please use POST /accounts/{account_id}/devices/registrations/revoke instead.
ZeroTrust.Devices.Settings
Methods
Describes the current device settings for a Zero Trust account.
Updates the current device settings for a Zero Trust account.
Patches the current device settings for a Zero Trust account.
Resets the current device settings for a Zero Trust account.
Domain types
ZeroTrust.Devices.Unrevoke
Methods
Unrevokes a list of devices. Not supported when multi-user mode is enabled.
Deprecated: please use POST /accounts/{account_id}/devices/registrations/unrevoke instead.
DEX
ZeroTrust.DEX
Domain types
ZeroTrust.DEX.Colos
Methods
List Cloudflare colos that account's devices were connected to during a time period, sorted by usage starting from the most used colo. Colos without traffic are also returned and sorted alphabetically.
ZeroTrust.DEX.Commands
Methods
Retrieves a paginated list of commands issued to devices under the specified account, optionally filtered by time range, device, or other parameters
Initiate commands for up to 10 devices per account
ZeroTrust.DEX.Commands.Devices
Methods
List devices with WARP client support for remote captures which have been connected in the last 1 hour.
ZeroTrust.DEX.Commands.Downloads
Methods
Downloads artifacts for an executed command. Bulk downloads are not supported
ZeroTrust.DEX.Commands.Quota
Methods
Retrieves the current quota usage and limits for device commands within a specific account, including the time when the quota will reset
ZeroTrust.DEX.FleetStatus
Methods
List details for live (up to 60 minutes) devices using WARP
List details for devices using WARP, up to 7 days
Domain types
ZeroTrust.DEX.FleetStatus.Devices
Methods
List details for devices using WARP
ZeroTrust.DEX.HTTPTests
Methods
Get test details and aggregate performance metrics for an http test for a given time period between 1 hour and 7 days.
Domain types
ZeroTrust.DEX.HTTPTests.Percentiles
Methods
Get percentiles for an http test for a given time period between 1 hour and 7 days.
Domain types
ZeroTrust.DEX.Tests
Methods
List DEX tests with overview metrics
Domain types
ZeroTrust.DEX.Tests.UniqueDevices
Methods
Returns unique count of devices that have run synthetic application monitoring tests in the past 7 days.
Domain types
ZeroTrust.DEX.TracerouteTestResults
ZeroTrust.DEX.TracerouteTestResults.NetworkPath
Methods
Get a breakdown of hops and performance metrics for a specific traceroute test run
ZeroTrust.DEX.TracerouteTests
Methods
Get test details and aggregate performance metrics for an traceroute test for a given time period between 1 hour and 7 days.
Get percentiles for a traceroute test for a given time period between 1 hour and 7 days.
Get a breakdown of metrics by hop for individual traceroute test runs
Domain types
ZeroTrust.DEX.WARPChangeEvents
Methods
List WARP configuration and enablement toggle change events by device.
DLP
ZeroTrust.DLP
ZeroTrust.DLP.Datasets
Methods
Fetch all datasets
Fetch a specific dataset
Create a new dataset
Update details about a dataset
This deletes all versions of the dataset.
ZeroTrust.DLP.Datasets.Upload
Methods
Prepare to upload a new version of a dataset
This is used for single-column EDMv1 and Custom Word Lists. The EDM format can only be created in the Cloudflare dashboard. For other clients, this operation can only be used for non-secret Custom Word Lists. The body must be a UTF-8 encoded, newline (NL or CRNL) separated list of words to be matched.
Domain types
ZeroTrust.DLP.Datasets.Versions
Methods
This is used for multi-column EDMv2 datasets. The EDMv2 format can only be created in the Cloudflare dashboard. The columns in the response appear in the same order as in the request.
ZeroTrust.DLP.Datasets.Versions.Entries
Methods
This is used for multi-column EDMv2 datasets. The EDMv2 format can only be created in the Cloudflare dashboard.
ZeroTrust.DLP.Email
ZeroTrust.DLP.Email.AccountMapping
Methods
Get mapping
Create mapping
ZeroTrust.DLP.Email.Rules
Methods
Lists all email scanner rules for an account.
Get an email scanner rule
Create email scanner rule
Update email scanner rule
Delete email scanner rule
Update email scanner rule priorities
ZeroTrust.DLP.Entries
Methods
Lists all DLP entries in an account.
