# Devices ## List devices (deprecated) `client.zeroTrust.devices.list(DeviceListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices` List WARP devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated**: please use one of the following endpoints instead: - GET /accounts/{account_id}/devices/physical-devices - GET /accounts/{account_id}/devices/registrations ### Parameters - `params: DeviceListParams` - `account_id: string` ### Returns - `Device` - `id?: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `created?: string` When the device was created. - `deleted?: boolean` True if the device was deleted. - `device_type?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `ip?: string` IPv4 or IPv6 address. - `key?: string` The device's public key. - `last_seen?: string` When the device last connected to Cloudflare services. - `mac_address?: string` The device mac address. - `manufacturer?: string` The device manufacturer name. - `model?: string` The device model name. - `name?: string` The device name. - `os_distro_name?: string` The Linux distro name. - `os_distro_revision?: string` The Linux distro revision. - `os_version?: string` The operating system version. - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `revoked_at?: string` When the device was revoked. - `serial_number?: string` The device serial number. - `updated?: string` When the device was updated. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `version?: string` The WARP client version. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const device of client.zeroTrust.devices.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(device.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created": "2017-06-14T00:00:00Z", "deleted": true, "device_type": "windows", "ip": "1.1.1.1", "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=", "last_seen": "2017-06-14T00:00:00Z", "mac_address": "00-00-5E-00-53-00", "manufacturer": "My phone corp", "model": "MyPhone(pro-X)", "name": "My mobile device", "os_distro_name": "ubuntu", "os_distro_revision": "1.0.0", "os_version": "10.0.0", "os_version_extra": "(a) or 6889 or Ubuntu 24.04", "revoked_at": "2017-06-14T00:00:00Z", "serial_number": "EXAMPLEHMD6R", "updated": "2017-06-14T00:00:00Z", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "version": "1.0.0" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device (deprecated) `client.zeroTrust.devices.get(stringdeviceId, DeviceGetParamsparams, RequestOptionsoptions?): DeviceGetResponse | null` **get** `/accounts/{account_id}/devices/{device_id}` Fetches a single WARP device. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated**: please use one of the following endpoints instead: - GET /accounts/{account_id}/devices/physical-devices/{device_id} - GET /accounts/{account_id}/devices/registrations/{registration_id} ### Parameters - `deviceId: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `params: DeviceGetParams` - `account_id: string` ### Returns - `DeviceGetResponse` - `id?: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `account?: Account` - `id?: string` - `account_type?: string` - `name?: string` The name of the enrolled account. - `created?: string` When the device was created. - `deleted?: boolean` True if the device was deleted. - `device_type?: string` - `gateway_device_id?: string` - `ip?: string` IPv4 or IPv6 address. - `key?: string` The device's public key. - `key_type?: string` Type of the key. - `last_seen?: string` When the device last connected to Cloudflare services. - `mac_address?: string` The device mac address. - `model?: string` The device model name. - `name?: string` The device name. - `os_version?: string` The operating system version. - `serial_number?: string` The device serial number. - `tunnel_type?: string` Type of the tunnel connection used. - `updated?: string` When the device was updated. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `version?: string` The WARP client version. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const device = await client.zeroTrust.devices.get('f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', }); console.log(device.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "account": { "id": "id", "account_type": "account_type", "name": "Company" }, "created": "2017-06-14T00:00:00Z", "deleted": true, "device_type": "windows", "gateway_device_id": "PD33E90AXfafe14643cbbbc-4a0ed4fc8415Q", "ip": "1.1.1.1", "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=", "key_type": "curve25519", "last_seen": "2017-06-14T00:00:00Z", "mac_address": "00-00-5E-00-53-00", "model": "MyPhone(pro-X)", "name": "My mobile device", "os_version": "10.0.0", "serial_number": "EXAMPLEHMD6R", "tunnel_type": "masque", "updated": "2017-06-14T00:00:00Z", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "version": "1.0.0" }, "success": true } ``` ## Domain Types ### Device - `Device` - `id?: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `created?: string` When the device was created. - `deleted?: boolean` True if the device was deleted. - `device_type?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `ip?: string` IPv4 or IPv6 address. - `key?: string` The device's public key. - `last_seen?: string` When the device last connected to Cloudflare services. - `mac_address?: string` The device mac address. - `manufacturer?: string` The device manufacturer name. - `model?: string` The device model name. - `name?: string` The device name. - `os_distro_name?: string` The Linux distro name. - `os_distro_revision?: string` The Linux distro revision. - `os_version?: string` The operating system version. - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `revoked_at?: string` When the device was revoked. - `serial_number?: string` The device serial number. - `updated?: string` When the device was updated. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `version?: string` The WARP client version. ### Device Get Response - `DeviceGetResponse` - `id?: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `account?: Account` - `id?: string` - `account_type?: string` - `name?: string` The name of the enrolled account. - `created?: string` When the device was created. - `deleted?: boolean` True if the device was deleted. - `device_type?: string` - `gateway_device_id?: string` - `ip?: string` IPv4 or IPv6 address. - `key?: string` The device's public key. - `key_type?: string` Type of the key. - `last_seen?: string` When the device last connected to Cloudflare services. - `mac_address?: string` The device mac address. - `model?: string` The device model name. - `name?: string` The device name. - `os_version?: string` The operating system version. - `serial_number?: string` The device serial number. - `tunnel_type?: string` Type of the tunnel connection used. - `updated?: string` When the device was updated. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `version?: string` The WARP client version. # Devices ## List devices `client.zeroTrust.devices.devices.list(DeviceListParamsparams, RequestOptionsoptions?): CursorPagination` **get** `/accounts/{account_id}/devices/physical-devices` Lists WARP devices. ### Parameters - `params: DeviceListParams` - `account_id: string` Path param - `id?: Array` Query param: Filter by a one or more device IDs. - `active_registrations?: "include" | "only" | "exclude"` Query param: Include or exclude devices with active registrations. The default is "only" - return only devices with active registrations. - `"include"` - `"only"` - `"exclude"` - `cursor?: string` Query param: Opaque token indicating the starting position when requesting the next set of records. A cursor value can be obtained from the result_info.cursor field in the response. - `include?: string` Query param: Comma-separated list of additional information that should be included in the device response. Supported values are: "last_seen_registration.policy". - `last_seen_user?: LastSeenUser` Query param - `email?: string` Filter by the last seen user's email. - `per_page?: number` Query param: The maximum number of devices to return in a single response. - `search?: string` Query param: Search by device details. - `seen_after?: string` Query param: Filter by the last_seen timestamp - returns only devices last seen after this timestamp. - `seen_before?: string` Query param: Filter by the last_seen timestamp - returns only devices last seen before this timestamp. - `sort_by?: "name" | "id" | "client_version" | 4 more` Query param: The device field to order results by. - `"name"` - `"id"` - `"client_version"` - `"last_seen_user.email"` - `"last_seen_at"` - `"active_registrations"` - `"created_at"` - `sort_order?: "asc" | "desc"` Query param: Sort direction. - `"asc"` - `"desc"` ### Returns - `DeviceListResponse` A WARP Device. - `id: string` The unique ID of the device. - `active_registrations: number` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: string` The RFC3339 timestamp when the device was created. - `last_seen_at: string | null` The RFC3339 timestamp when the device was last seen. - `name: string` The name of the device. - `updated_at: string` The RFC3339 timestamp when the device was last updated. - `client_version?: string | null` Version of the WARP client. - `deleted_at?: string | null` The RFC3339 timestamp when the device was deleted. - `device_type?: string | null` The device operating system. - `hardware_id?: string | null` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration?: LastSeenRegistration | null` The last seen registration for the device. - `policy?: Policy | null` A summary of the device profile evaluated for the registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user?: LastSeenUser | null` The last user to use the WARP device. - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `mac_address?: string | null` The device MAC address. - `manufacturer?: string | null` The device manufacturer. - `model?: string | null` The model name of the device. - `os_version?: string | null` The device operating system version number. - `os_version_extra?: string | null` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip?: string | null` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number?: string | null` The device serial number. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const deviceListResponse of client.zeroTrust.devices.devices.list({ account_id: 'account_id', })) { console.log(deviceListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "fc9ab6ab-3b94-4319-9941-459462b3d73e", "active_registrations": 1, "created_at": "2025-02-14T13:17:00Z", "last_seen_at": "2025-02-14T13:17:00Z", "name": "My Device", "updated_at": "2025-02-14T13:17:00Z", "client_version": "1.0.0", "deleted_at": "2025-02-14T13:17:00Z", "device_type": "linux", "hardware_id": "hardware_id", "last_seen_registration": { "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" } }, "last_seen_user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "mac_address": "f5:01:73:cf:12:23", "manufacturer": "ACME", "model": "Mark VII", "os_version": "os_version", "os_version_extra": "os_version_extra", "public_ip": "1.1.1.1", "serial_number": "ABS765ASD8A" } ], "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Get device `client.zeroTrust.devices.devices.get(stringdeviceId, DeviceGetParamsparams, RequestOptionsoptions?): DeviceGetResponse` **get** `/accounts/{account_id}/devices/physical-devices/{device_id}` Fetches a single WARP device. ### Parameters - `deviceId: string` - `params: DeviceGetParams` - `account_id: string` Path param - `include?: string` Query param: Comma-separated list of additional information that should be included in the device response. Supported values are: "last_seen_registration.policy". ### Returns - `DeviceGetResponse` A WARP Device. - `id: string` The unique ID of the device. - `active_registrations: number` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: string` The RFC3339 timestamp when the device was created. - `last_seen_at: string | null` The RFC3339 timestamp when the device was last seen. - `name: string` The name of the device. - `updated_at: string` The RFC3339 timestamp when the device was last updated. - `client_version?: string | null` Version of the WARP client. - `deleted_at?: string | null` The RFC3339 timestamp when the device was deleted. - `device_type?: string | null` The device operating system. - `hardware_id?: string | null` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration?: LastSeenRegistration | null` The last seen registration for the device. - `policy?: Policy | null` A summary of the device profile evaluated for the registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user?: LastSeenUser | null` The last user to use the WARP device. - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `mac_address?: string | null` The device MAC address. - `manufacturer?: string | null` The device manufacturer. - `model?: string | null` The model name of the device. - `os_version?: string | null` The device operating system version number. - `os_version_extra?: string | null` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip?: string | null` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number?: string | null` The device serial number. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const device = await client.zeroTrust.devices.devices.get('device_id', { account_id: 'account_id', }); console.log(device.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "fc9ab6ab-3b94-4319-9941-459462b3d73e", "active_registrations": 1, "created_at": "2025-02-14T13:17:00Z", "last_seen_at": "2025-02-14T13:17:00Z", "name": "My Device", "updated_at": "2025-02-14T13:17:00Z", "client_version": "1.0.0", "deleted_at": "2025-02-14T13:17:00Z", "device_type": "linux", "hardware_id": "hardware_id", "last_seen_registration": { "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" } }, "last_seen_user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "mac_address": "f5:01:73:cf:12:23", "manufacturer": "ACME", "model": "Mark VII", "os_version": "os_version", "os_version_extra": "os_version_extra", "public_ip": "1.1.1.1", "serial_number": "ABS765ASD8A" }, "success": true } ``` ## Delete device `client.zeroTrust.devices.devices.delete(stringdeviceId, DeviceDeleteParamsparams, RequestOptionsoptions?): DeviceDeleteResponse | null` **delete** `/accounts/{account_id}/devices/physical-devices/{device_id}` Deletes a WARP device. ### Parameters - `deviceId: string` - `params: DeviceDeleteParams` - `account_id: string` ### Returns - `DeviceDeleteResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const device = await client.zeroTrust.devices.devices.delete('device_id', { account_id: 'account_id', }); console.log(device); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Revoke device registrations `client.zeroTrust.devices.devices.revoke(stringdeviceId, DeviceRevokeParamsparams, RequestOptionsoptions?): DeviceRevokeResponse | null` **post** `/accounts/{account_id}/devices/physical-devices/{device_id}/revoke` Revokes all WARP registrations associated with the specified device. ### Parameters - `deviceId: string` - `params: DeviceRevokeParams` - `account_id: string` ### Returns - `DeviceRevokeResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.devices.revoke('device_id', { account_id: 'account_id', }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Domain Types ### Device List Response - `DeviceListResponse` A WARP Device. - `id: string` The unique ID of the device. - `active_registrations: number` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: string` The RFC3339 timestamp when the device was created. - `last_seen_at: string | null` The RFC3339 timestamp when the device was last seen. - `name: string` The name of the device. - `updated_at: string` The RFC3339 timestamp when the device was last updated. - `client_version?: string | null` Version of the WARP client. - `deleted_at?: string | null` The RFC3339 timestamp when the device was deleted. - `device_type?: string | null` The device operating system. - `hardware_id?: string | null` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration?: LastSeenRegistration | null` The last seen registration for the device. - `policy?: Policy | null` A summary of the device profile evaluated for the registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user?: LastSeenUser | null` The last user to use the WARP device. - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `mac_address?: string | null` The device MAC address. - `manufacturer?: string | null` The device manufacturer. - `model?: string | null` The model name of the device. - `os_version?: string | null` The device operating system version number. - `os_version_extra?: string | null` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip?: string | null` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number?: string | null` The device serial number. ### Device Get Response - `DeviceGetResponse` A WARP Device. - `id: string` The unique ID of the device. - `active_registrations: number` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: string` The RFC3339 timestamp when the device was created. - `last_seen_at: string | null` The RFC3339 timestamp when the device was last seen. - `name: string` The name of the device. - `updated_at: string` The RFC3339 timestamp when the device was last updated. - `client_version?: string | null` Version of the WARP client. - `deleted_at?: string | null` The RFC3339 timestamp when the device was deleted. - `device_type?: string | null` The device operating system. - `hardware_id?: string | null` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration?: LastSeenRegistration | null` The last seen registration for the device. - `policy?: Policy | null` A summary of the device profile evaluated for the registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user?: LastSeenUser | null` The last user to use the WARP device. - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `mac_address?: string | null` The device MAC address. - `manufacturer?: string | null` The device manufacturer. - `model?: string | null` The model name of the device. - `os_version?: string | null` The device operating system version number. - `os_version_extra?: string | null` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip?: string | null` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number?: string | null` The device serial number. ### Device Delete Response - `DeviceDeleteResponse = unknown` ### Device Revoke Response - `DeviceRevokeResponse = unknown` # Resilience # Global WARP Override ## Retrieve Global WARP override state `client.zeroTrust.devices.resilience.globalWARPOverride.get(GlobalWARPOverrideGetParamsparams, RequestOptionsoptions?): GlobalWARPOverrideGetResponse | null` **get** `/accounts/{account_id}/devices/resilience/disconnect` Fetch the Global WARP override state. ### Parameters - `params: GlobalWARPOverrideGetParams` - `account_id: string` ### Returns - `GlobalWARPOverrideGetResponse` - `disconnect?: boolean` Disconnects all devices on the account using Global WARP override. - `timestamp?: string` When the Global WARP override state was updated. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const globalWARPOverride = await client.zeroTrust.devices.resilience.globalWARPOverride.get({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(globalWARPOverride.disconnect); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disconnect": false, "timestamp": "1970-01-01T00:00:00.000Z" }, "success": true } ``` ## Set Global WARP override state `client.zeroTrust.devices.resilience.globalWARPOverride.create(GlobalWARPOverrideCreateParamsparams, RequestOptionsoptions?): GlobalWARPOverrideCreateResponse | null` **post** `/accounts/{account_id}/devices/resilience/disconnect` Sets the Global WARP override state. ### Parameters - `params: GlobalWARPOverrideCreateParams` - `account_id: string` Path param - `disconnect: boolean` Body param: Disconnects all devices on the account using Global WARP override. - `justification?: string` Body param: Reasoning for setting the Global WARP override state. This will be surfaced in the audit log. ### Returns - `GlobalWARPOverrideCreateResponse` - `disconnect?: boolean` Disconnects all devices on the account using Global WARP override. - `timestamp?: string` When the Global WARP override state was updated. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const globalWARPOverride = await client.zeroTrust.devices.resilience.globalWARPOverride.create({ account_id: '699d98642c564d2e855e9661899b7252', disconnect: false, }); console.log(globalWARPOverride.disconnect); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disconnect": false, "timestamp": "1970-01-01T00:00:00.000Z" }, "success": true } ``` ## Domain Types ### Global WARP Override Get Response - `GlobalWARPOverrideGetResponse` - `disconnect?: boolean` Disconnects all devices on the account using Global WARP override. - `timestamp?: string` When the Global WARP override state was updated. ### Global WARP Override Create Response - `GlobalWARPOverrideCreateResponse` - `disconnect?: boolean` Disconnects all devices on the account using Global WARP override. - `timestamp?: string` When the Global WARP override state was updated. # Registrations ## List registrations `client.zeroTrust.devices.registrations.list(RegistrationListParamsparams, RequestOptionsoptions?): CursorPagination` **get** `/accounts/{account_id}/devices/registrations` Lists WARP registrations. ### Parameters - `params: RegistrationListParams` - `account_id: string` Path param - `id?: Array` Query param: Filter by registration ID. - `cursor?: string` Query param: Opaque token indicating the starting position when requesting the next set of records. A cursor value can be obtained from the result_info.cursor field in the response. - `device?: Device` Query param - `id?: string` Filter by WARP device ID. - `include?: string` Query param: Comma-separated list of additional information that should be included in the registration response. Supported values are: "policy". - `per_page?: number` Query param: The maximum number of devices to return in a single response. - `search?: string` Query param: Filter by registration details. - `seen_after?: string` Query param: Filter by the last_seen timestamp - returns only registrations last seen after this timestamp. - `seen_before?: string` Query param: Filter by the last_seen timestamp - returns only registrations last seen before this timestamp. - `sort_by?: "id" | "user.name" | "user.email" | 2 more` Query param: The registration field to order results by. - `"id"` - `"user.name"` - `"user.email"` - `"last_seen_at"` - `"created_at"` - `sort_order?: "asc" | "desc"` Query param: Sort direction. - `"asc"` - `"desc"` - `status?: "active" | "all" | "revoked"` Query param: Filter by registration status. Defaults to 'active'. - `"active"` - `"all"` - `"revoked"` - `user?: User` Query param - `id?: Array` Filter by user ID. ### Returns - `RegistrationListResponse` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: string` The ID of the registration. - `created_at: string` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: string` The ID of the device. - `name: string` The name of the device. - `client_version?: string` Version of the WARP client. - `key: string` The public key used to connect to the Cloudflare network. - `last_seen_at: string` The RFC3339 timestamp when the registration was last seen. - `updated_at: string` The RFC3339 timestamp when the registration was last updated. - `deleted_at?: string | null` The RFC3339 timestamp when the registration was deleted. - `key_type?: string | null` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy?: Policy` The device settings profile assigned to this registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at?: string | null` The RFC3339 timestamp when the registration was revoked. - `tunnel_type?: string | null` Type of the tunnel - wireguard or masque. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const registrationListResponse of client.zeroTrust.devices.registrations.list({ account_id: 'account_id', })) { console.log(registrationListResponse.id); } ``` #### Response ```json { "errors": [], "messages": [], "result": [ { "created_at": "2025-02-14T13:17:00Z", "deleted_at": null, "device": { "client_version": "1.0.0", "id": "32aa0404-78f1-49a4-99e0-97f575081356", "name": "My Device" }, "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "key": "U+QTP50RsWfeLGHF4tlGDnmGeuwtsz46KCHr5OyhWq00Rsdfl45mgnQAuEJ6CO0YrkyTl9FUf5iB0bwYR3g4EEFEHhtu6jFaqfMrBMBSz6itv9HQXkaR9OieKQ==", "key_type": "secp256r1", "last_seen_at": "2025-02-14T13:17:00Z", "revoked_at": null, "tunnel_type": "masque", "updated_at": "2025-02-14T13:17:00Z", "user": { "email": "alice@example.org", "id": "30323c1f-318d-4ec9-92c7-5a8c4d25c4fc", "name": "Alice" } }, { "created_at": "2025-02-15T10:20:00Z", "deleted_at": null, "device": { "client_version": "1.0.1", "id": "43bb1515-8902-50b5-aa01-a88686192467", "name": "Bob's Laptop" }, "id": "22eedc7a-4a1d-5417-c5b3-f73a983c277b", "key": "V/RSP61StXgfmLHJG5umHEonHfvxtz57LDIs6PziXr11Stegm56nhrRBvFK7DP1ZsLzUm0GVg6jC1cxZS4h5FFGFJiju7kGbrgNsCNCT77juw0IRYlS0QpjgLR==", "key_type": "secp256r1", "last_seen_at": "2025-02-15T10:25:00Z", "revoked_at": null, "tunnel_type": "masque", "updated_at": "2025-02-15T10:25:00Z", "user": { "email": "bob@example.com", "id": "41434d2a-429e-5fd0-a3d8-6b9d5e36d5ad", "name": "Bob" } } ], "result_info": { "count": 2, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null }, "success": true } ``` ## Get registration `client.zeroTrust.devices.registrations.get(stringregistrationId, RegistrationGetParamsparams, RequestOptionsoptions?): RegistrationGetResponse` **get** `/accounts/{account_id}/devices/registrations/{registration_id}` Fetches a single WARP registration. ### Parameters - `registrationId: string` - `params: RegistrationGetParams` - `account_id: string` Path param - `include?: string` Query param: Comma-separated list of additional information that should be included in the registration response. Supported values are: "policy". ### Returns - `RegistrationGetResponse` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: string` The ID of the registration. - `created_at: string` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: string` The ID of the device. - `name: string` The name of the device. - `client_version?: string` Version of the WARP client. - `key: string` The public key used to connect to the Cloudflare network. - `last_seen_at: string` The RFC3339 timestamp when the registration was last seen. - `updated_at: string` The RFC3339 timestamp when the registration was last updated. - `deleted_at?: string | null` The RFC3339 timestamp when the registration was deleted. - `key_type?: string | null` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy?: Policy` The device settings profile assigned to this registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at?: string | null` The RFC3339 timestamp when the registration was revoked. - `tunnel_type?: string | null` Type of the tunnel - wireguard or masque. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const registration = await client.zeroTrust.devices.registrations.get('registration_id', { account_id: 'account_id', }); console.log(registration.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "created_at": "2025-02-14T13:17:00Z", "device": { "id": "32aa0404-78f1-49a4-99e0-97f575081356", "name": "My Device", "client_version": "1.0.0" }, "key": "U+QTP50RsWfeLGHF4tlGDnmGeuwtsz46KCHr5OyhWq00Rsdfl45mgnQAuEJ6CO0YrkyTl9FUf5iB0bwYR3g4EEFEHhtu6jFaqfMrBMBSz6itv9HQXkaR9OieKQ==", "last_seen_at": "2025-02-14T13:17:00Z", "updated_at": "2025-02-14T13:17:00Z", "deleted_at": "2025-02-14T13:17:00Z", "key_type": "secp256r1", "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" }, "revoked_at": "2025-02-14T13:17:00Z", "tunnel_type": "masque", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" } }, "success": true } ``` ## Delete registration `client.zeroTrust.devices.registrations.delete(stringregistrationId, RegistrationDeleteParamsparams, RequestOptionsoptions?): RegistrationDeleteResponse | null` **delete** `/accounts/{account_id}/devices/registrations/{registration_id}` Deletes a WARP registration. ### Parameters - `registrationId: string` - `params: RegistrationDeleteParams` - `account_id: string` ### Returns - `RegistrationDeleteResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const registration = await client.zeroTrust.devices.registrations.delete('registration_id', { account_id: 'account_id', }); console.log(registration); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Delete registrations `client.zeroTrust.devices.registrations.bulkDelete(RegistrationBulkDeleteParamsparams, RequestOptionsoptions?): RegistrationBulkDeleteResponse | null` **delete** `/accounts/{account_id}/devices/registrations` Deletes a list of WARP registrations. ### Parameters - `params: RegistrationBulkDeleteParams` - `account_id: string` Path param - `id: Array` Query param: A list of registration IDs to delete. ### Returns - `RegistrationBulkDeleteResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.registrations.bulkDelete({ account_id: 'account_id', id: ['string'], }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Revoke registrations `client.zeroTrust.devices.registrations.revoke(RegistrationRevokeParamsparams, RequestOptionsoptions?): RegistrationRevokeResponse | null` **post** `/accounts/{account_id}/devices/registrations/revoke` Revokes a list of WARP registrations. ### Parameters - `params: RegistrationRevokeParams` - `account_id: string` Path param - `id: Array` Query param: A list of registration IDs to revoke. ### Returns - `RegistrationRevokeResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.registrations.revoke({ account_id: 'account_id', id: ['string'], }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Unrevoke registrations `client.zeroTrust.devices.registrations.unrevoke(RegistrationUnrevokeParamsparams, RequestOptionsoptions?): RegistrationUnrevokeResponse | null` **post** `/accounts/{account_id}/devices/registrations/unrevoke` Unrevokes a list of WARP registrations. ### Parameters - `params: RegistrationUnrevokeParams` - `account_id: string` Path param - `id: Array` Query param: A list of registration IDs to unrevoke. ### Returns - `RegistrationUnrevokeResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.registrations.unrevoke({ account_id: 'account_id', id: ['string'], }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Domain Types ### Registration List Response - `RegistrationListResponse` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: string` The ID of the registration. - `created_at: string` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: string` The ID of the device. - `name: string` The name of the device. - `client_version?: string` Version of the WARP client. - `key: string` The public key used to connect to the Cloudflare network. - `last_seen_at: string` The RFC3339 timestamp when the registration was last seen. - `updated_at: string` The RFC3339 timestamp when the registration was last updated. - `deleted_at?: string | null` The RFC3339 timestamp when the registration was deleted. - `key_type?: string | null` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy?: Policy` The device settings profile assigned to this registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at?: string | null` The RFC3339 timestamp when the registration was revoked. - `tunnel_type?: string | null` Type of the tunnel - wireguard or masque. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. ### Registration Get Response - `RegistrationGetResponse` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: string` The ID of the registration. - `created_at: string` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: string` The ID of the device. - `name: string` The name of the device. - `client_version?: string` Version of the WARP client. - `key: string` The public key used to connect to the Cloudflare network. - `last_seen_at: string` The RFC3339 timestamp when the registration was last seen. - `updated_at: string` The RFC3339 timestamp when the registration was last updated. - `deleted_at?: string | null` The RFC3339 timestamp when the registration was deleted. - `key_type?: string | null` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy?: Policy` The device settings profile assigned to this registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at?: string | null` The RFC3339 timestamp when the registration was revoked. - `tunnel_type?: string | null` Type of the tunnel - wireguard or masque. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. ### Registration Delete Response - `RegistrationDeleteResponse = unknown` ### Registration Bulk Delete Response - `RegistrationBulkDeleteResponse = unknown` ### Registration Revoke Response - `RegistrationRevokeResponse = unknown` ### Registration Unrevoke Response - `RegistrationUnrevokeResponse = unknown` # DEX Tests ## List Device DEX tests `client.zeroTrust.devices.dexTests.list(DEXTestListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/dex/devices/dex_tests` Fetch all DEX tests ### Parameters - `params: DEXTestListParams` - `account_id: string` Path param - `kind?: "http" | "traceroute"` Query param: Filter by test type - `"http"` - `"traceroute"` - `page?: number` Query param: Page number of paginated results - `per_page?: number` Query param: Number of items per page - `testName?: string` Query param: Filter by test name ### Returns - `DEXTestListResponse` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const dexTestListResponse of client.zeroTrust.devices.dexTests.list({ account_id: '01a7362d577a6c3019a474fd6f485823', })) { console.log(dexTestListResponse.test_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } ] } ``` ## Get Device DEX test `client.zeroTrust.devices.dexTests.get(stringdexTestId, DEXTestGetParamsparams, RequestOptionsoptions?): DEXTestGetResponse` **get** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Fetch a single DEX test. ### Parameters - `dexTestId: string` The unique identifier for the test. - `params: DEXTestGetParams` - `account_id: string` ### Returns - `DEXTestGetResponse` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const dexTest = await client.zeroTrust.devices.dexTests.get('372e67954025e0ba6aaa6d586b9e0b59', { account_id: '01a7362d577a6c3019a474fd6f485823', }); console.log(dexTest.test_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Create Device DEX test `client.zeroTrust.devices.dexTests.create(DEXTestCreateParamsparams, RequestOptionsoptions?): DEXTestCreateResponse` **post** `/accounts/{account_id}/dex/devices/dex_tests` Create a DEX test. ### Parameters - `params: DEXTestCreateParams` - `account_id: string` Path param - `data: Data` Body param: The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Body param: Determines whether or not the test is active. - `interval: string` Body param: How often the test will run. - `name: string` Body param: The name of the DEX test. Must be unique. - `description?: string` Body param: Additional details about the test. - `target_policies?: Array` Body param: DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` Body param ### Returns - `DEXTestCreateResponse` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const dexTest = await client.zeroTrust.devices.dexTests.create({ account_id: '01a7362d577a6c3019a474fd6f485823', data: { host: 'https://dash.cloudflare.com', kind: 'http' }, enabled: true, interval: '30m', name: 'HTTP dash health check', }); console.log(dexTest.test_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Update Device DEX test `client.zeroTrust.devices.dexTests.update(stringdexTestId, DEXTestUpdateParamsparams, RequestOptionsoptions?): DEXTestUpdateResponse` **put** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Update a DEX test. ### Parameters - `dexTestId: string` API Resource UUID tag. - `params: DEXTestUpdateParams` - `account_id: string` Path param - `data: Data` Body param: The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Body param: Determines whether or not the test is active. - `interval: string` Body param: How often the test will run. - `name: string` Body param: The name of the DEX test. Must be unique. - `description?: string` Body param: Additional details about the test. - `target_policies?: Array` Body param: DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` Body param ### Returns - `DEXTestUpdateResponse` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const dexTest = await client.zeroTrust.devices.dexTests.