LogoCloudflare API

Keyless Certificates

keyless_certificates

Methods

List Keyless SSL Configurations -> SinglePage<
KeylessCertificate
>
get/zones/{zone_id}/keyless_certificates

List all Keyless SSL configurations for a given zone.

Get Keyless SSL Configuration -> Envelope<
KeylessCertificate
>
get/zones/{zone_id}/keyless_certificates/{keyless_certificate_id}

Get details for one Keyless SSL configuration.

Create Keyless SSL Configuration -> Envelope<
KeylessCertificate
>
post/zones/{zone_id}/keyless_certificates

Creates a Keyless SSL configuration that allows SSL/TLS termination without exposing private keys to Cloudflare. Keys remain on your infrastructure.

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

SSL and Certificates Write

path Parameters
zone_id: string
(maxLength: 32)

Identifier.

Response fields
errors: Array<{ code, message, documentation_url, 1 more... }>
messages: Array<{ code, message, documentation_url, 1 more... }>
success: true

Whether the API call was successful.

result:
KeylessCertificate
Optional
Request example
200Example
Edit Keyless SSL Configuration -> Envelope<
KeylessCertificate
>
patch/zones/{zone_id}/keyless_certificates/{keyless_certificate_id}

This will update attributes of a Keyless SSL. Consists of one or more of the following: host,name,port.

Delete Keyless SSL Configuration -> Envelope<{ id }>
delete/zones/{zone_id}/keyless_certificates/{keyless_certificate_id}

Removes a Keyless SSL configuration. SSL connections will no longer use the keyless server for cryptographic operations.

Domain types

KeylessCertificate = { id, created_on, enabled, 7 more... }
Tunnel = { private_ip, vnet_id }

Configuration for using Keyless SSL through a Cloudflare Tunnel