Tunnels

List All Tunnels

client.zeroTrust.tunnels.list(, ?): V4PagePaginationArray<TunnelListResponse>

GET/accounts/{account_id}/tunnels

ModelsExpand Collapse

Connection { colo_name, is_pending_reconnect, uuid }

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

TunnelListResponse = CloudflareTunnel { id, account_tag, config_src, 10 more } | TunnelWARPConnectorTunnel { id, account_tag, connections, 8 more }

A Cloudflare Tunnel that connects your origin to Cloudflare’s edge.

One of the following:

CloudflareTunnel { id, account_tag, config_src, 10 more }

A Cloudflare Tunnel that connects your origin to Cloudflare’s edge.

id?: string

UUID of the tunnel.

formatuuid

maxLength36

account_tag?: string

Cloudflare account ID

maxLength32

config_src?: "local" | "cloudflare"

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel on the Zero Trust dashboard.

One of the following:

"local"

"cloudflare"

Deprecatedconnections?: Array<Connection>

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

conns_active_at?: string

Timestamp of when the tunnel established at least one connection to Cloudflare’s edge. If null, the tunnel is inactive.

formatdate-time

conns_inactive_at?: string

Timestamp of when the tunnel became inactive (no connections to Cloudflare’s edge). If null, the tunnel is active.

formatdate-time

created_at?: string

Timestamp of when the resource was created.

formatdate-time

deleted_at?: string

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time

metadata?: unknown

Metadata associated with the tunnel.

name?: string

A user-friendly name for a tunnel.

Deprecatedremote_config?: boolean

Use the config_src field instead.

If true, the tunnel can be configured remotely from the Zero Trust dashboard. If false, the tunnel must be configured locally on the origin machine.

status?: "inactive" | "degraded" | "healthy" | "down"

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:

"inactive"

"degraded"

"healthy"

"down"

tun_type?: "cfd_tunnel" | "warp_connector" | "warp" | 4 more

The type of tunnel.

One of the following:

"cfd_tunnel"

"warp_connector"

"warp"

"magic"

"ip_sec"

"gre"

"cni"

TunnelWARPConnectorTunnel { id, account_tag, connections, 8 more }

A Warp Connector Tunnel that connects your origin to Cloudflare’s edge.

id?: string

UUID of the tunnel.

formatuuid

maxLength36

account_tag?: string

Cloudflare account ID

maxLength32

Deprecatedconnections?: Array<Connection>

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

conns_active_at?: string

Timestamp of when the tunnel established at least one connection to Cloudflare’s edge. If null, the tunnel is inactive.

formatdate-time

conns_inactive_at?: string

Timestamp of when the tunnel became inactive (no connections to Cloudflare’s edge). If null, the tunnel is active.

formatdate-time

created_at?: string

Timestamp of when the resource was created.

formatdate-time

deleted_at?: string

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time

metadata?: unknown

Metadata associated with the tunnel.

name?: string

A user-friendly name for a tunnel.

status?: "inactive" | "degraded" | "healthy" | "down"

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:

"inactive"

"degraded"

"healthy"

"down"

tun_type?: "cfd_tunnel" | "warp_connector" | "warp" | 4 more

The type of tunnel.

One of the following:

"cfd_tunnel"

"warp_connector"

"warp"

"magic"

"ip_sec"

"gre"

"cni"

TunnelsCloudflared

List Cloudflare Tunnels

client.zeroTrust.tunnels.cloudflared.list(, ?): V4PagePaginationArray<CloudflareTunnel { id, account_tag, config_src, 10 more } >

GET/accounts/{account_id}/cfd_tunnel

Get a Cloudflare Tunnel

client.zeroTrust.tunnels.cloudflared.get(, , ?): CloudflareTunnel { id, account_tag, config_src, 10 more }

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}

Create a Cloudflare Tunnel

client.zeroTrust.tunnels.cloudflared.create(, ?): CloudflareTunnel { id, account_tag, config_src, 10 more }

POST/accounts/{account_id}/cfd_tunnel

Update a Cloudflare Tunnel

client.zeroTrust.tunnels.cloudflared.edit(, , ?): CloudflareTunnel { id, account_tag, config_src, 10 more }

PATCH/accounts/{account_id}/cfd_tunnel/{tunnel_id}

Delete a Cloudflare Tunnel

client.zeroTrust.tunnels.cloudflared.delete(, , ?): CloudflareTunnel { id, account_tag, config_src, 10 more }