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '01a7362d577a6c3019a474fd6f485823', data: { host: 'https://dash.cloudflare.com', kind: 'http' }, enabled: true, interval: '30m', name: 'HTTP dash health check', }, ); console.log(dexTest.test_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Delete Device DEX test `client.zeroTrust.devices.dexTests.delete(stringdexTestId, DEXTestDeleteParamsparams, RequestOptionsoptions?): DEXTestDeleteResponse` **delete** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Delete a Device DEX test. Returns the remaining device dex tests for the account. ### Parameters - `dexTestId: string` API Resource UUID tag. - `params: DEXTestDeleteParams` - `account_id: string` ### Returns - `DEXTestDeleteResponse` - `dex_tests?: Array` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const dexTest = await client.zeroTrust.devices.dexTests.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '01a7362d577a6c3019a474fd6f485823' }, ); console.log(dexTest.dex_tests); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "dex_tests": [ { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } ] } } ``` ## Domain Types ### Schema Data - `SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host?: string` The desired endpoint to test. - `kind?: string` The type of test. - `method?: string` The HTTP request method type. ### Schema HTTP - `SchemaHTTP` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host?: string` The desired endpoint to test. - `kind?: string` The type of test. - `method?: string` The HTTP request method type. - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` Device settings profiles targeted by this test. - `id?: string` The id of the device settings profile. - `default?: boolean` Whether the profile is the account default. - `name?: string` The name of the device settings profile. - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### DEX Test List Response - `DEXTestListResponse` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### DEX Test Get Response - `DEXTestGetResponse` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### DEX Test Create Response - `DEXTestCreateResponse` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### DEX Test Update Response - `DEXTestUpdateResponse` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. ### DEX Test Delete Response - `DEXTestDeleteResponse` - `dex_tests?: Array` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` API Resource UUID tag. - `default?: boolean` Whether the DEX rule is the account default - `name?: string` The name of the DEX rule - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. # IP Profiles ## List IP profiles `client.zeroTrust.devices.ipProfiles.list(IPProfileListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/ip-profiles` Lists WARP Device IP profiles. ### Parameters - `params: IPProfileListParams` - `account_id: string` Path param - `per_page?: number` Query param: The number of IP profiles to return per page. ### Returns - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const ipProfile of client.zeroTrust.devices.ipProfiles.list({ account_id: 'account_id', })) { console.log(ipProfile.id); } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 10, "total_count": 10, "total_pages": 1 } } ``` ## Get IP profile `client.zeroTrust.devices.ipProfiles.get(stringprofileId, IPProfileGetParamsparams, RequestOptionsoptions?): IPProfile` **get** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Fetches a single WARP Device IP profile. ### Parameters - `profileId: string` - `params: IPProfileGetParams` - `account_id: string` ### Returns - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ipProfile = await client.zeroTrust.devices.ipProfiles.get('profile_id', { account_id: 'account_id', }); console.log(ipProfile.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Create IP profile `client.zeroTrust.devices.ipProfiles.create(IPProfileCreateParamsparams, RequestOptionsoptions?): IPProfile` **post** `/accounts/{account_id}/devices/ip-profiles` Creates a WARP Device IP profile. Currently, only IPv4 Device subnets can be associated. ### Parameters - `params: IPProfileCreateParams` - `account_id: string` Path param - `match: string` Body param: The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` Body param: A user-friendly name for the Device IP profile. - `precedence: number` Body param: The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` Body param: The ID of the Subnet. - `description?: string | null` Body param: An optional description of the Device IP profile. - `enabled?: boolean` Body param: Whether the Device IP profile will be applied to matching devices. ### Returns - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ipProfile = await client.zeroTrust.devices.ipProfiles.create({ account_id: 'account_id', match: 'identity.email == "test@cloudflare.com"', name: 'IPv4 Cloudflare Source IPs', precedence: 100, subnet_id: 'b70ff985-a4ef-4643-bbbc-4a0ed4fc8415', }); console.log(ipProfile.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Update IP profile `client.zeroTrust.devices.ipProfiles.update(stringprofileId, IPProfileUpdateParamsparams, RequestOptionsoptions?): IPProfile` **patch** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Updates a WARP Device IP profile. Currently, only IPv4 Device subnets can be associated. ### Parameters - `profileId: string` - `params: IPProfileUpdateParams` - `account_id: string` Path param - `description?: string` Body param: An optional description of the Device IP profile. - `enabled?: boolean` Body param: Whether the Device IP profile is enabled. - `match?: string` Body param: The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name?: string` Body param: A user-friendly name for the Device IP profile. - `precedence?: number` Body param: The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id?: string` Body param: The ID of the Subnet. ### Returns - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ipProfile = await client.zeroTrust.devices.ipProfiles.update('profile_id', { account_id: 'account_id', }); console.log(ipProfile.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Delete IP profile `client.zeroTrust.devices.ipProfiles.delete(stringprofileId, IPProfileDeleteParamsparams, RequestOptionsoptions?): IPProfileDeleteResponse` **delete** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Delete a WARP Device IP profile. ### Parameters - `profileId: string` - `params: IPProfileDeleteParams` - `account_id: string` ### Returns - `IPProfileDeleteResponse` - `id?: string` ID of the deleted Device IP profile. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ipProfile = await client.zeroTrust.devices.ipProfiles.delete('profile_id', { account_id: 'account_id', }); console.log(ipProfile.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### IP Profile - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### IP Profile Delete Response - `IPProfileDeleteResponse` - `id?: string` ID of the deleted Device IP profile. # Networks ## List your device managed networks `client.zeroTrust.devices.networks.list(NetworkListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/networks` Fetches a list of managed networks for an account. ### Parameters - `params: NetworkListParams` - `account_id: string` ### Returns - `DeviceNetwork` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const deviceNetwork of client.zeroTrust.devices.networks.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(deviceNetwork.network_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device managed network details `client.zeroTrust.devices.networks.get(stringnetworkId, NetworkGetParamsparams, RequestOptionsoptions?): DeviceNetwork | null` **get** `/accounts/{account_id}/devices/networks/{network_id}` Fetches details for a single managed network. ### Parameters - `networkId: string` API UUID. - `params: NetworkGetParams` - `account_id: string` ### Returns - `DeviceNetwork | null` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceNetwork = await client.zeroTrust.devices.networks.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(deviceNetwork.network_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Create a device managed network `client.zeroTrust.devices.networks.create(NetworkCreateParamsparams, RequestOptionsoptions?): DeviceNetwork | null` **post** `/accounts/{account_id}/devices/networks` Creates a new device managed network. ### Parameters - `params: NetworkCreateParams` - `account_id: string` Path param - `config: Config` Body param: The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: string` Body param: The name of the device managed network. This name must be unique. - `type: "tls"` Body param: The type of device managed network. - `"tls"` ### Returns - `DeviceNetwork | null` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceNetwork = await client.zeroTrust.devices.networks.create({ account_id: '699d98642c564d2e855e9661899b7252', config: { tls_sockaddr: 'foo.bar:1234' }, name: 'managed-network-1', type: 'tls', }); console.log(deviceNetwork.network_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Update a device managed network `client.zeroTrust.devices.networks.update(stringnetworkId, NetworkUpdateParamsparams, RequestOptionsoptions?): DeviceNetwork | null` **put** `/accounts/{account_id}/devices/networks/{network_id}` Updates a configured device managed network. ### Parameters - `networkId: string` API UUID. - `params: NetworkUpdateParams` - `account_id: string` Path param - `config?: Config` Body param: The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` Body param: The name of the device managed network. This name must be unique. - `type?: "tls"` Body param: The type of device managed network. - `"tls"` ### Returns - `DeviceNetwork | null` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceNetwork = await client.zeroTrust.devices.networks.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(deviceNetwork.network_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Delete a device managed network `client.zeroTrust.devices.networks.delete(stringnetworkId, NetworkDeleteParamsparams, RequestOptionsoptions?): SinglePage` **delete** `/accounts/{account_id}/devices/networks/{network_id}` Deletes a device managed network and fetches a list of the remaining device managed networks for an account. ### Parameters - `networkId: string` API UUID. - `params: NetworkDeleteParams` - `account_id: string` ### Returns - `DeviceNetwork` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const deviceNetwork of client.zeroTrust.devices.networks.