# Certificates ## List mTLS certificates `client.zeroTrust.access.certificates.list(CertificateListParamsparams?, RequestOptionsoptions?): V4PagePaginationArray` **get** `/{accounts_or_zones}/{account_or_zone_id}/access/certificates` Lists all mTLS root certificates. ### Parameters - `params: CertificateListParams` - `account_id?: string` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `page?: number` Query param: Page number of results. - `per_page?: number` Query param: Number of results per page. ### Returns - `Certificate` - `id?: string` The ID of the application that will use this certificate. - `associated_hostnames?: Array` The hostnames of the applications that will use this certificate. - `expires_on?: string` - `fingerprint?: string` The MD5 fingerprint of the certificate. - `name?: string` The name of the certificate. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const certificate of client.zeroTrust.access.certificates.list({ account_id: 'account_id', })) { console.log(certificate.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "id", "associated_hostnames": [ "admin.example.com" ], "created_at": "2014-01-01T05:20:00.12345Z", "expires_on": "2014-01-01T05:20:00.12345Z", "fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91", "name": "Allow devs", "updated_at": "2014-01-01T05:20:00.12345Z" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get an mTLS certificate `client.zeroTrust.access.certificates.get(stringcertificateId, CertificateGetParamsparams?, RequestOptionsoptions?): Certificate` **get** `/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}` Fetches a single mTLS certificate. ### Parameters - `certificateId: string` UUID. - `params: CertificateGetParams` - `account_id?: string` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `Certificate` - `id?: string` The ID of the application that will use this certificate. - `associated_hostnames?: Array` The hostnames of the applications that will use this certificate. - `expires_on?: string` - `fingerprint?: string` The MD5 fingerprint of the certificate. - `name?: string` The name of the certificate. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const certificate = await client.zeroTrust.access.certificates.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: 'account_id' }, ); console.log(certificate.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "id", "associated_hostnames": [ "admin.example.com" ], "created_at": "2014-01-01T05:20:00.12345Z", "expires_on": "2014-01-01T05:20:00.12345Z", "fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91", "name": "Allow devs", "updated_at": "2014-01-01T05:20:00.12345Z" } } ``` ## Add an mTLS certificate `client.zeroTrust.access.certificates.create(CertificateCreateParamsparams, RequestOptionsoptions?): Certificate` **post** `/{accounts_or_zones}/{account_or_zone_id}/access/certificates` Adds a new mTLS root certificate to Access. ### Parameters - `params: CertificateCreateParams` - `certificate: string` Body param: The certificate content. - `name: string` Body param: The name of the certificate. - `account_id?: string` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `associated_hostnames?: Array` Body param: The hostnames of the applications that will use this certificate. ### Returns - `Certificate` - `id?: string` The ID of the application that will use this certificate. - `associated_hostnames?: Array` The hostnames of the applications that will use this certificate. - `expires_on?: string` - `fingerprint?: string` The MD5 fingerprint of the certificate. - `name?: string` The name of the certificate. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const certificate = await client.zeroTrust.access.certificates.create({ certificate: '-----BEGIN CERTIFICATE-----\nMIIGAjCCA+qgAwIBAgIJAI7kymlF7CWT...N4RI7KKB7nikiuUf8vhULKy5IX10\nDrUtmu/B\n-----END CERTIFICATE-----', name: 'Allow devs', account_id: 'account_id', }); console.log(certificate.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "id", "associated_hostnames": [ "admin.example.com" ], "created_at": "2014-01-01T05:20:00.12345Z", "expires_on": "2014-01-01T05:20:00.12345Z", "fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91", "name": "Allow devs", "updated_at": "2014-01-01T05:20:00.12345Z" } } ``` ## Update an mTLS certificate `client.zeroTrust.access.certificates.update(stringcertificateId, CertificateUpdateParamsparams, RequestOptionsoptions?): Certificate` **put** `/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}` Updates a configured mTLS certificate. ### Parameters - `certificateId: string` UUID. - `params: CertificateUpdateParams` - `associated_hostnames: Array` Body param: The hostnames of the applications that will use this certificate. - `account_id?: string` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `name?: string` Body param: The name of the certificate. ### Returns - `Certificate` - `id?: string` The ID of the application that will use this certificate. - `associated_hostnames?: Array` The hostnames of the applications that will use this certificate. - `expires_on?: string` - `fingerprint?: string` The MD5 fingerprint of the certificate. - `name?: string` The name of the certificate. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const certificate = await client.zeroTrust.access.certificates.