DELETE/accounts/{account_id}/cfd_tunnel/{tunnel_id}

TunnelsCloudflaredConfigurations

Get configuration

client.zeroTrust.tunnels.cloudflared.configurations.get(, , ?): ConfigurationGetResponse { account_id, config, created_at, 3 more }

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/configurations

Put configuration

client.zeroTrust.tunnels.cloudflared.configurations.update(, , ?): ConfigurationUpdateResponse { account_id, config, created_at, 3 more }

PUT/accounts/{account_id}/cfd_tunnel/{tunnel_id}/configurations

ModelsExpand Collapse

ConfigurationGetResponse { account_id, config, created_at, 3 more }

Cloudflare Tunnel configuration

account_id?: string

Identifier.

maxLength32

config?: Config { ingress, originRequest }

The tunnel configuration and ingress rules.

ingress?: Array<Ingress>

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

hostname: string

Public hostname for this service.

service: string

Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. ‘http_status:404’.

originRequest?: OriginRequest { access, caPool, connectTimeout, 12 more }

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access?: Access { audTag, teamName, required }

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

audTag: Array<string>

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

teamName: string

required?: boolean

Deny traffic that has not fulfilled Access authorization.

caPool?: string

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connectTimeout?: number

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disableChunkedEncoding?: boolean

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2Origin?: boolean

Attempt to connect to origin using HTTP2. Origin must be configured as https.

httpHostHeader?: string

Sets the HTTP Host header on requests sent to the local service.

keepAliveConnections?: number

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keepAliveTimeout?: number

Timeout after which an idle keepalive connection can be discarded.

matchSNItoHost?: boolean

Auto configure the Hostname on the origin server certificate.

noHappyEyeballs?: boolean

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

noTLSVerify?: boolean

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

originServerName?: string

Hostname that cloudflared should expect from your origin server certificate.

proxyType?: string

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcpKeepAlive?: number

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tlsTimeout?: number

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

path?: string

Requests with this path route to this public hostname.

originRequest?: OriginRequest { access, caPool, connectTimeout, 12 more }

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access?: Access { audTag, teamName, required }

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

audTag: Array<string>

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

teamName: string

required?: boolean

Deny traffic that has not fulfilled Access authorization.

caPool?: string

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connectTimeout?: number

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disableChunkedEncoding?: boolean

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2Origin?: boolean

Attempt to connect to origin using HTTP2. Origin must be configured as https.

httpHostHeader?: string

Sets the HTTP Host header on requests sent to the local service.

keepAliveConnections?: number

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keepAliveTimeout?: number

Timeout after which an idle keepalive connection can be discarded.

matchSNItoHost?: boolean

Auto configure the Hostname on the origin server certificate.

noHappyEyeballs?: boolean

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

noTLSVerify?: boolean

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

originServerName?: string

Hostname that cloudflared should expect from your origin server certificate.

proxyType?: string

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcpKeepAlive?: number

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tlsTimeout?: number

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

created_at?: string

formatdate-time

source?: "local" | "cloudflare"

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel’s configuration on the Zero Trust dashboard.

One of the following:

"local"

"cloudflare"

tunnel_id?: string

UUID of the tunnel.

formatuuid

maxLength36

version?: number

The version of the Tunnel Configuration.

ConfigurationUpdateResponse { account_id, config, created_at, 3 more }

Cloudflare Tunnel configuration

account_id?: string

Identifier.

maxLength32

config?: Config { ingress, originRequest }

The tunnel configuration and ingress rules.

ingress?: Array<Ingress>

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

hostname: string

Public hostname for this service.

service: string

Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. ‘http_status:404’.

originRequest?: OriginRequest { access, caPool, connectTimeout, 12 more }

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access?: Access { audTag, teamName, required }

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

audTag: Array<string>

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

teamName: string

required?: boolean

Deny traffic that has not fulfilled Access authorization.

caPool?: string

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connectTimeout?: number

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disableChunkedEncoding?: boolean

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2Origin?: boolean

Attempt to connect to origin using HTTP2. Origin must be configured as https.

httpHostHeader?: string

Sets the HTTP Host header on requests sent to the local service.

keepAliveConnections?: number

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keepAliveTimeout?: number

Timeout after which an idle keepalive connection can be discarded.

matchSNItoHost?: boolean

Auto configure the Hostname on the origin server certificate.

noHappyEyeballs?: boolean

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

noTLSVerify?: boolean

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

originServerName?: string

Hostname that cloudflared should expect from your origin server certificate.

proxyType?: string

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcpKeepAlive?: number

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tlsTimeout?: number

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

path?: string

Requests with this path route to this public hostname.

originRequest?: OriginRequest { access, caPool, connectTimeout, 12 more }

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access?: Access { audTag, teamName, required }