Fetches a DLP entry by ID.
Creates a DLP custom entry.
Updates a DLP entry.
Deletes a DLP custom entry.
ZeroTrust.DLP.Entries.Custom
Methods
Creates a DLP custom entry.
Updates a DLP custom entry.
Deletes a DLP custom entry.
Fetches a DLP entry by ID.
Lists all DLP entries in an account.
ZeroTrust.DLP.Entries.Integration
Methods
Integration entries can't be created, this will update an existing integration entry. This is needed for our generated terraform API.
Updates a DLP entry.
This is a no-op as integration entires can't be deleted but is needed for our generated terraform API.
Fetches a DLP entry by ID.
Lists all DLP entries in an account.
ZeroTrust.DLP.Entries.Predefined
Methods
Predefined entries can't be created, this will update an existing predefined entry. This is needed for our generated terraform API.
Updates a DLP entry.
This is a no-op as predefined entires can't be deleted but is needed for our generated terraform API.
Fetches a DLP entry by ID.
Lists all DLP entries in an account.
ZeroTrust.DLP.Limits
Methods
Fetch limits associated with DLP for account
ZeroTrust.DLP.Patterns
Methods
Validates whether this pattern is a valid regular expression. Rejects it if
the regular expression is too complex or can match an unbounded-length
string. The regex will be rejected if it uses * or +. Bound the maximum
number of characters that can be matched using a range, e.g. {1,100}.
ZeroTrust.DLP.PayloadLogs
Methods
Get payload log settings
Set payload log settings
ZeroTrust.DLP.Profiles
Methods
Lists all DLP profiles in an account.
Fetches a DLP profile by ID.
Domain types
Scan the context of predefined entries to only return matches surrounded by keywords.
Content types to exclude from context analysis and return all matches.
ZeroTrust.DLP.Profiles.Custom
Methods
Fetches a custom DLP profile by id.
Creates a DLP custom profile.
Updates a DLP custom profile.
Deletes a DLP custom profile.
Domain types
ZeroTrust.DLP.Profiles.Predefined
Methods
This is similar to get_predefined but only returns entries that are enabled.
This is needed for our terraform API
Fetches a predefined DLP profile by id.
This is similar to update_predefined but only returns entries that are enabled.
This is needed for our terraform API
Updates a DLP predefined profile. Only supports enabling/disabling entries.
This is a no-op as predefined profiles can't be deleted but is needed for our generated terraform API.
Domain types
Gateway
ZeroTrust.Gateway
Methods
Retrieve information about the current Zero Trust account.
Create a Zero Trust account for an existing Cloudflare account.
ZeroTrust.Gateway.AppTypes
Methods
List all application and application type mappings.
Domain types
ZeroTrust.Gateway.AuditSSHSettings
Methods
Retrieve all Zero Trust Audit SSH and SSH with Access for Infrastructure settings for an account.
Update Zero Trust Audit SSH and SSH with Access for Infrastructure settings for an account.
Rotate the SSH account seed that generates the host key identity when connecting through the Cloudflare SSH Proxy.
Domain types
ZeroTrust.Gateway.Categories
Methods
List all categories.
Domain types
ZeroTrust.Gateway.Certificates
Methods
List all Zero Trust certificates for an account.
Get a single Zero Trust certificate.
Create a new Zero Trust certificate.
Delete a gateway-managed Zero Trust certificate. You must deactivate the certificate from the edge (inactive) before deleting it.
Bind a single Zero Trust certificate to the edge.
Unbind a single Zero Trust certificate from the edge.
ZeroTrust.Gateway.Configurations
Methods
Retrieve the current Zero Trust account configuration.
Update the current Zero Trust account configuration.
Update (PATCH) a single subcollection of settings such as antivirus, tls_decrypt, activity_log, block_page, browser_isolation, fips, body_scanning, or certificate without updating the entire configuration object. This endpoint returns an error if any settings collection lacks proper configuration.
Domain types
Specify activity log settings.
Specify anti-virus settings.
Specify block page layout settings.
Specify the DLP inspection mode.
Specify Clientless Browser Isolation settings.
Specify custom certificate settings for BYO-PKI. This field is deprecated; use certificate instead.
