Magic Transit

magic_transit

Domain types

HealthCheck = { enabled, rate, target, 1 more... }
HealthCheckRate = "low" | "mid" | "high"

How frequent the health check is run. The default value is mid.

HealthCheckType = "reply" | "request"

The type of healthcheck to run, reply or request. The default value is reply.

magic_transit.apps

Methods

Create A New App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
post/accounts/{account_id}/magic/apps

Creates a new App for an account

Delete Account App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
delete/accounts/{account_id}/magic/apps/{account_app_id}

Deletes specific Account App.

List Apps -> SinglePage<{ account_app_id, hostnames, ip_subnets, 2 more... } | { managed_app_id, hostnames, ip_subnets, 2 more... }>
get/accounts/{account_id}/magic/apps

Lists Apps associated with an account.

Update An App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
put/accounts/{account_id}/magic/apps/{account_app_id}

Updates an Account App

Magic Transit

Cf Interconnects

magic_transit.cf_interconnects

Methods

Update Multiple Interconnects -> Envelope<{ modified, modified_interconnects }>
put/accounts/{account_id}/magic/cf_interconnects

Updates multiple interconnects associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List Interconnect Details -> Envelope<{ interconnect }>
get/accounts/{account_id}/magic/cf_interconnects/{cf_interconnect_id}

Lists details for a specific interconnect.

List Interconnects -> Envelope<{ interconnects }>
get/accounts/{account_id}/magic/cf_interconnects

Lists interconnects associated with an account.

Update Interconnect -> Envelope<{ modified, modified_interconnect }>
put/accounts/{account_id}/magic/cf_interconnects/{cf_interconnect_id}

Updates a specific interconnect associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Magic Transit

Connectors

magic_transit.connectors

Methods

Update Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
patch/accounts/{account_id}/magic/connectors/{connector_id}

Update Connector

Fetch Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
get/accounts/{account_id}/magic/connectors/{connector_id}

Fetch Connector

List Connectors -> SinglePage<{ id, activated, interrupt_window_duration_hours, 7 more... }>
get/accounts/{account_id}/magic/connectors

List Connectors

Replace Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
put/accounts/{account_id}/magic/connectors/{connector_id}

Replace Connector

Magic Transit

GRE Tunnels

magic_transit.gre_tunnels

Methods

Update Multiple GRE Tunnels -> Envelope<{ modified, modified_gre_tunnels }>
put/accounts/{account_id}/magic/gre_tunnels

Updates multiple GRE tunnels. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Create GRE Tunnels -> Envelope<{ gre_tunnels }>
post/accounts/{account_id}/magic/gre_tunnels

Creates new GRE tunnels. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Delete GRE Tunnel -> Envelope<{ deleted, deleted_gre_tunnel }>
delete/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Disables and removes a specific static GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List GRE Tunnel Details -> Envelope<{ gre_tunnel }>
get/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Lists informtion for a specific GRE tunnel.

List GRE Tunnels -> Envelope<{ gre_tunnels }>
get/accounts/{account_id}/magic/gre_tunnels

Lists GRE tunnels associated with an account.

Update GRE Tunnel -> Envelope<{ modified, modified_gre_tunnel }>
put/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Updates a specific GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Magic Transit

IPSEC Tunnels

magic_transit.ipsec_tunnels

Methods

Update Multiple I Psec Tunnels -> Envelope<{ modified, modified_ipsec_tunnels }>
put/accounts/{account_id}/magic/ipsec_tunnels

Update multiple IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Create I Psec Tunnels -> Envelope<{ ipsec_tunnels }>
post/accounts/{account_id}/magic/ipsec_tunnels

Creates new IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Delete I Psec Tunnel -> Envelope<{ deleted, deleted_ipsec_tunnel }>
delete/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Disables and removes a specific static IPsec Tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List I Psec Tunnel Details -> Envelope<{ ipsec_tunnel }>
get/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Lists details for a specific IPsec tunnel.

List I Psec Tunnels -> Envelope<{ ipsec_tunnels }>
get/accounts/{account_id}/magic/ipsec_tunnels

Lists IPsec tunnels associated with an account.

Generate Pre Shared Key PSK For I Psec Tunnels -> Envelope<{ ipsec_tunnel_id, psk, psk_metadata }>
post/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}/psk_generate

Generates a Pre Shared Key for a specific IPsec tunnel used in the IKE session. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes. After a PSK is generated, the PSK is immediately persisted to Cloudflare's edge and cannot be retrieved later. Note the PSK in a safe place.

Update I Psec Tunnel -> Envelope<{ modified, modified_ipsec_tunnel }>
put/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Updates a specific IPsec tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Domain types

PSKMetadata = { last_generated_on }

The PSK metadata that includes when the PSK was generated.

magic_transit.pcaps

Methods

Create PCAP Request -> Envelope< | { id, byte_limit, colo_name, 8 more... }>
post/accounts/{account_id}/pcaps

Create new PCAP request for account.

Get PCAP Request -> Envelope< | { id, byte_limit, colo_name, 8 more... }>
get/accounts/{account_id}/pcaps/{pcap_id}

Get information for a PCAP request by id.

List Packet Capture Requests -> SinglePage< | { id, byte_limit, colo_name, 8 more... }>
get/accounts/{account_id}/pcaps

Lists all packet capture requests for an account.