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

audTag: Array<string>

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

teamName: string

required?: boolean

Deny traffic that has not fulfilled Access authorization.

caPool?: string

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connectTimeout?: number

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disableChunkedEncoding?: boolean

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2Origin?: boolean

Attempt to connect to origin using HTTP2. Origin must be configured as https.

httpHostHeader?: string

Sets the HTTP Host header on requests sent to the local service.

keepAliveConnections?: number

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keepAliveTimeout?: number

Timeout after which an idle keepalive connection can be discarded.

matchSNItoHost?: boolean

Auto configure the Hostname on the origin server certificate.

noHappyEyeballs?: boolean

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

noTLSVerify?: boolean

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

originServerName?: string

Hostname that cloudflared should expect from your origin server certificate.

proxyType?: string

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcpKeepAlive?: number

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tlsTimeout?: number

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

created_at?: string

formatdate-time

source?: "local" | "cloudflare"

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel’s configuration on the Zero Trust dashboard.

One of the following:

"local"

"cloudflare"

tunnel_id?: string

UUID of the tunnel.

formatuuid

maxLength36

version?: number

The version of the Tunnel Configuration.

TunnelsCloudflaredConnections

List Cloudflare Tunnel connections

client.zeroTrust.tunnels.cloudflared.connections.get(, , ?): SinglePage<Client { id, arch, config_version, 4 more } >

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/connections

Clean up Cloudflare Tunnel connections

client.zeroTrust.tunnels.cloudflared.connections.delete(, , ?): ConnectionDeleteResponse | null

DELETE/accounts/{account_id}/cfd_tunnel/{tunnel_id}/connections

ModelsExpand Collapse

Client { id, arch, config_version, 4 more }

A client (typically cloudflared) that maintains connections to a Cloudflare data center.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

arch?: string

The cloudflared OS architecture used to establish this connection.

config_version?: number

The version of the remote tunnel configuration. Used internally to sync cloudflared with the Zero Trust dashboard.

conns?: Array<Conn>

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

features?: Array<string>

Features enabled for the Cloudflare Tunnel.

run_at?: string

Timestamp of when the tunnel connection was started.

formatdate-time

version?: string

The cloudflared version used to establish this connection.

ConnectionDeleteResponse = unknown

TunnelsCloudflaredToken

Get a Cloudflare Tunnel token

client.zeroTrust.tunnels.cloudflared.token.get(, , ?): TokenGetResponse

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/token

ModelsExpand Collapse

TokenGetResponse = string

The Tunnel Token is used as a mechanism to authenticate the operation of a tunnel.

TunnelsCloudflaredConnectors

Get Cloudflare Tunnel connector

client.zeroTrust.tunnels.cloudflared.connectors.get(, , , ?): Client { id, arch, config_version, 4 more }

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/connectors/{connector_id}

TunnelsCloudflaredManagement

Get a Cloudflare Tunnel management token

client.zeroTrust.tunnels.cloudflared.management.create(, , ?): ManagementCreateResponse

POST/accounts/{account_id}/cfd_tunnel/{tunnel_id}/management

ModelsExpand Collapse

ManagementCreateResponse = string

The Tunnel Token is used as a mechanism to authenticate the operation of a tunnel.

TunnelsWARP Connector

List Warp Connector Tunnels

client.zeroTrust.tunnels.warpConnector.list(, ?): V4PagePaginationArray<WARPConnectorListResponse { id, account_tag, connections, 8 more } >

GET/accounts/{account_id}/warp_connector

Get a Warp Connector Tunnel

client.zeroTrust.tunnels.warpConnector.get(, , ?): WARPConnectorGetResponse { id, account_tag, connections, 8 more }

GET/accounts/{account_id}/warp_connector/{tunnel_id}

Create a Warp Connector Tunnel

client.zeroTrust.tunnels.warpConnector.create(, ?): WARPConnectorCreateResponse { id, account_tag, connections, 8 more }

POST/accounts/{account_id}/warp_connector

Update a Warp Connector Tunnel

client.zeroTrust.tunnels.warpConnector.edit(, , ?): WARPConnectorEditResponse { id, account_tag, connections, 8 more }

PATCH/accounts/{account_id}/warp_connector/{tunnel_id}

Delete a Warp Connector Tunnel

client.zeroTrust.tunnels.warpConnector.delete(, , ?): WARPConnectorDeleteResponse { id, account_tag, connections, 8 more }

DELETE/accounts/{account_id}/warp_connector/{tunnel_id}

ModelsExpand Collapse

WARPConnectorListResponse { id, account_tag, connections, 8 more }

A Warp Connector Tunnel that connects your origin to Cloudflare’s edge.

