Zero Trust
zero_trust
Access
zero_trust.access
zero_trust.access.ai_controls
zero_trust.access.ai_controls.mcp
zero_trust.access.ai_controls.mcp.portals
Methods
Create a new MCP Portal
Delete a MCP Portal
List MCP Portals
Read details of an MCP Portal
Update a MCP Portal
zero_trust.access.ai_controls.mcp.servers
Methods
Create a new MCP Server
Delete a MCP Server
List MCP Servers
Read the details of a MCP Server
Sync MCP Server Capabilities
Update a MCP Server
zero_trust.access.applications
Methods
Adds a new application to Access.
Deletes an application from Access.
Fetches information about an Access application.
Lists all Access applications in an account or zone.
Revokes all tokens issued for an application.
Updates an Access application.
Domain types
The identity providers selected for application.
Identifier.
Configuration for provisioning to this application via SCIM. This is currently in closed beta.
The application type.
The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action.
The format of the name identifier sent to the SaaS application.
Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.
Attributes for configuring OAuth 2 authentication scheme for SCIM provisioning to an application.
Attributes for configuring OAuth Bearer Token authentication scheme for SCIM provisioning to an application.
Transformations and filters applied to resources before they are provisioned in the remote SCIM service.
A domain that Access will secure.
zero_trust.access.applications.cas
Methods
Generates a new short-lived certificate CA and public key.
Deletes a short-lived certificate CA.
Fetches a short-lived certificate CA and its public key.
Lists short-lived certificate CAs and their public keys.
Domain types
zero_trust.access.applications.policies
Methods
Creates a policy applying exclusive to a single application that defines the users or groups who can reach it. We recommend creating a reusable policy instead and subsequently referencing its ID in the application's 'policies' array.
Deletes an Access policy specific to an application. To delete a reusable policy, use the /account or zones/{account or zone_id}/policies/{uid} endpoint.
Fetches a single Access policy configured for an application. Returns both exclusively owned and reusable policies used by the application.
Lists Access policies configured for an application. Returns both exclusively scoped and reusable policies used by the application.
Updates an Access policy specific to an application. To update a reusable policy, use the /account or zones/{account or zone_id}/policies/{uid} endpoint.
Domain types
Enforces a device posture rule has run successfully
Matches an Access group.
Matches any valid Access Service Token
Enforce different MFA options
Matches an Azure group. Requires an Azure identity provider.
Matches any valid client certificate.
Matches a specific country
Match an entire email domain.
Matches an email address from a list.
Matches a specific email.
Matches everyone.
Create Allow or Block policies which evaluate the user based on custom criteria.
Matches a Github organization. Requires a Github identity provider.
Matches an Access group.
Matches a group in Google Workspace. Requires a Google Workspace identity provider.
Matches an IP address from a list.
Matches an IP address block.
Matches an Okta group. Requires an Okta identity provider.
Matches a SAML group. Requires a SAML identity provider.
Matches a specific Access Service Token
zero_trust.access.applications.policy_tests
Methods
Starts an Access policy test.
Fetches the current status of a given Access policy test.
zero_trust.access.applications.policy_tests.users
Methods
Fetches a single page of user results from an Access policy test.
zero_trust.access.applications.settings
Methods
Updates Access application settings.
Updates Access application settings.
zero_trust.access.applications.user_policy_checks
Methods
Tests if a specific user has permission to access an application.
Domain types
zero_trust.access.bookmarks
Methods
Create a new Bookmark application.
Deletes a Bookmark application.
Fetches a single Bookmark application.
Lists Bookmark applications.
Updates a configured Bookmark application.
Domain types
zero_trust.access.certificates
Methods
Adds a new mTLS root certificate to Access.
Deletes an mTLS certificate.
Fetches a single mTLS certificate.
Lists all mTLS root certificates.
Updates a configured mTLS certificate.
Domain types
A fully-qualified domain name (FQDN).
zero_trust.access.certificates.settings
Methods
List all mTLS hostname settings for this account or zone.
Updates an mTLS certificate's hostname settings.
Domain types
zero_trust.access.custom_pages
Methods
Create a custom page
Delete a custom page
Fetches a custom page and also returns its HTML.