Configures user email settings for firewall policies. When you enable this, the system standardizes email addresses in the identity portion of the rule to match extended email variants in firewall policies. When you disable this setting, the system matches email addresses exactly as you provide them. Enable this setting if your email uses . or + modifiers.
Specify FIPS settings.
Specify account settings.
Configure the message the user's device shows during an antivirus scan.
Specify whether to detect protocols from the initial bytes of client traffic.
Specify whether to inspect encrypted HTTP traffic.
ZeroTrust.Gateway.Configurations.CustomCertificate
Methods
Retrieve the current Zero Trust certificate configuration.
ZeroTrust.Gateway.Lists
Methods
Fetch all Zero Trust lists for an account.
Fetch a single Zero Trust list.
Creates a new Zero Trust list.
Updates a configured Zero Trust list. Skips updating list items if not included in the payload. A non empty list items will overwrite the existing list.
Appends or removes an item from a configured Zero Trust list.
Deletes a Zero Trust list.
Domain types
ZeroTrust.Gateway.Lists.Items
Methods
Fetch all items in a single Zero Trust list.
ZeroTrust.Gateway.Locations
Methods
List Zero Trust Gateway locations for an account.
Get a single Zero Trust Gateway location.
Create a new Zero Trust Gateway location.
Update a configured Zero Trust Gateway location.
Delete a configured Zero Trust Gateway location.
Domain types
Configure the destination endpoints for this location.
ZeroTrust.Gateway.Logging
Methods
Retrieve the current logging settings for the Zero Trust account.
Update logging settings for the current Zero Trust account.
Domain types
ZeroTrust.Gateway.ProxyEndpoints
Methods
List all Zero Trust Gateway proxy endpoints for an account.
Get a single Zero Trust Gateway proxy endpoint.
Create a new Zero Trust Gateway proxy endpoint.
Update a configured Zero Trust Gateway proxy endpoint.
Delete a configured Zero Trust Gateway proxy endpoint.
Domain types
Specify an IPv4 or IPv6 CIDR. Limit IPv6 to a maximum of /109 and IPv4 to a maximum of /25.
ZeroTrust.Gateway.Rules
Methods
List Zero Trust Gateway rules for an account.
Get a single Zero Trust Gateway rule.
Create a new Zero Trust Gateway rule.
Update a configured Zero Trust Gateway rule.
Delete a Zero Trust Gateway rule.
List Zero Trust Gateway rules for the parent account of an account in the MSP configuration.
Resets the expiration of a Zero Trust Gateway Rule if its duration elapsed and it has a default duration. The Zero Trust Gateway Rule must have values for both expiration.expires_at and expiration.duration.
Domain types
Specify the protocol or layer to use.
Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift.
Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.
Identity Providers
ZeroTrust.IdentityProviders
Methods
Lists all configured identity providers.
Fetches a configured identity provider.
Adds a new identity provider to Access.
Updates a configured identity provider.
Deletes an identity provider from Access.
Domain types
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
ZeroTrust.IdentityProviders.SCIM
ZeroTrust.IdentityProviders.SCIM.Groups
Methods
Lists SCIM Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM).
ZeroTrust.IdentityProviders.SCIM.Users
Methods
Lists SCIM User resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM).
Networks
ZeroTrust.Networks
ZeroTrust.Networks.HostnameRoutes
Methods
Lists and filters hostname routes in an account.
Get a hostname route.
Create a hostname route.
Updates a hostname route.
Delete a hostname route.
Domain types
ZeroTrust.Networks.Routes
Methods
Lists and filters private network routes in an account.
Get a private network route in an account.
Routes a private network through a Cloudflare Tunnel.
Updates an existing private network route in an account. The fields that are meant to be updated should be provided in the body of the request.
Deletes a private network route from an account.
Domain types
ZeroTrust.Networks.Routes.IPs
Methods
Fetches routes that contain the given IP address.
ZeroTrust.Networks.Routes.Networks
Methods
Deprecated
This endpoint and its related APIs are deprecated in favor of the equivalent Tunnel Route (without CIDR) APIs.
Routes a private network through a Cloudflare Tunnel. The CIDR in ip_network_encoded must be written in URL-encoded format.
Deprecated
This endpoint and its related APIs are deprecated in favor of the equivalent Tunnel Route (without CIDR) APIs.