id?: string

UUID of the tunnel.

formatuuid

maxLength36

account_tag?: string

Cloudflare account ID

maxLength32

Deprecatedconnections?: Array<Connection>

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

conns_active_at?: string

Timestamp of when the tunnel established at least one connection to Cloudflare’s edge. If null, the tunnel is inactive.

formatdate-time

conns_inactive_at?: string

Timestamp of when the tunnel became inactive (no connections to Cloudflare’s edge). If null, the tunnel is active.

formatdate-time

created_at?: string

Timestamp of when the resource was created.

formatdate-time

deleted_at?: string

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time

metadata?: unknown

Metadata associated with the tunnel.

name?: string

A user-friendly name for a tunnel.

status?: "inactive" | "degraded" | "healthy" | "down"

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:

"inactive"

"degraded"

"healthy"

"down"

tun_type?: "cfd_tunnel" | "warp_connector" | "warp" | 4 more

The type of tunnel.

One of the following:

"cfd_tunnel"

"warp_connector"

"warp"

"magic"

"ip_sec"

"gre"

"cni"

WARPConnectorGetResponse { id, account_tag, connections, 8 more }

A Warp Connector Tunnel that connects your origin to Cloudflare’s edge.

id?: string

UUID of the tunnel.

formatuuid

maxLength36

account_tag?: string

Cloudflare account ID

maxLength32

Deprecatedconnections?: Array<Connection>

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

conns_active_at?: string

Timestamp of when the tunnel established at least one connection to Cloudflare’s edge. If null, the tunnel is inactive.

formatdate-time

conns_inactive_at?: string

Timestamp of when the tunnel became inactive (no connections to Cloudflare’s edge). If null, the tunnel is active.

formatdate-time

created_at?: string

Timestamp of when the resource was created.

formatdate-time

deleted_at?: string

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time

metadata?: unknown

Metadata associated with the tunnel.

name?: string

A user-friendly name for a tunnel.

status?: "inactive" | "degraded" | "healthy" | "down"

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:

"inactive"

"degraded"

"healthy"

"down"

tun_type?: "cfd_tunnel" | "warp_connector" | "warp" | 4 more

The type of tunnel.

One of the following:

"cfd_tunnel"

"warp_connector"

"warp"

"magic"

"ip_sec"

"gre"

"cni"

WARPConnectorCreateResponse { id, account_tag, connections, 8 more }

A Warp Connector Tunnel that connects your origin to Cloudflare’s edge.

id?: string

UUID of the tunnel.

formatuuid

maxLength36

account_tag?: string

Cloudflare account ID

maxLength32

Deprecatedconnections?: Array<Connection>

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

conns_active_at?: string

Timestamp of when the tunnel established at least one connection to Cloudflare’s edge. If null, the tunnel is inactive.

formatdate-time

conns_inactive_at?: string

Timestamp of when the tunnel became inactive (no connections to Cloudflare’s edge). If null, the tunnel is active.

formatdate-time

created_at?: string

Timestamp of when the resource was created.

formatdate-time

deleted_at?: string

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time

metadata?: unknown

Metadata associated with the tunnel.

name?: string

A user-friendly name for a tunnel.

status?: "inactive" | "degraded" | "healthy" | "down"

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:

"inactive"

"degraded"

"healthy"

"down"

tun_type?: "cfd_tunnel" | "warp_connector" | "warp" | 4 more

The type of tunnel.

One of the following:

"cfd_tunnel"

"warp_connector"

"warp"

"magic"

"ip_sec"

"gre"

"cni"

WARPConnectorEditResponse { id, account_tag, connections, 8 more }

A Warp Connector Tunnel that connects your origin to Cloudflare’s edge.

id?: string

UUID of the tunnel.

formatuuid

maxLength36

account_tag?: string

Cloudflare account ID

maxLength32

Deprecatedconnections?: Array<Connection>

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

conns_active_at?: string

Timestamp of when the tunnel established at least one connection to Cloudflare’s edge. If null, the tunnel is inactive.

formatdate-time

conns_inactive_at?: string

Timestamp of when the tunnel became inactive (no connections to Cloudflare’s edge). If null, the tunnel is active.

formatdate-time

created_at?: string

Timestamp of when the resource was created.

formatdate-time

deleted_at?: string

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time

metadata?: unknown

Metadata associated with the tunnel.

name?: string

A user-friendly name for a tunnel.

status?: "inactive" | "degraded" | "healthy" | "down"

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:

"inactive"

"degraded"

"healthy"

"down"

tun_type?: "cfd_tunnel" | "warp_connector" | "warp" | 4 more

The type of tunnel.