Domain types

PCAP = { id, filter_v1, status, 4 more... }
PCAPFilter = { destination_address, destination_port, protocol, 2 more... }

The packet capture filter. When this field is empty, all packets are captured.

magic_transit.pcaps.download

Methods

Download Simple PCAP -> unknown
get/accounts/{account_id}/pcaps/{pcap_id}/download

Download PCAP information into a file. Response is a binary PCAP file.

magic_transit.pcaps.ownership

Methods

Add Buckets For Full Packet Captures -> Envelope<>
post/accounts/{account_id}/pcaps/ownership

Adds an AWS or GCP bucket to use with full packet captures.

Delete Buckets For Full Packet Captures ->
delete/accounts/{account_id}/pcaps/ownership/{ownership_id}

Deletes buckets added to the packet captures API.

List PCAPs Bucket Ownership -> Envelope<Array<>>
get/accounts/{account_id}/pcaps/ownership

List all buckets configured for use with PCAPs API.

Validate Buckets For Full Packet Captures -> Envelope<>
post/accounts/{account_id}/pcaps/ownership/validate

Validates buckets added to the packet captures API.

Domain types

Ownership = { id, destination_conf, filename, 3 more... }

magic_transit.routes

Methods

Update Many Routes -> Envelope<{ modified, modified_routes }>
put/accounts/{account_id}/magic/routes

Update multiple Magic static routes. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes. Only fields for a route that need to be changed need be provided.

Create Routes -> Envelope<{ routes }>
post/accounts/{account_id}/magic/routes

Creates a new Magic static route. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes.

Delete Route -> Envelope<{ deleted, deleted_route }>
delete/accounts/{account_id}/magic/routes/{route_id}

Disable and remove a specific Magic static route.

Delete Many Routes -> Envelope<{ deleted, deleted_routes }>
delete/accounts/{account_id}/magic/routes

Delete multiple Magic static routes.

Route Details -> Envelope<{ route }>
get/accounts/{account_id}/magic/routes/{route_id}

Get a specific Magic static route.

List Routes -> Envelope<{ routes }>
get/accounts/{account_id}/magic/routes

List all Magic static routes.

Update Route -> Envelope<{ modified, modified_route }>
put/accounts/{account_id}/magic/routes/{route_id}

Update a specific Magic static route. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes.

Domain types

Scope = { colo_names, colo_regions }

Used only for ECMP routes.

magic_transit.sites

Methods

Create A New Site -> Envelope<>
post/accounts/{account_id}/magic/sites

Creates a new Site

Security
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example: X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example: X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Parameters
account_id: string
(maxLength: 32)

Identifier

Response fields
errors: Array<>
messages: Array<>
result:
success: true

Whether the API call was successful

Request example
200Example
Delete Site -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}

Remove a specific Site.

Patch Site -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}

Patch a specific Site.

Site Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}

Get a specific Site.

List Sites -> SinglePage<>
get/accounts/{account_id}/magic/sites

Lists Sites associated with an account. Use connector_identifier query param to return sites where connector_identifier matches either site.ConnectorID or site.SecondaryConnectorID.

Update Site -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}

Update a specific Site.

Domain types

Site = { id, connector_id, description, 4 more... }
SiteLocation = { lat, lon }

Location of site in latitude and longitude.

magic_transit.sites.acls

Methods

Create A New Site ACL -> Envelope<>
post/accounts/{account_id}/magic/sites/{site_id}/acls

Creates a new Site ACL.

Delete Site ACL -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Remove a specific Site ACL.

Patch Site ACL -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Patch a specific Site ACL.

Site ACL Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Get a specific Site ACL.

List Site ACLs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/acls

Lists Site ACLs associated with an account.

Update Site ACL -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Update a specific Site ACL.

Domain types

ACL = { id, description, forward_locally, 5 more... }

Bidirectional ACL policy for network traffic within a site.

ACLConfiguration = { lan_id, lan_name, ports, 1 more... }
AllowedProtocol = "tcp" | "udp" | "icmp"

Array of allowed communication protocols between configured LANs. If no protocols are provided, all protocols are allowed.

Subnet = string

A valid IPv4 address.

magic_transit.sites.lans

Methods

Create A New Site LAN -> Envelope<Array<>>
post/accounts/{account_id}/magic/sites/{site_id}/lans

Creates a new Site LAN. If the site is in high availability mode, static_addressing is required along with secondary and virtual address.

Delete Site LAN -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Remove a specific Site LAN.

Patch Site LAN -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Patch a specific Site LAN.

Site LAN Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Get a specific Site LAN.

List Site LANs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/lans

Lists Site LANs associated with an account.

Update Site LAN -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Update a specific Site LAN.

Domain types

DHCPRelay = { server_addresses }
DHCPServer = { dhcp_pool_end, dhcp_pool_start, dns_server, 1 more... }
LAN = { id, ha_link, name, 6 more... }
LANStaticAddressing = { address, dhcp_relay, dhcp_server, 2 more... }

If the site is not configured in high availability mode, this configuration is optional (if omitted, use DHCP). However, if in high availability mode, static_address is required along with secondary and virtual address.

Nat = { static_prefix }
RoutedSubnet = { next_hop, prefix, nat }

magic_transit.sites.wans

Methods

Create A New Site WAN -> Envelope<Array<>>
post/accounts/{account_id}/magic/sites/{site_id}/wans

Creates a new Site WAN.

Delete Site WAN -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Remove a specific Site WAN.

Patch Site WAN -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Patch a specific Site WAN.

Site WAN Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Get a specific Site WAN.

List Site WANs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/wans

Lists Site WANs associated with an account.

Update Site WAN -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Update a specific Site WAN.

Domain types

WAN = { id, health_check_rate, name, 5 more... }
WANStaticAddressing = { address, gateway_address, secondary_address }

(optional) if omitted, use DHCP. Submit secondary_address when site is in high availability mode.