List custom pages
Update a custom page
Domain types
zero_trust.access.gateway_ca
Methods
Adds a new SSH Certificate Authority (CA).
Deletes an SSH Certificate Authority.
Lists SSH Certificate Authorities (CA).
zero_trust.access.groups
Methods
Creates a new Access group.
Deletes an Access group.
Fetches a single Access group.
Lists all Access groups.
Updates a configured Access group.
Domain types
zero_trust.access.infrastructure
zero_trust.access.infrastructure.targets
Methods
Removes one or more targets.
Removes one or more targets.
Adds one or more targets.
Create new target
Delete target
Get target
Lists and sorts an account’s targets. Filters are optional and are ANDed together.
Update target
zero_trust.access.keys
Methods
Gets the Access key rotation settings for an account.
Perfoms a key rotation for an account.
Updates the Access key rotation settings for an account.
zero_trust.access.logs
zero_trust.access.logs.access_requests
Methods
Gets a list of Access authentication audit logs for an account.
zero_trust.access.logs.scim
Domain types
zero_trust.access.logs.scim.updates
Methods
Lists Access SCIM update logs that maintain a record of updates made to User and Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM).
zero_trust.access.policies
Methods
Creates a new Access reusable policy.
Deletes an Access reusable policy.
Fetches a single Access reusable policy.
Lists Access reusable policies.
Updates a Access reusable policy.
Domain types
A group of email addresses that can approve a temporary authentication request.
zero_trust.access.service_tokens
Methods
Generates a new service token. Note: This is the only time you can get the Client Secret. If you lose the Client Secret, you will have to rotate the Client Secret or create a new service token.
Deletes a service token.
Fetches a single service token.
Lists all service tokens.
Refreshes the expiration of a service token.
Generates a new Client Secret for a service token and revokes the old one.
Updates a configured service token.
Domain types
zero_trust.access.users
Methods
Gets a list of users for an account.
Domain types
zero_trust.access.users.active_sessions
Methods
Get an active session for a single user.
Get active sessions for a single user.
zero_trust.access.users.failed_logins
Methods
Get all failed login attempts for a single user.
zero_trust.access.users.last_seen_identity
Methods
Get last seen identity for a single user.
Domain types
Connectivity
zero_trust.connectivity
zero_trust.connectivity.directory
zero_trust.connectivity.directory.services
Methods
Create connectivity service
Delete connectivity service
Get connectivity service
List connectivity services
Update connectivity service
Connectivity Settings
zero_trust.connectivity_settings
Methods
Updates the Zero Trust Connectivity Settings for the given account.
Gets the Zero Trust Connectivity Settings for the given account.
Devices
zero_trust.devices
Methods
Fetches a single WARP device. Not supported when multi-user mode is enabled for the account.
Deprecated: please use one of the following endpoints instead:
- GET /accounts/{account_id}/devices/physical-devices/{device_id}
- GET /accounts/{account_id}/devices/registrations/{registration_id}
List WARP devices. Not supported when multi-user mode is enabled for the account.
Deprecated: please use one of the following endpoints instead:
- GET /accounts/{account_id}/devices/physical-devices
- GET /accounts/{account_id}/devices/registrations
Domain types
zero_trust.devices.devices
Methods
Deletes a WARP device.
Fetches a single WARP device.
Lists WARP devices.
Revokes all WARP registrations associated with the specified device.
zero_trust.devices.dex_tests
Methods
Create a DEX test.
Delete a Device DEX test. Returns the remaining device dex tests for the account.
Fetch a single DEX test.
Fetch all DEX tests
Update a DEX test.
Domain types
The configuration object which contains the details for the WARP client to conduct the test.
zero_trust.devices.fleet_status
Methods
Get the live status of a latest device given device_id from the device_state table
zero_trust.devices.networks
Methods
Creates a new device managed network.
Deletes a device managed network and fetches a list of the remaining device managed networks for an account.
Fetches details for a single managed network.
Fetches a list of managed networks for an account.
Updates a configured device managed network.