One of the following:

"cfd_tunnel"

"warp_connector"

"warp"

"magic"

"ip_sec"

"gre"

"cni"

WARPConnectorDeleteResponse { id, account_tag, connections, 8 more }

A Warp Connector Tunnel that connects your origin to Cloudflare’s edge.

id?: string

UUID of the tunnel.

formatuuid

maxLength36

account_tag?: string

Cloudflare account ID

maxLength32

Deprecatedconnections?: Array<Connection>

This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

is_pending_reconnect?: boolean

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running cloudflared.

uuid?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

conns_active_at?: string

Timestamp of when the tunnel established at least one connection to Cloudflare’s edge. If null, the tunnel is inactive.

formatdate-time

conns_inactive_at?: string

Timestamp of when the tunnel became inactive (no connections to Cloudflare’s edge). If null, the tunnel is active.

formatdate-time

created_at?: string

Timestamp of when the resource was created.

formatdate-time

deleted_at?: string

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time

metadata?: unknown

Metadata associated with the tunnel.

name?: string

A user-friendly name for a tunnel.

status?: "inactive" | "degraded" | "healthy" | "down"

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:

"inactive"

"degraded"

"healthy"

"down"

tun_type?: "cfd_tunnel" | "warp_connector" | "warp" | 4 more

The type of tunnel.

One of the following:

"cfd_tunnel"

"warp_connector"

"warp"

"magic"

"ip_sec"

"gre"

"cni"

TunnelsWARP ConnectorToken

Get a Warp Connector Tunnel token

client.zeroTrust.tunnels.warpConnector.token.get(, , ?): TokenGetResponse

GET/accounts/{account_id}/warp_connector/{tunnel_id}/token

ModelsExpand Collapse

TokenGetResponse = string

The Tunnel Token is used as a mechanism to authenticate the operation of a tunnel.

TunnelsWARP ConnectorConnections

List WARP Connector Tunnel connections

client.zeroTrust.tunnels.warpConnector.connections.get(, , ?): SinglePage<ConnectionGetResponse { id, arch, conns, 4 more } >

GET/accounts/{account_id}/warp_connector/{tunnel_id}/connections

ModelsExpand Collapse

ConnectionGetResponse { id, arch, conns, 4 more }

A WARP Connector client that maintains a connection to a Cloudflare data center.

id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

arch?: string

The cloudflared OS architecture used to establish this connection.

conns?: Array<Conn>

The WARP Connector Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running WARP Connector.

features?: Array<string>

Features enabled for the Cloudflare Tunnel.

ha_status?: "offline" | "passive" | "active"

The HA status of a WARP Connector client.

One of the following:

"offline"

"passive"

"active"

run_at?: string

Timestamp of when the tunnel connection was started.

formatdate-time

version?: string

The cloudflared version used to establish this connection.

TunnelsWARP ConnectorConnectors

Get WARP Connector Tunnel connector

client.zeroTrust.tunnels.warpConnector.connectors.get(, , , ?): ConnectorGetResponse { id, arch, conns, 4 more }

GET/accounts/{account_id}/warp_connector/{tunnel_id}/connectors/{connector_id}

ModelsExpand Collapse

ConnectorGetResponse { id, arch, conns, 4 more }

A WARP Connector client that maintains a connection to a Cloudflare data center.

id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

arch?: string

The cloudflared OS architecture used to establish this connection.

conns?: Array<Conn>

The WARP Connector Tunnel connections between your origin and Cloudflare’s edge.

id?: string

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id?: string

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version?: string

The cloudflared version used to establish this connection.

colo_name?: string

The Cloudflare data center used for this connection.

opened_at?: string

Timestamp of when the connection was established.

formatdate-time

origin_ip?: string

The public IP address of the host running WARP Connector.

features?: Array<string>

Features enabled for the Cloudflare Tunnel.

ha_status?: "offline" | "passive" | "active"

The HA status of a WARP Connector client.

One of the following:

"offline"

"passive"

"active"

run_at?: string

Timestamp of when the tunnel connection was started.

formatdate-time

version?: string

The cloudflared version used to establish this connection.

TunnelsWARP ConnectorFailover

Trigger a manual failover for a WARP Connector Tunnel

client.zeroTrust.tunnels.warpConnector.failover.update(, , ?): FailoverUpdateResponse | null

PUT/accounts/{account_id}/warp_connector/{tunnel_id}/failover

ModelsExpand Collapse

FailoverUpdateResponse = unknown