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(deviceNetwork.network_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Device Network - `DeviceNetwork` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` # Fleet Status ## Get the live status of a latest device `client.zeroTrust.devices.fleetStatus.get(stringdeviceId, FleetStatusGetParamsparams, RequestOptionsoptions?): FleetStatusGetResponse` **get** `/accounts/{account_id}/dex/devices/{device_id}/fleet-status/live` Get the live status of a latest device given device_id from the device_state table ### Parameters - `deviceId: string` Device-specific ID, given as UUID v4 - `params: FleetStatusGetParams` - `account_id: string` Path param: Unique identifier for account - `since_minutes: number` Query param: Number of minutes before current time - `colo?: string` Query param: List of data centers to filter results - `time_now?: string` Query param: Number of minutes before current time ### Returns - `FleetStatusGetResponse` - `colo: string` Cloudflare colo - `deviceId: string` Device identifier (UUID v4) - `mode: string` The mode under which the WARP client is run - `platform: string` Operating system - `status: string` Network status - `timestamp: string` Timestamp in ISO format - `version: string` WARP client version - `alwaysOn?: boolean | null` - `batteryCharging?: boolean | null` - `batteryCycles?: number | null` - `batteryPct?: number | null` - `connectionType?: string | null` - `cpuPct?: number | null` - `cpuPctByApp?: Array> | null` - `cpu_pct?: number` - `name?: string` - `deviceIpv4?: DeviceIPV4` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `deviceIpv6?: DeviceIPV6` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `deviceName?: string` Device identifier (human readable) - `diskReadBps?: number | null` - `diskUsagePct?: number | null` - `diskWriteBps?: number | null` - `dohSubdomain?: string | null` - `estimatedLossPct?: number | null` - `firewallEnabled?: boolean | null` - `gatewayIpv4?: GatewayIPV4` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `gatewayIpv6?: GatewayIPV6` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `handshakeLatencyMs?: number | null` - `ispIpv4?: ISPIPV4` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `ispIpv6?: ISPIPV6` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `metal?: string | null` - `networkRcvdBps?: number | null` - `networkSentBps?: number | null` - `networkSsid?: string | null` - `personEmail?: string` User contact email address - `ramAvailableKb?: number | null` - `ramUsedPct?: number | null` - `ramUsedPctByApp?: Array> | null` - `name?: string` - `ram_used_pct?: number` - `registrationId?: string | null` Device registration identifier (UUID v4). On multi-user devices, this uniquely identifies a user's registration on the device. - `switchLocked?: boolean | null` - `wifiStrengthDbm?: number | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const fleetStatus = await client.zeroTrust.devices.fleetStatus.get( 'cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7', { account_id: '01a7362d577a6c3019a474fd6f485823', since_minutes: 10 }, ); console.log(fleetStatus.networkSsid); ``` #### Response ```json { "colo": "SJC", "deviceId": "deviceId", "mode": "proxy", "platform": "windows", "status": "connected", "timestamp": "2023-10-11T00:00:00Z", "version": "1.0.0", "alwaysOn": true, "batteryCharging": true, "batteryCycles": 0, "batteryPct": 0, "connectionType": "connectionType", "cpuPct": 0, "cpuPctByApp": [ [ { "cpu_pct": 0, "name": "name" } ] ], "deviceIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "deviceIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "deviceName": "deviceName", "diskReadBps": 0, "diskUsagePct": 0, "diskWriteBps": 0, "dohSubdomain": "dohSubdomain", "estimatedLossPct": 0, "firewallEnabled": true, "gatewayIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "gatewayIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "handshakeLatencyMs": 0, "ispIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "ispIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "metal": "metal", "networkRcvdBps": 0, "networkSentBps": 0, "networkSsid": "networkSsid", "personEmail": "personEmail", "ramAvailableKb": 0, "ramUsedPct": 0, "ramUsedPctByApp": [ [ { "name": "name", "ram_used_pct": 0 } ] ], "registrationId": "registrationId", "switchLocked": true, "wifiStrengthDbm": 0 } ``` ## Domain Types ### Fleet Status Get Response - `FleetStatusGetResponse` - `colo: string` Cloudflare colo - `deviceId: string` Device identifier (UUID v4) - `mode: string` The mode under which the WARP client is run - `platform: string` Operating system - `status: string` Network status - `timestamp: string` Timestamp in ISO format - `version: string` WARP client version - `alwaysOn?: boolean | null` - `batteryCharging?: boolean | null` - `batteryCycles?: number | null` - `batteryPct?: number | null` - `connectionType?: string | null` - `cpuPct?: number | null` - `cpuPctByApp?: Array> | null` - `cpu_pct?: number` - `name?: string` - `deviceIpv4?: DeviceIPV4` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `deviceIpv6?: DeviceIPV6` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `deviceName?: string` Device identifier (human readable) - `diskReadBps?: number | null` - `diskUsagePct?: number | null` - `diskWriteBps?: number | null` - `dohSubdomain?: string | null` - `estimatedLossPct?: number | null` - `firewallEnabled?: boolean | null` - `gatewayIpv4?: GatewayIPV4` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `gatewayIpv6?: GatewayIPV6` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `handshakeLatencyMs?: number | null` - `ispIpv4?: ISPIPV4` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `ispIpv6?: ISPIPV6` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `netmask?: string | null` - `version?: string | null` - `metal?: string | null` - `networkRcvdBps?: number | null` - `networkSentBps?: number | null` - `networkSsid?: string | null` - `personEmail?: string` User contact email address - `ramAvailableKb?: number | null` - `ramUsedPct?: number | null` - `ramUsedPctByApp?: Array> | null` - `name?: string` - `ram_used_pct?: number` - `registrationId?: string | null` Device registration identifier (UUID v4). On multi-user devices, this uniquely identifies a user's registration on the device. - `switchLocked?: boolean | null` - `wifiStrengthDbm?: number | null` # Policies ## Domain Types ### Device Policy Certificates - `DevicePolicyCertificates` - `enabled: boolean` The current status of the device policy certificate provisioning feature for WARP clients. ### Fallback Domain - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Fallback Domain Policy - `FallbackDomainPolicy = Array | null` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Settings Policy - `SettingsPolicy` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Split Tunnel Exclude - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Split Tunnel Include - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. # Default ## Get the default device settings profile `client.zeroTrust.devices.policies.default.get(DefaultGetParamsparams, RequestOptionsoptions?): DefaultGetResponse | null` **get** `/accounts/{account_id}/devices/policy` Fetches the default device settings profile for an account. ### Parameters - `params: DefaultGetParams` - `account_id: string` ### Returns - `DefaultGetResponse` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy will be applied to matching devices. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `policy_id?: string` - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const _default = await client.zeroTrust.devices.policies.default.get({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(_default.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": true, "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "tunnel_protocol": "wireguard" }, "success": true } ``` ## Update the default device settings profile `client.zeroTrust.devices.policies.default.edit(DefaultEditParamsparams, RequestOptionsoptions?): DefaultEditResponse | null` **patch** `/accounts/{account_id}/devices/policy` Updates the default device settings profile for an account. ### Parameters - `params: DefaultEditParams` - `account_id: string` Path param - `allow_mode_switch?: boolean` Body param: Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Body param: Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Body param: Whether to allow devices to leave the organization. - `auto_connect?: number` Body param: The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Body param: Turn on the captive portal after the specified amount of time. - `disable_auto_fallback?: boolean` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `exclude?: Array` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `include?: Array` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `register_interface_ip_with_dns?: boolean` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` Body param - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` Body param: The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Body param: Determines which tunnel protocol to use. ### Returns - `DefaultEditResponse` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy will be applied to matching devices. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `policy_id?: string` - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.policies.default.edit({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(response.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": true, "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "tunnel_protocol": "wireguard" }, "success": true } ``` ## Domain Types ### Default Get Response - `DefaultGetResponse` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy will be applied to matching devices. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `policy_id?: string` - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Default Edit Response - `DefaultEditResponse` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy will be applied to matching devices. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `policy_id?: string` - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Determines which tunnel protocol to use. # Excludes ## Get the Split Tunnel exclude list `client.zeroTrust.devices.policies.default.excludes.get(ExcludeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/exclude` Fetches the list of routes excluded from the WARP client's tunnel. ### Parameters - `params: ExcludeGetParams` - `account_id: string` ### Returns - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelExclude of client.zeroTrust.devices.policies.default.excludes.get({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(splitTunnelExclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel exclude list `client.zeroTrust.devices.policies.default.excludes.update(ExcludeUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/exclude` Sets the list of routes excluded from the WARP client's tunnel. ### Parameters - `params: ExcludeUpdateParams` - `account_id: string` Path param - `body: Array` Body param - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelExclude of client.zeroTrust.devices.policies.default.excludes.update({ account_id: '699d98642c564d2e855e9661899b7252', body: [{ address: '192.0.2.0/24' }], })) { console.log(splitTunnelExclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Includes ## Get the Split Tunnel include list `client.zeroTrust.devices.policies.default.includes.get(IncludeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/include` Fetches the list of routes included in the WARP client's tunnel. ### Parameters - `params: IncludeGetParams` - `account_id: string` ### Returns - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelInclude of client.zeroTrust.devices.policies.default.includes.get({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(splitTunnelInclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel include list `client.zeroTrust.devices.policies.default.includes.update(IncludeUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/include` Sets the list of routes included in the WARP client's tunnel. ### Parameters - `params: IncludeUpdateParams` - `account_id: string` Path