Domain types
zero_trust.devices.override_codes
Methods
Fetches one-time use admin override codes for a registration. This relies on the Admin Override setting being enabled in your device configuration.
Fetches a one-time use admin override code for a device. This relies on the Admin Override setting being enabled in your device configuration. Not supported when multi-user mode is enabled for the account. Deprecated: please use GET /accounts/{account_id}/devices/registrations/{registration_id}/override_codes instead.
zero_trust.devices.policies
Domain types
zero_trust.devices.policies.custom
Methods
Creates a device settings profile to be applied to certain devices matching the criteria.
Deletes a device settings profile and fetches a list of the remaining profiles for an account.
Updates a configured device settings profile.
Fetches a device settings profile by ID.
Fetches a list of the device settings profiles for an account.
zero_trust.devices.policies.custom.excludes
Methods
Fetches the list of routes excluded from the WARP client's tunnel for a specific device settings profile.
Sets the list of routes excluded from the WARP client's tunnel for a specific device settings profile.
zero_trust.devices.policies.custom.fallback_domains
Methods
Fetches the list of domains to bypass Gateway DNS resolution from a specified device settings profile. These domains will use the specified local DNS resolver instead.
Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. This will only apply to the specified device settings profile.
zero_trust.devices.policies.custom.includes
Methods
Fetches the list of routes included in the WARP client's tunnel for a specific device settings profile.
Sets the list of routes included in the WARP client's tunnel for a specific device settings profile.
zero_trust.devices.policies.default
Methods
Updates the default device settings profile for an account.
Fetches the default device settings profile for an account.
zero_trust.devices.policies.default.certificates
Methods
Enable Zero Trust Clients to provision a certificate, containing a x509 subject, and referenced by Access device posture policies when the client visits MTLS protected domains. This facilitates device posture without a WARP session.
Fetches device certificate provisioning.
zero_trust.devices.policies.default.excludes
Methods
Fetches the list of routes excluded from the WARP client's tunnel.
Sets the list of routes excluded from the WARP client's tunnel.
zero_trust.devices.policies.default.fallback_domains
Methods
Fetches a list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead.
Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead.
zero_trust.devices.policies.default.includes
Methods
Fetches the list of routes included in the WARP client's tunnel.
Sets the list of routes included in the WARP client's tunnel.
zero_trust.devices.posture
Methods
Creates a new device posture rule.
Deletes a device posture rule.
Fetches a single device posture rule.
Fetches device posture rules for a Zero Trust account.
Updates a device posture rule.
Domain types
The value to be checked against.
zero_trust.devices.posture.integrations
Methods
Create a new device posture integration.
Delete a configured device posture integration.
Updates a configured device posture integration.
Fetches details for a single device posture integration.
Fetches the list of device posture integrations for an account.
Domain types
zero_trust.devices.registrations
Methods
Deletes a list of WARP registrations.
Deletes a WARP registration.
Fetches a single WARP registration.
Lists WARP registrations.
Revokes a list of WARP registrations.
Unrevokes a list of WARP registrations.
zero_trust.devices.resilience
zero_trust.devices.resilience.global_warp_override
Methods
Sets the Global WARP override state.
Fetch the Global WARP override state.
zero_trust.devices.revoke
Methods
Revokes a list of devices. Not supported when multi-user mode is enabled.
Deprecated: please use POST /accounts/{account_id}/devices/registrations/revoke instead.
zero_trust.devices.settings
Methods
Resets the current device settings for a Zero Trust account.
Patches the current device settings for a Zero Trust account.
Describes the current device settings for a Zero Trust account.
Updates the current device settings for a Zero Trust account.
Domain types
zero_trust.devices.unrevoke
Methods
Unrevokes a list of devices. Not supported when multi-user mode is enabled.
Deprecated: please use POST /accounts/{account_id}/devices/registrations/unrevoke instead.