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { associated_hostnames: ['admin.example.com'], account_id: 'account_id' }, ); console.log(certificate.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "id", "associated_hostnames": [ "admin.example.com" ], "created_at": "2014-01-01T05:20:00.12345Z", "expires_on": "2014-01-01T05:20:00.12345Z", "fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91", "name": "Allow devs", "updated_at": "2014-01-01T05:20:00.12345Z" } } ``` ## Delete an mTLS certificate `client.zeroTrust.access.certificates.delete(stringcertificateId, CertificateDeleteParamsparams?, RequestOptionsoptions?): CertificateDeleteResponse` **delete** `/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}` Deletes an mTLS certificate. ### Parameters - `certificateId: string` UUID. - `params: CertificateDeleteParams` - `account_id?: string` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `CertificateDeleteResponse` - `id?: string` UUID. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const certificate = await client.zeroTrust.access.certificates.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: 'account_id' }, ); console.log(certificate.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ``` ## Domain Types ### Associated Hostnames - `AssociatedHostnames = string` A fully-qualified domain name (FQDN). ### Certificate - `Certificate` - `id?: string` The ID of the application that will use this certificate. - `associated_hostnames?: Array` The hostnames of the applications that will use this certificate. - `expires_on?: string` - `fingerprint?: string` The MD5 fingerprint of the certificate. - `name?: string` The name of the certificate. ### Certificate Delete Response - `CertificateDeleteResponse` - `id?: string` UUID. # Settings ## List all mTLS hostname settings `client.zeroTrust.access.certificates.settings.get(SettingGetParamsparams?, RequestOptionsoptions?): SinglePage` **get** `/{accounts_or_zones}/{account_or_zone_id}/access/certificates/settings` List all mTLS hostname settings for this account or zone. ### Parameters - `params: SettingGetParams` - `account_id?: string` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `CertificateSettings` - `china_network: boolean` Request client certificates for this hostname in China. Can only be set to true if this zone is china network enabled. - `client_certificate_forwarding: boolean` Client Certificate Forwarding is a feature that takes the client cert provided by the eyeball to the edge, and forwards it to the origin as a HTTP header to allow logging on the origin. - `hostname: string` The hostname that these settings apply to. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const certificateSettings of client.zeroTrust.access.certificates.settings.get({ account_id: 'account_id', })) { console.log(certificateSettings.china_network); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "china_network": false, "client_certificate_forwarding": true, "hostname": "admin.example.com" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Update an mTLS certificate's hostname settings `client.zeroTrust.access.certificates.settings.update(SettingUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/{accounts_or_zones}/{account_or_zone_id}/access/certificates/settings` Updates an mTLS certificate's hostname settings. ### Parameters - `params: SettingUpdateParams` - `settings: Array` Body param - `china_network: boolean` Request client certificates for this hostname in China. Can only be set to true if this zone is china network enabled. - `client_certificate_forwarding: boolean` Client Certificate Forwarding is a feature that takes the client cert provided by the eyeball to the edge, and forwards it to the origin as a HTTP header to allow logging on the origin. - `hostname: string` The hostname that these settings apply to. - `account_id?: string` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `CertificateSettings` - `china_network: boolean` Request client certificates for this hostname in China. Can only be set to true if this zone is china network enabled. - `client_certificate_forwarding: boolean` Client Certificate Forwarding is a feature that takes the client cert provided by the eyeball to the edge, and forwards it to the origin as a HTTP header to allow logging on the origin. - `hostname: string` The hostname that these settings apply to. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const certificateSettings of client.zeroTrust.access.certificates.settings.update({ settings: [ { china_network: false, client_certificate_forwarding: true, hostname: 'admin.example.com', }, ], account_id: 'account_id', })) { console.log(certificateSettings.china_network); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "china_network": false, "client_certificate_forwarding": true, "hostname": "admin.example.com" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Domain Types ### Certificate Settings - `CertificateSettings` - `china_network: boolean` Request client certificates for this hostname in China. Can only be set to true if this zone is china network enabled. - `client_certificate_forwarding: boolean` Client Certificate Forwarding is a feature that takes the client cert provided by the eyeball to the edge, and forwards it to the origin as a HTTP header to allow logging on the origin. - `hostname: string` The hostname that these settings apply to.