param - `body: Array` Body param - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelInclude of client.zeroTrust.devices.policies.default.includes.update({ account_id: '699d98642c564d2e855e9661899b7252', body: [{ address: '192.0.2.0/24' }], })) { console.log(splitTunnelInclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Fallback Domains ## Get your Local Domain Fallback list `client.zeroTrust.devices.policies.default.fallbackDomains.get(FallbackDomainGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/fallback_domains` Fetches a list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. ### Parameters - `params: FallbackDomainGetParams` - `account_id: string` ### Returns - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const fallbackDomain of client.zeroTrust.devices.policies.default.fallbackDomains.get({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(fallbackDomain.suffix); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set your Local Domain Fallback list `client.zeroTrust.devices.policies.default.fallbackDomains.update(FallbackDomainUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/fallback_domains` Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. ### Parameters - `params: FallbackDomainUpdateParams` - `account_id: string` Path param - `domains: Array` Body param - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Returns - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const fallbackDomain of client.zeroTrust.devices.policies.default.fallbackDomains.update( { account_id: '699d98642c564d2e855e9661899b7252', domains: [{ suffix: 'example.com' }] }, )) { console.log(fallbackDomain.suffix); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Certificates ## Get device certificate provisioning status `client.zeroTrust.devices.policies.default.certificates.get(CertificateGetParamsparams, RequestOptionsoptions?): DevicePolicyCertificates | null` **get** `/zones/{zone_id}/devices/policy/certificates` Fetches device certificate provisioning. ### Parameters - `params: CertificateGetParams` - `zone_id: string` ### Returns - `DevicePolicyCertificates | null` - `enabled: boolean` The current status of the device policy certificate provisioning feature for WARP clients. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePolicyCertificates = await client.zeroTrust.devices.policies.default.certificates.get({ zone_id: '699d98642c564d2e855e9661899b7252', }); console.log(devicePolicyCertificates.enabled); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "enabled": true }, "success": true } ``` ## Update device certificate provisioning status `client.zeroTrust.devices.policies.default.certificates.edit(CertificateEditParamsparams, RequestOptionsoptions?): DevicePolicyCertificates | null` **patch** `/zones/{zone_id}/devices/policy/certificates` Enable Zero Trust Clients to provision a certificate, containing a x509 subject, and referenced by Access device posture policies when the client visits MTLS protected domains. This facilitates device posture without a WARP session. ### Parameters - `params: CertificateEditParams` - `zone_id: string` Path param - `enabled: boolean` Body param: The current status of the device policy certificate provisioning feature for WARP clients. ### Returns - `DevicePolicyCertificates | null` - `enabled: boolean` The current status of the device policy certificate provisioning feature for WARP clients. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePolicyCertificates = await client.zeroTrust.devices.policies.default.certificates.edit({ zone_id: '699d98642c564d2e855e9661899b7252', enabled: true, }); console.log(devicePolicyCertificates.enabled); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "enabled": true }, "success": true } ``` # Custom ## List device settings profiles `client.zeroTrust.devices.policies.custom.list(CustomListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policies` Fetches a list of the device settings profiles for an account. ### Parameters - `params: CustomListParams` - `account_id: string` ### Returns - `SettingsPolicy` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const settingsPolicy of client.zeroTrust.devices.policies.custom.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(settingsPolicy.gateway_unique_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device settings profile by ID `client.zeroTrust.devices.policies.custom.get(stringpolicyId, CustomGetParamsparams, RequestOptionsoptions?): SettingsPolicy | null` **get** `/accounts/{account_id}/devices/policy/{policy_id}` Fetches a device settings profile by ID. ### Parameters - `policyId: string` - `params: CustomGetParams` - `account_id: string` ### Returns - `SettingsPolicy | null` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const settingsPolicy = await client.zeroTrust.devices.policies.custom.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(settingsPolicy.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Create a device settings profile `client.zeroTrust.devices.policies.custom.create(CustomCreateParamsparams, RequestOptionsoptions?): SettingsPolicy | null` **post** `/accounts/{account_id}/devices/policy` Creates a device settings profile to be applied to certain devices matching the criteria. ### Parameters - `params: CustomCreateParams` - `account_id: string` Path param - `match: string` Body param: The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: string` Body param: The name of the device settings profile. - `precedence: number` Body param: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `allow_mode_switch?: boolean` Body param: Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Body param: Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Body param: Whether to allow devices to leave the organization. - `auto_connect?: number` Body param: The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Body param: Turn on the captive portal after the specified amount of time. - `description?: string` Body param: A description of the policy. - `disable_auto_fallback?: boolean` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Body param: Whether the policy will be applied to matching devices. - `exclude?: Array` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `include?: Array` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `register_interface_ip_with_dns?: boolean` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` Body param - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` Body param: The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Body param: Determines which tunnel protocol to use. ### Returns - `SettingsPolicy | null` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const settingsPolicy = await client.zeroTrust.devices.policies.custom.create({ account_id: '699d98642c564d2e855e9661899b7252', match: 'identity.email == "test@cloudflare.com"', name: 'Allow Developers', precedence: 100, }); console.log(settingsPolicy.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Update a device settings profile `client.zeroTrust.devices.policies.custom.edit(stringpolicyId, CustomEditParamsparams, RequestOptionsoptions?): SettingsPolicy | null` **patch** `/accounts/{account_id}/devices/policy/{policy_id}` Updates a configured device settings profile. ### Parameters - `policyId: string` - `params: CustomEditParams` - `account_id: string` Path param - `allow_mode_switch?: boolean` Body param: Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Body param: Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Body param: Whether to allow devices to leave the organization. - `auto_connect?: number` Body param: The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Body param: Turn on the captive portal after the specified amount of time. - `description?: string` Body param: A description of the policy. - `disable_auto_fallback?: boolean` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Body param: Whether the policy will be applied to matching devices. - `exclude?: Array` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `include?: Array` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` Body param: The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` Body param: The name of the device settings profile. - `precedence?: number` Body param: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` Body param - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` Body param: The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Body param: Determines which tunnel protocol to use. ### Returns - `SettingsPolicy | null` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const settingsPolicy = await client.zeroTrust.devices.policies.custom.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(settingsPolicy.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Delete a device settings profile `client.zeroTrust.devices.policies.custom.delete(stringpolicyId, CustomDeleteParamsparams, RequestOptionsoptions?): SinglePage` **delete** `/accounts/{account_id}/devices/policy/{policy_id}` Deletes a device settings profile and fetches a list of the remaining profiles for an account. ### Parameters - `policyId: string` - `params: CustomDeleteParams` - `account_id: string` ### Returns - `SettingsPolicy` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const settingsPolicy of client.zeroTrust.devices.policies.custom.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(settingsPolicy.gateway_unique_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Excludes ## Get the Split Tunnel exclude list for a device settings profile `client.zeroTrust.devices.policies.custom.excludes.get(stringpolicyId, ExcludeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/{policy_id}/exclude` Fetches the list of routes excluded from the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyId: string` - `params: ExcludeGetParams` - `account_id: string` ### Returns - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelExclude of client.zeroTrust.devices.policies.custom.excludes.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(splitTunnelExclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel exclude list for a device settings profile `client.zeroTrust.devices.policies.custom.excludes.update(stringpolicyId, ExcludeUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/{policy_id}/exclude` Sets the list of routes excluded from the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyId: string` - `params: ExcludeUpdateParams` - `account_id: string` Path param - `body: Array` Body param - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelExclude of client.zeroTrust.devices.policies.custom.excludes.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', body: [{ address: '192.0.2.0/24' }] }, )) { console.log(splitTunnelExclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Includes ## Get the Split Tunnel include list for a device settings profile `client.zeroTrust.devices.policies.custom.includes.get(stringpolicyId, IncludeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/{policy_id}/include` Fetches the list of routes included in the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyId: string` - `params: IncludeGetParams` - `account_id: string` ### Returns - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelInclude of client.zeroTrust.devices.policies.custom.includes.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(splitTunnelInclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel include list for a device settings profile `client.zeroTrust.devices.policies.custom.includes.update(stringpolicyId, IncludeUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/{policy_id}/include` Sets the list of routes included in the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyId: string` - `params: IncludeUpdateParams` - `account_id: string` Path param - `body: Array` Body param - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelInclude of client.zeroTrust.devices.policies.custom.includes.