DEX
zero_trust.dex
Domain types
zero_trust.dex.colos
Methods
List Cloudflare colos that account's devices were connected to during a time period, sorted by usage starting from the most used colo. Colos without traffic are also returned and sorted alphabetically.
zero_trust.dex.commands
Methods
Initiate commands for up to 10 devices per account
Retrieves a paginated list of commands issued to devices under the specified account, optionally filtered by time range, device, or other parameters
zero_trust.dex.commands.devices
Methods
List devices with WARP client support for remote captures which have been connected in the last 1 hour.
zero_trust.dex.commands.downloads
Methods
Downloads artifacts for an executed command. Bulk downloads are not supported
zero_trust.dex.commands.quota
Methods
Retrieves the current quota usage and limits for device commands within a specific account, including the time when the quota will reset
zero_trust.dex.fleet_status
Methods
List details for live (up to 60 minutes) devices using WARP
List details for devices using WARP, up to 7 days
Domain types
zero_trust.dex.fleet_status.devices
Methods
List details for devices using WARP
zero_trust.dex.http_tests
Methods
Get test details and aggregate performance metrics for an http test for a given time period between 1 hour and 7 days.
Domain types
zero_trust.dex.http_tests.percentiles
Methods
Get percentiles for an http test for a given time period between 1 hour and 7 days.
Domain types
zero_trust.dex.tests
Methods
List DEX tests with overview metrics
Domain types
zero_trust.dex.tests.unique_devices
Methods
Returns unique count of devices that have run synthetic application monitoring tests in the past 7 days.
Domain types
zero_trust.dex.traceroute_test_results
zero_trust.dex.traceroute_test_results.network_path
Methods
Get a breakdown of hops and performance metrics for a specific traceroute test run
zero_trust.dex.traceroute_tests
Methods
Get test details and aggregate performance metrics for an traceroute test for a given time period between 1 hour and 7 days.
Get a breakdown of metrics by hop for individual traceroute test runs
Get percentiles for a traceroute test for a given time period between 1 hour and 7 days.
Domain types
zero_trust.dex.warp_change_events
Methods
List WARP configuration and enablement toggle change events by device.
DLP
zero_trust.dlp
zero_trust.dlp.datasets
Methods
Create a new dataset
This deletes all versions of the dataset.
Fetch a specific dataset
Fetch all datasets
Update details about a dataset
Domain types
zero_trust.dlp.datasets.upload
Methods
Prepare to upload a new version of a dataset
This is used for single-column EDMv1 and Custom Word Lists. The EDM format can only be created in the Cloudflare dashboard. For other clients, this operation can only be used for non-secret Custom Word Lists. The body must be a UTF-8 encoded, newline (NL or CRNL) separated list of words to be matched.
Domain types
zero_trust.dlp.datasets.versions
Methods
This is used for multi-column EDMv2 datasets. The EDMv2 format can only be created in the Cloudflare dashboard. The columns in the response appear in the same order as in the request.
zero_trust.dlp.datasets.versions.entries
Methods
This is used for multi-column EDMv2 datasets. The EDMv2 format can only be created in the Cloudflare dashboard.
zero_trust.dlp.email
zero_trust.dlp.email.account_mapping
Methods
Create mapping
Get mapping
zero_trust.dlp.email.rules
Methods
Update email scanner rule priorities
Create email scanner rule
Delete email scanner rule
Get an email scanner rule
Lists all email scanner rules for an account.
Update email scanner rule
zero_trust.dlp.entries
Methods
Creates a DLP custom entry.
Deletes a DLP custom entry.
Fetches a DLP entry by ID.
Lists all DLP entries in an account.
Updates a DLP entry.
zero_trust.dlp.entries.custom
Methods
Creates a DLP custom entry.
Deletes a DLP custom entry.
Fetches a DLP entry by ID.
Lists all DLP entries in an account.
Updates a DLP custom entry.
zero_trust.dlp.entries.integration
Methods
Integration entries can't be created, this will update an existing integration entry This is needed for our generated terraform API
This is a no-op as integration entires can't be deleted but is needed for our generated terraform API
Fetches a DLP entry by ID.
Lists all DLP entries in an account.
Updates a DLP entry.
zero_trust.dlp.entries.predefined
Methods
Predefined entries can't be created, this will update an existing predefined entry This is needed for our generated terraform API
This is a no-op as predefined entires can't be deleted but is needed for our generated terraform API
Fetches a DLP entry by ID.