Updates an existing private network route in an account. The CIDR in ip_network_encoded must be written in URL-encoded format.
Deprecated
This endpoint and its related APIs are deprecated in favor of the equivalent Tunnel Route (without CIDR) APIs.
Deletes a private network route from an account. The CIDR in ip_network_encoded must be written in URL-encoded format. If no virtual_network_id is provided it will delete the route from the default vnet. If no tun_type is provided it will fetch the type from the tunnel_id or if that is missing it will assume Cloudflare Tunnel as default. If tunnel_id is provided it will delete the route from that tunnel, otherwise it will delete the route based on the vnet and tun_type.
ZeroTrust.Networks.Subnets
Methods
Lists and filters subnets in an account.
ZeroTrust.Networks.Subnets.CloudflareSource
Methods
Updates the Cloudflare Source subnet of the given address family
ZeroTrust.Networks.VirtualNetworks
Methods
Lists and filters virtual networks in an account.
Get a virtual network.
Adds a new virtual network to an account.
Updates an existing virtual network.
Deletes an existing virtual network.
Domain types
Organizations
ZeroTrust.Organizations
Methods
Returns the configuration for your Zero Trust organization.
Sets up a Zero Trust organization for your account or zone.
Updates the configuration for your Zero Trust organization.
Revokes a user's access across all applications.
Domain types
ZeroTrust.Organizations.DOH
Methods
Returns the DoH settings for your Zero Trust organization.
Updates the DoH settings for your Zero Trust organization.
Risk Scoring
ZeroTrust.RiskScoring
Methods
Get risk event/score information for a specific user
Clear the risk score for a particular user
ZeroTrust.RiskScoring.Behaviours
Methods
Get all behaviors and associated configuration
Update configuration for risk behaviors
ZeroTrust.RiskScoring.Integrations
Methods
List all risk score integrations for the account.
Get risk score integration by id.
Create new risk score integration.
Overwrite the reference_id, tenant_url, and active values with the ones provided.
Delete a risk score integration.
ZeroTrust.RiskScoring.Integrations.References
Methods
Get risk score integration by reference id.
ZeroTrust.RiskScoring.Summary
Methods
Get risk score info for all users in the account
Seats
ZeroTrust.Seats
Methods
Removes a user from a Zero Trust seat when both access_seat and gateway_seat are set to false.
Domain types
Tunnels
ZeroTrust.Tunnels
Methods
Lists and filters all types of Tunnels in an account.
Domain types
ZeroTrust.Tunnels.Cloudflared
Methods
Lists and filters Cloudflare Tunnels in an account.
Fetches a single Cloudflare Tunnel.
Creates a new Cloudflare Tunnel in an account.
Updates an existing Cloudflare Tunnel.
Deletes a Cloudflare Tunnel from an account.
ZeroTrust.Tunnels.Cloudflared.Configurations
Methods
Gets the configuration for a remotely-managed tunnel
Adds or updates the configuration for a remotely-managed tunnel.
ZeroTrust.Tunnels.Cloudflared.Connections
Methods
Fetches connection details for a Cloudflare Tunnel.
Removes a connection (aka Cloudflare Tunnel Connector) from a Cloudflare Tunnel independently of its current state. If no connector id (client_id) is provided all connectors will be removed. We recommend running this command after rotating tokens.
Domain types
A client (typically cloudflared) that maintains connections to a Cloudflare data center.
ZeroTrust.Tunnels.Cloudflared.Connectors
Methods
Fetches connector and connection details for a Cloudflare Tunnel.
ZeroTrust.Tunnels.Cloudflared.Management
Methods
Gets a management token used to access the management resources (i.e. Streaming Logs) of a tunnel.
ZeroTrust.Tunnels.Cloudflared.Token
Methods
Gets the token used to associate cloudflared with a specific tunnel.
ZeroTrust.Tunnels.WARPConnector
Methods
Lists and filters Warp Connector Tunnels in an account.
Fetches a single Warp Connector Tunnel.
Creates a new Warp Connector Tunnel in an account.
Updates an existing Warp Connector Tunnel.
Deletes a Warp Connector Tunnel from an account.
ZeroTrust.Tunnels.WARPConnector.Token
Methods
Gets the token used to associate warp device with a specific Warp Connector tunnel.