Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
DLP
Payload Logs

Set payload log settings

client.zeroTrust.dlp.payloadLogs.update(PayloadLogUpdateParams { account_id, masking_level, public_key } params, RequestOptionsoptions?): PayloadLogUpdateResponse { updated_at, masking_level, public_key }
PUT/accounts/{account_id}/dlp/payload_log

Enables or disables payload logging for DLP matches. When enabled, matched content is stored for review.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Zero Trust Write
ParametersExpand Collapse
params: PayloadLogUpdateParams { account_id, masking_level, public_key }
account_id: string

Path param

masking_level?: "full" | "partial" | "clear" | "default"

Body param: Masking level for payload logs.

  • full: The entire payload is masked.
  • partial: Only partial payload content is masked.
  • clear: No masking is applied to the payload content.
  • default: DLP uses its default masking behavior.
One of the following:
"full"
"partial"
"clear"
"default"
public_key?: string | null

Body param: Base64-encoded public key for encrypting payload logs.

  • Set to null or empty string to disable payload logging.
  • Set to a non-empty base64 string to enable payload logging with the given key.

For customers with configurable payload masking feature rolled out:

  • If the field is missing, the existing setting will be kept. Note that this is different from setting to null or empty string.

For all other customers:

  • If the field is missing, the existing setting will be cleared.
ReturnsExpand Collapse
PayloadLogUpdateResponse { updated_at, masking_level, public_key }
updated_at: string
formatdate-time
masking_level?: "full" | "partial" | "clear" | "default"

Masking level for payload logs.

  • full: The entire payload is masked.
  • partial: Only partial payload content is masked.
  • clear: No masking is applied to the payload content.
  • default: DLP uses its default masking behavior.
One of the following:
"full"
"partial"
"clear"
"default"
public_key?: string | null

Base64-encoded public key for encrypting payload logs. Null when payload logging is disabled.

Set payload log settings

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const payloadLog = await client.zeroTrust.dlp.payloadLogs.update({ account_id: 'account_id' });

console.log(payloadLog.updated_at);
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "updated_at": "2019-12-27T18:11:19.117Z",
    "masking_level": "full",
    "public_key": "public_key"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "updated_at": "2019-12-27T18:11:19.117Z",
    "masking_level": "full",
    "public_key": "public_key"
  }
}