Lists all DLP entries in an account.
Updates a DLP entry.
zero_trust.dlp.limits
Methods
Fetch limits associated with DLP for account
zero_trust.dlp.patterns
Methods
Validates whether this pattern is a valid regular expression. Rejects it if
the regular expression is too complex or can match an unbounded-length
string. The regex will be rejected if it uses *
or +
. Bound the maximum
number of characters that can be matched using a range, e.g. {1,100}
.
zero_trust.dlp.payload_logs
Methods
Get payload log settings
Set payload log settings
zero_trust.dlp.profiles
Methods
Fetches a DLP profile by ID.
Lists all DLP profiles in an account.
Domain types
Scan the context of predefined entries to only return matches surrounded by keywords.
Content types to exclude from context analysis and return all matches.
zero_trust.dlp.profiles.custom
Methods
Creates a DLP custom profile.
Deletes a DLP custom profile.
Fetches a custom DLP profile by id.
Updates a DLP custom profile.
Domain types
zero_trust.dlp.profiles.predefined
Methods
Creates a DLP predefined profile. Only supports enabling/disabling entries.
This is a no-op as predefined profiles can't be deleted but is needed for our generated terraform API
Fetches a predefined DLP profile by id.
Updates a DLP predefined profile. Only supports enabling/disabling entries.
Domain types
Gateway
zero_trust.gateway
Methods
Create a Zero Trust account for an existing Cloudflare account.
Retrieve information about the current Zero Trust account.
zero_trust.gateway.app_types
Methods
List all application and application type mappings.
Domain types
zero_trust.gateway.audit_ssh_settings
Methods
Retrieve all Zero Trust Audit SSH and SSH with Access for Infrastructure settings for an account.
Rotate the SSH account seed that generates the host key identity when connecting through the Cloudflare SSH Proxy.
Update Zero Trust Audit SSH and SSH with Access for Infrastructure settings for an account.
Domain types
zero_trust.gateway.categories
Methods
List all categories.
Domain types
zero_trust.gateway.certificates
Methods
Bind a single Zero Trust certificate to the edge.
Create a new Zero Trust certificate.
Unbind a single Zero Trust certificate from the edge.
Delete a gateway-managed Zero Trust certificate. You must deactivate the certificate from the edge (inactive) before deleting it.
Get a single Zero Trust certificate.
List all Zero Trust certificates for an account.
zero_trust.gateway.configurations
Methods
Update (PATCH) a single subcollection of settings such as antivirus
, tls_decrypt
, activity_log
, block_page
, browser_isolation
, fips
, body_scanning
, or certificate
without updating the entire configuration object. This endpoint returns an error if any settings collection lacks proper configuration.
Retrieve the current Zero Trust account configuration.
Update the current Zero Trust account configuration.
Domain types
Specify activity log settings.
Specify anti-virus settings.
Specify block page layout settings.
Specify the DLP inspection mode.
Specify Clientless Browser Isolation settings.
Specify custom certificate settings for BYO-PKI. This field is deprecated; use certificate
instead.
Configures user email settings for firewall policies. When you enable this, the system standardizes email addresses in the identity portion of the rule to match extended email variants in firewall policies. When you disable this setting, the system matches email addresses exactly as you provide them. Enable this setting if your email uses .
or +
modifiers.
Specify FIPS settings.
Specify account settings.
Configure the message the user's device shows during an antivirus scan.
Specify whether to detect protocols from the initial bytes of client traffic.
Specify whether to inspect encrypted HTTP traffic.
zero_trust.gateway.configurations.custom_certificate
Methods
Retrieve the current Zero Trust certificate configuration.
zero_trust.gateway.lists
Methods
Creates a new Zero Trust list.
Deletes a Zero Trust list.
Appends or removes an item from a configured Zero Trust list.
Fetch a single Zero Trust list.
Fetch all Zero Trust lists for an account.
Updates a configured Zero Trust list. Skips updating list items if not included in the payload. A non empty list items will overwrite the existing list.
Domain types
zero_trust.gateway.lists.items
Methods
Fetch all items in a single Zero Trust list.
zero_trust.gateway.locations
Methods
Create a new Zero Trust Gateway location.
