Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Devices
Policies

Default

Get the default device settings profile
client.zeroTrust.devices.policies.default.get(DefaultGetParams { account_id } params, RequestOptionsoptions?): DefaultGetResponse { allow_mode_switch, allow_updates, allowed_to_leave, 16 more } | null
GET/accounts/{account_id}/devices/policy
Update the default device settings profile
client.zeroTrust.devices.policies.default.edit(DefaultEditParams { account_id, allow_mode_switch, allow_updates, 15 more } params, RequestOptionsoptions?): DefaultEditResponse { allow_mode_switch, allow_updates, allowed_to_leave, 16 more } | null
PATCH/accounts/{account_id}/devices/policy
ModelsExpand Collapse
DefaultGetResponse { allow_mode_switch, allow_updates, allowed_to_leave, 16 more }
allow_mode_switch?: boolean

Whether to allow the user to switch WARP between modes.

allow_updates?: boolean

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave?: boolean

Whether to allow devices to leave the organization.

auto_connect?: number

The amount of time in seconds to reconnect after having been disabled.

captive_portal?: number

Turn on the captive portal after the specified amount of time.

default?: boolean

Whether the policy will be applied to matching devices.

disable_auto_fallback?: boolean

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled?: boolean

Whether the policy will be applied to matching devices.

exclude?: Array<SplitTunnelExclude>

List of routes excluded in the WARP client’s tunnel.

One of the following:
TeamsDevicesExcludeSplitTunnelWithAddress { address, description }
address: string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
TeamsDevicesExcludeSplitTunnelWithHost { host, description }
host: string

The domain name to exclude from the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
exclude_office_ips?: boolean

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains?: Array<FallbackDomain { suffix, description, dns_server } >
suffix: string

The domain suffix to match when resolving locally.

description?: string

A description of the fallback domain, displayed in the client UI.

maxLength100
dns_server?: Array<string>

A list of IP addresses to handle domain resolution.

gateway_unique_id?: string
include?: Array<SplitTunnelInclude>

List of routes included in the WARP client’s tunnel.

One of the following:
TeamsDevicesIncludeSplitTunnelWithAddress { address, description }
address: string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
TeamsDevicesIncludeSplitTunnelWithHost { host, description }
host: string

The domain name to include in the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
register_interface_ip_with_dns?: boolean

Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support?: boolean

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2?: ServiceModeV2 { mode, port }
mode?: string

The mode to run the WARP client under.

port?: number

The port number when used with proxy mode.

support_url?: string

The URL to launch when the Send Feedback button is clicked.

switch_locked?: boolean

Whether to allow the user to turn off the WARP switch and disconnect the client.

tunnel_protocol?: string

Determines which tunnel protocol to use.

DefaultEditResponse { allow_mode_switch, allow_updates, allowed_to_leave, 16 more }
allow_mode_switch?: boolean

Whether to allow the user to switch WARP between modes.

allow_updates?: boolean

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave?: boolean

Whether to allow devices to leave the organization.

auto_connect?: number

The amount of time in seconds to reconnect after having been disabled.

captive_portal?: number

Turn on the captive portal after the specified amount of time.

default?: boolean

Whether the policy will be applied to matching devices.

disable_auto_fallback?: boolean

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled?: boolean

Whether the policy will be applied to matching devices.

exclude?: Array<SplitTunnelExclude>

List of routes excluded in the WARP client’s tunnel.

One of the following:
TeamsDevicesExcludeSplitTunnelWithAddress { address, description }
address: string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
TeamsDevicesExcludeSplitTunnelWithHost { host, description }
host: string

The domain name to exclude from the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
exclude_office_ips?: boolean

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains?: Array<FallbackDomain { suffix, description, dns_server } >
suffix: string

The domain suffix to match when resolving locally.

description?: string

A description of the fallback domain, displayed in the client UI.

maxLength100
dns_server?: Array<string>

A list of IP addresses to handle domain resolution.

gateway_unique_id?: string
include?: Array<SplitTunnelInclude>

List of routes included in the WARP client’s tunnel.

One of the following:
TeamsDevicesIncludeSplitTunnelWithAddress { address, description }
address: string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
TeamsDevicesIncludeSplitTunnelWithHost { host, description }
host: string

The domain name to include in the tunnel. If host is present, address must not be present.

description?: string

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
register_interface_ip_with_dns?: boolean

Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support?: boolean

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2?: ServiceModeV2 { mode, port }
mode?: string

The mode to run the WARP client under.

port?: number

The port number when used with proxy mode.

support_url?: string

The URL to launch when the Send Feedback button is clicked.

switch_locked?: boolean

Whether to allow the user to turn off the WARP switch and disconnect the client.

tunnel_protocol?: string

Determines which tunnel protocol to use.

DefaultExcludes

Get the Split Tunnel exclude list
client.zeroTrust.devices.policies.default.excludes.get(ExcludeGetParams { account_id } params, RequestOptionsoptions?): SinglePage<SplitTunnelExclude>
GET/accounts/{account_id}/devices/policy/exclude
Set the Split Tunnel exclude list
client.zeroTrust.devices.policies.default.excludes.update(ExcludeUpdateParams { account_id, body } params, RequestOptionsoptions?): SinglePage<SplitTunnelExclude>
PUT/accounts/{account_id}/devices/policy/exclude

DefaultIncludes

Get the Split Tunnel include list
client.zeroTrust.devices.policies.default.includes.get(IncludeGetParams { account_id } params, RequestOptionsoptions?): SinglePage<SplitTunnelInclude>
GET/accounts/{account_id}/devices/policy/include
Set the Split Tunnel include list
client.zeroTrust.devices.policies.default.includes.update(IncludeUpdateParams { account_id, body } params, RequestOptionsoptions?): SinglePage<SplitTunnelInclude>
PUT/accounts/{account_id}/devices/policy/include

DefaultFallback Domains

Get your Local Domain Fallback list
client.zeroTrust.devices.policies.default.fallbackDomains.get(FallbackDomainGetParams { account_id } params, RequestOptionsoptions?): SinglePage<FallbackDomain { suffix, description, dns_server } >
GET/accounts/{account_id}/devices/policy/fallback_domains
Set your Local Domain Fallback list
client.zeroTrust.devices.policies.default.fallbackDomains.update(FallbackDomainUpdateParams { account_id, domains } params, RequestOptionsoptions?): SinglePage<FallbackDomain { suffix, description, dns_server } >
PUT/accounts/{account_id}/devices/policy/fallback_domains

DefaultCertificates

Get device certificate provisioning status
client.zeroTrust.devices.policies.default.certificates.get(CertificateGetParams { zone_id } params, RequestOptionsoptions?): DevicePolicyCertificates { enabled } | null
GET/zones/{zone_id}/devices/policy/certificates
Update device certificate provisioning status
client.zeroTrust.devices.policies.default.certificates.edit(CertificateEditParams { zone_id, enabled } params, RequestOptionsoptions?): DevicePolicyCertificates { enabled } | null
PATCH/zones/{zone_id}/devices/policy/certificates