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', body: [{ address: '192.0.2.0/24' }] }, )) { console.log(splitTunnelInclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Fallback Domains ## Get the Local Domain Fallback list for a device settings profile `client.zeroTrust.devices.policies.custom.fallbackDomains.get(stringpolicyId, FallbackDomainGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains` Fetches the list of domains to bypass Gateway DNS resolution from a specified device settings profile. These domains will use the specified local DNS resolver instead. ### Parameters - `policyId: string` - `params: FallbackDomainGetParams` - `account_id: string` ### Returns - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const fallbackDomain of client.zeroTrust.devices.policies.custom.fallbackDomains.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(fallbackDomain.suffix); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Local Domain Fallback list for a device settings profile `client.zeroTrust.devices.policies.custom.fallbackDomains.update(stringpolicyId, FallbackDomainUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains` Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. This will only apply to the specified device settings profile. ### Parameters - `policyId: string` - `params: FallbackDomainUpdateParams` - `account_id: string` Path param - `domains: Array` Body param - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Returns - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const fallbackDomain of client.zeroTrust.devices.policies.custom.fallbackDomains.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', domains: [{ suffix: 'example.com' }] }, )) { console.log(fallbackDomain.suffix); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Posture ## List device posture rules `client.zeroTrust.devices.posture.list(PostureListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/posture` Fetches device posture rules for a Zero Trust account. ### Parameters - `params: PostureListParams` - `account_id: string` ### Returns - `DevicePostureRule` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const devicePostureRule of client.zeroTrust.devices.posture.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(devicePostureRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device posture rule details `client.zeroTrust.devices.posture.get(stringruleId, PostureGetParamsparams, RequestOptionsoptions?): DevicePostureRule | null` **get** `/accounts/{account_id}/devices/posture/{rule_id}` Fetches a single device posture rule. ### Parameters - `ruleId: string` API UUID. - `params: PostureGetParams` - `account_id: string` ### Returns - `DevicePostureRule | null` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePostureRule = await client.zeroTrust.devices.posture.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(devicePostureRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Create a device posture rule `client.zeroTrust.devices.posture.create(PostureCreateParamsparams, RequestOptionsoptions?): DevicePostureRule | null` **post** `/accounts/{account_id}/devices/posture` Creates a new device posture rule. ### Parameters - `params: PostureCreateParams` - `account_id: string` Path param - `name: string` Body param: The name of the device posture rule. - `type: "file" | "application" | "tanium" | 20 more` Body param: The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` - `description?: string` Body param: The description of the device posture rule. - `expiration?: string` Body param: Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` Body param: The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` Body param: The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `schedule?: string` Body param: Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. ### Returns - `DevicePostureRule | null` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePostureRule = await client.zeroTrust.devices.posture.create({ account_id: '699d98642c564d2e855e9661899b7252', name: 'Admin Serial Numbers', type: 'file', }); console.log(devicePostureRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Update a device posture rule `client.zeroTrust.devices.posture.update(stringruleId, PostureUpdateParamsparams, RequestOptionsoptions?): DevicePostureRule | null` **put** `/accounts/{account_id}/devices/posture/{rule_id}` Updates a device posture rule. ### Parameters - `ruleId: string` API UUID. - `params: PostureUpdateParams` - `account_id: string` Path param - `name: string` Body param: The name of the device posture rule. - `type: "file" | "application" | "tanium" | 20 more` Body param: The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` - `description?: string` Body param: The description of the device posture rule. - `expiration?: string` Body param: Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` Body param: The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` Body param: The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `schedule?: string` Body param: Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. ### Returns - `DevicePostureRule | null` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePostureRule = await client.zeroTrust.devices.posture.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', name: 'Admin Serial Numbers', type: 'file', }, ); console.log(devicePostureRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Delete a device posture rule `client.zeroTrust.devices.posture.delete(stringruleId, PostureDeleteParamsparams, RequestOptionsoptions?): PostureDeleteResponse | null` **delete** `/accounts/{account_id}/devices/posture/{rule_id}` Deletes a device posture rule. ### Parameters - `ruleId: string` API UUID. - `params: PostureDeleteParams` - `account_id: string` ### Returns - `PostureDeleteResponse` - `id?: string` API UUID. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const posture = await client.zeroTrust.devices.posture.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(posture.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### Carbonblack Input - `CarbonblackInput = string` ### Client Certificate Input - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. ### Crowdstrike Input - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` ### Device Input - `DeviceInput = FileInput | UniqueClientIDInput | DomainJoinedInput | 17 more` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. ### Device Match - `DeviceMatch` - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` ### Device Posture Rule - `DevicePostureRule` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Disk Encryption Input - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. ### Domain Joined Input - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. ### File Input - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. ### Firewall Input - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` ### Intune Input - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. ### Kolide Input - `KolideInput` - `connection_id: string` Posture Integration ID. - `countOperator: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: string` The Number of Issues. ### OS Version Input - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. ### Sentinelone Input - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. ### Sentinelone S2s Input - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` ### Tanium Input - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. ### Unique Client ID Input - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` ### Workspace One Input - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. ### Posture Delete Response - `PostureDeleteResponse` - `id?: string` API UUID. # Integrations ## List your device posture integrations `client.zeroTrust.devices.posture.integrations.list(IntegrationListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/posture/integration` Fetches the list of device posture integrations for an account. ### Parameters - `params: IntegrationListParams` - `account_id: string` ### Returns - `Integration` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const integration of client.zeroTrust.devices.posture.integrations.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(integration.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device posture integration details `client.zeroTrust.devices.posture.integrations.get(stringintegrationId, IntegrationGetParamsparams, RequestOptionsoptions?): Integration | null` **get** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Fetches details for a single device posture integration. ### Parameters - `integrationId: string` API UUID. - `params: IntegrationGetParams` - `account_id: string` ### Returns - `Integration | null` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const integration = await client.zeroTrust.devices.posture.integrations.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(integration.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Create a device posture integration `client.zeroTrust.devices.posture.integrations.create(IntegrationCreateParamsparams, RequestOptionsoptions?): Integration | null` **post** `/accounts/{account_id}/devices/posture/integration` Create a new device posture integration. ### Parameters - `params: IntegrationCreateParams` - `account_id: string` Path param - `config: TeamsDevicesWorkspaceOneConfigRequest | TeamsDevicesCrowdstrikeConfigRequest | TeamsDevicesUptycsConfigRequest | 5 more` Body param: The configuration object containing third-party integration information. - `TeamsDevicesWorkspaceOneConfigRequest` - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `client_secret: string` The Workspace One client secret provided in the Workspace One Admin Dashboard. - `TeamsDevicesCrowdstrikeConfigRequest` - `api_url: string` The Crowdstrike API URL. - `client_id: string` The Crowdstrike client ID. - `client_secret: string` The Crowdstrike client secret. - `customer_id: string` The Crowdstrike customer ID. - `TeamsDevicesUptycsConfigRequest` - `api_url: string` The Uptycs API URL. - `client_key: string` The Uptycs client secret. - `client_secret: string` The Uptycs client secret. - `customer_id: string` The Uptycs customer ID. - `TeamsDevicesIntuneConfigRequest` - `client_id: string` The Intune client ID. - `client_secret: string` The Intune client secret. - `customer_id: string` The Intune customer ID. - `TeamsDevicesKolideConfigRequest` - `client_id: string` The Kolide client ID. - `client_secret: string` The Kolide client secret. - `TeamsDevicesTaniumConfigRequest` - `api_url: string` The Tanium API URL. - `client_secret: string` The Tanium client secret. - `access_client_id?: string` If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret?: string` If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `TeamsDevicesSentineloneS2sConfigRequest` - `api_url: string` The SentinelOne S2S API URL. - `client_secret: string` The SentinelOne S2S client secret. - `TeamsDevicesCustomS2sConfigRequest` - `access_client_id: string` This id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret: string` This secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `api_url: string` The Custom Device Posture Integration API URL. - `interval: string` Body param: The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: string` Body param: The name of the device posture integration. - `type: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` Body param: The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Returns - `Integration | null` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const integration = await client.zeroTrust.devices.posture.integrations.create({ account_id: '699d98642c564d2e855e9661899b7252', config: { api_url: 'https://as123.awmdm.com/API', auth_url: 'https://na.uemauth.workspaceone.com/connect/token', client_id: 'example client id', client_secret: 'example client secret', }, interval: '10m', name: 'My Workspace One Integration', type: 'workspace_one', }); console.log(integration.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Update a device posture integration `client.zeroTrust.devices.posture.integrations.edit(stringintegrationId, IntegrationEditParamsparams, RequestOptionsoptions?): Integration | null` **patch** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Updates a configured device posture integration. ### Parameters - `integrationId: string` API UUID. - `params: IntegrationEditParams` - `account_id: string` Path param - `config?: TeamsDevicesWorkspaceOneConfigRequest | TeamsDevicesCrowdstrikeConfigRequest | TeamsDevicesUptycsConfigRequest | 5 more` Body param: The configuration object containing third-party integration information. - `TeamsDevicesWorkspaceOneConfigRequest` - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `client_secret: string` The Workspace One client secret provided in the Workspace One Admin Dashboard. - `TeamsDevicesCrowdstrikeConfigRequest` - `api_url: string` The Crowdstrike API URL. - `client_id: string` The Crowdstrike client ID. - `client_secret: string` The Crowdstrike client secret. - `customer_id: string` The Crowdstrike customer ID. - `TeamsDevicesUptycsConfigRequest` - `api_url: string` The Uptycs API URL. - `client_key: string` The Uptycs client secret. - `client_secret: string` The Uptycs client secret. - `customer_id: string` The Uptycs customer ID. - `TeamsDevicesIntuneConfigRequest` - `client_id: string` The Intune client ID. - `client_secret: string` The Intune client secret. - `customer_id: string` The Intune customer ID. - `TeamsDevicesKolideConfigRequest` - `client_id: string` The Kolide client ID. - `client_secret: string` The Kolide client secret. - `TeamsDevicesTaniumConfigRequest` - `api_url: string` The Tanium API URL. - `client_secret: string` The Tanium client secret. - `access_client_id?: string` If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret?: string` If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `TeamsDevicesSentineloneS2sConfigRequest` - `api_url: string` The SentinelOne S2S API URL. - `client_secret: string` The SentinelOne S2S client secret. - `TeamsDevicesCustomS2sConfigRequest` - `access_client_id: string` This id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret: string` This secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `api_url: string` The Custom Device Posture Integration API URL. - `interval?: string` Body param: The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` Body param: The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` Body param: The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Returns - `Integration | null` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const integration = await client.zeroTrust.devices.posture.integrations.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(integration.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Delete a device posture integration `client.zeroTrust.devices.posture.integrations.delete(stringintegrationId, IntegrationDeleteParamsparams, RequestOptionsoptions?): IntegrationDeleteResponse | null` **delete** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Delete a configured device posture integration. ### Parameters - `integrationId: string` API UUID. - `params: IntegrationDeleteParams` - `account_id: string` ### Returns - `IntegrationDeleteResponse = unknown | string | null` - `unknown` - `string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const integration = await client.zeroTrust.devices.posture.integrations.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(integration); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Integration - `Integration` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Integration Delete Response - `IntegrationDeleteResponse = unknown | string | null` - `unknown` - `string` # Revoke ## Revoke devices (deprecated) `client.zeroTrust.devices.revoke.create(RevokeCreateParamsparams, RequestOptionsoptions?): RevokeCreateResponse | null` **post** `/accounts/{account_id}/devices/revoke` Revokes a list of devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled. **Deprecated**: please use POST /accounts/{account_id}/devices/registrations/revoke instead. ### Parameters - `params: RevokeCreateParams` - `account_id: string` Path param - `body: Array` Body param: A list of Registration IDs to revoke. ### Returns - `RevokeCreateResponse = unknown | string | null` - `unknown` - `string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const revoke = await client.zeroTrust.devices.revoke.create({ account_id: '699d98642c564d2e855e9661899b7252', body: ['f174e90a-fafe-4643-bbbc-4a0ed4fc8415'], }); console.log(revoke); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Revoke Create Response - `RevokeCreateResponse = unknown | string | null` - `unknown` - `string` # Settings ## Get device settings for a Zero Trust account `client.zeroTrust.devices.settings.get(SettingGetParamsparams, RequestOptionsoptions?): DeviceSettings | null` **get** `/accounts/{account_id}/devices/settings` Describes the current device settings for a Zero Trust account. ### Parameters - `params: SettingGetParams` - `account_id: string` ### Returns - `DeviceSettings | null` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceSettings = await client.zeroTrust.devices.settings.get({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(deviceSettings.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Update device settings for a Zero Trust account `client.zeroTrust.devices.settings.update(SettingUpdateParamsparams, RequestOptionsoptions?): DeviceSettings | null` **put** `/accounts/{account_id}/devices/settings` Updates the current device settings for a Zero Trust account. ### Parameters - `params: SettingUpdateParams` - `account_id: string` Path param - `disable_for_time?: number` Body param: Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Body param: Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` Body param: The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` Body param: The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` Body param: The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Body param: Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Body param: Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Body param: Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Body param: Enable using CGNAT virtual IPv4. ### Returns - `DeviceSettings | null` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceSettings = await client.zeroTrust.devices.settings.update({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(deviceSettings.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Patch device settings for a Zero Trust account `client.zeroTrust.devices.settings.edit(SettingEditParamsparams, RequestOptionsoptions?): DeviceSettings | null` **patch** `/accounts/{account_id}/devices/settings` Patches the current device settings for a Zero Trust account. ### Parameters - `params: SettingEditParams` - `account_id: string` Path param - `disable_for_time?: number` Body param: Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Body param: Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` Body param: The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` Body param: The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` Body param: The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Body param: Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Body param: Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Body param: Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Body param: Enable using CGNAT virtual IPv4. ### Returns - `DeviceSettings | null` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceSettings = await client.zeroTrust.devices.settings.edit({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(deviceSettings.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Reset device settings for a Zero Trust account with defaults. This turns off all proxying. `client.zeroTrust.devices.settings.delete(SettingDeleteParamsparams, RequestOptionsoptions?): DeviceSettings | null` **delete** `/accounts/{account_id}/devices/settings` Resets the current device settings for a Zero Trust account. ### Parameters - `params: SettingDeleteParams` - `account_id: string` ### Returns - `DeviceSettings | null` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceSettings = await client.zeroTrust.devices.settings.delete({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(deviceSettings.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Domain Types ### Device Settings - `DeviceSettings` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. # Unrevoke ## Unrevoke devices (deprecated) `client.zeroTrust.devices.unrevoke.create(UnrevokeCreateParamsparams, RequestOptionsoptions?): UnrevokeCreateResponse | null` **post** `/accounts/{account_id}/devices/unrevoke` Unrevokes a list of devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled. **Deprecated**: please use POST /accounts/{account_id}/devices/registrations/unrevoke instead. ### Parameters - `params: UnrevokeCreateParams` - `account_id: string` Path param - `body: Array` Body param: A list of Registration IDs to unrevoke. ### Returns - `UnrevokeCreateResponse = unknown | string | null` - `unknown` - `string` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const unrevoke = await client.zeroTrust.devices.unrevoke.create({ account_id: '699d98642c564d2e855e9661899b7252', body: ['f174e90a-fafe-4643-bbbc-4a0ed4fc8415'], }); console.log(unrevoke); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Unrevoke Create Response - `UnrevokeCreateResponse = unknown | string | null` - `unknown` - `string` # Override Codes ## Get override codes (deprecated) `client.zeroTrust.devices.overrideCodes.list(stringdeviceId, OverrideCodeListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/{device_id}/override_codes` Fetches a one-time use admin override code for a device. This relies on the **Admin Override** setting being enabled in your device configuration. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated:** please use GET /accounts/{account_id}/devices/registrations/{registration_id}/override_codes instead. ### Parameters - `deviceId: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `params: OverrideCodeListParams` - `account_id: string` ### Returns - `OverrideCodeListResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const overrideCodeListResponse of client.zeroTrust.devices.overrideCodes.list( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(overrideCodeListResponse); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ {} ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get override codes `client.zeroTrust.devices.overrideCodes.get(stringregistrationId, OverrideCodeGetParamsparams, RequestOptionsoptions?): OverrideCodeGetResponse` **get** `/accounts/{account_id}/devices/registrations/{registration_id}/override_codes` Fetches one-time use admin override codes for a registration. This relies on the **Admin Override** setting being enabled in your device configuration. ### Parameters - `registrationId: string` - `params: OverrideCodeGetParams` - `account_id: string` ### Returns - `OverrideCodeGetResponse` - `disable_for_time?: Record` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const overrideCode = await client.zeroTrust.devices.overrideCodes.get('registration_id', { account_id: 'account_id', }); console.log(overrideCode.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "disable_for_time": { "foo": "string" } }, "success": true } ``` ## Domain Types ### Override Code List Response - `OverrideCodeListResponse = unknown` ### Override Code Get Response - `OverrideCodeGetResponse` - `disable_for_time?: Record`