Delete a configured Zero Trust Gateway location.
Get a single Zero Trust Gateway location.
List Zero Trust Gateway locations for an account.
Update a configured Zero Trust Gateway location.
Domain types
Configure the destination endpoints for this location.
zero_trust.gateway.logging
Methods
Retrieve the current logging settings for the Zero Trust account.
Update logging settings for the current Zero Trust account.
Domain types
zero_trust.gateway.proxy_endpoints
Methods
Create a new Zero Trust Gateway proxy endpoint.
Delete a configured Zero Trust Gateway proxy endpoint.
Update a configured Zero Trust Gateway proxy endpoint.
Get a single Zero Trust Gateway proxy endpoint.
List all Zero Trust Gateway proxy endpoints for an account.
Domain types
Specify an IPv4 or IPv6 CIDR. Limit IPv6 to a maximum of /109 and IPv4 to a maximum of /25.
zero_trust.gateway.rules
Methods
Create a new Zero Trust Gateway rule.
Delete a Zero Trust Gateway rule.
Get a single Zero Trust Gateway rule.
List Zero Trust Gateway rules for an account.
The preferred authorization scheme for interacting with the Cloudflare API. Create a token.
Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
Zero Trust Read Zero Trust Write
Indicate whether the API call was successful.
List Zero Trust Gateway rules for the parent account of an account in the MSP configuration.
Resets the expiration of a Zero Trust Gateway Rule if its duration elapsed and it has a default duration. The Zero Trust Gateway Rule must have values for both expiration.expires_at
and expiration.duration
.
Update a configured Zero Trust Gateway rule.
Domain types
Specify the protocol or layer to use.
Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift.
Defines the schedule for activating DNS policies. Settable only for dns
and dns_resolver
rules.
Identity Providers
zero_trust.identity_providers
Methods
Adds a new identity provider to Access.
Deletes an identity provider from Access.
Fetches a configured identity provider.
Lists all configured identity providers.
Updates a configured identity provider.
Domain types
The configuration settings for enabling a System for Cross-Domain Identity Management (SCIM) with the identity provider.
The type of identity provider. To determine the value for a specific provider, refer to our developer documentation.
zero_trust.identity_providers.scim
zero_trust.identity_providers.scim.groups
Methods
Lists SCIM Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM).
zero_trust.identity_providers.scim.users
Methods
Lists SCIM User resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM).
Networks
zero_trust.networks
zero_trust.networks.hostname_routes
Methods
Create a hostname route.
Delete a hostname route.
Updates a hostname route.
Get a hostname route.
Lists and filters hostname routes in an account.
Domain types
zero_trust.networks.routes
Methods
Routes a private network through a Cloudflare Tunnel.
Deletes a private network route from an account.
Updates an existing private network route in an account. The fields that are meant to be updated should be provided in the body of the request.
Get a private network route in an account.
Lists and filters private network routes in an account.
Domain types
zero_trust.networks.routes.ips
Methods
Fetches routes that contain the given IP address.
zero_trust.networks.routes.networks
Methods
Deprecated
This endpoint and its related APIs are deprecated in favor of the equivalent Tunnel Route (without CIDR) APIs.
Routes a private network through a Cloudflare Tunnel. The CIDR in ip_network_encoded
must be written in URL-encoded format.
Deprecated
This endpoint and its related APIs are deprecated in favor of the equivalent Tunnel Route (without CIDR) APIs.
Deletes a private network route from an account. The CIDR in ip_network_encoded
must be written in URL-encoded format. If no virtual_network_id is provided it will delete the route from the default vnet. If no tun_type is provided it will fetch the type from the tunnel_id or if that is missing it will assume Cloudflare Tunnel as default. If tunnel_id is provided it will delete the route from that tunnel, otherwise it will delete the route based on the vnet and tun_type.
Deprecated
This endpoint and its related APIs are deprecated in favor of the equivalent Tunnel Route (without CIDR) APIs.
Updates an existing private network route in an account. The CIDR in ip_network_encoded
must be written in URL-encoded format.
zero_trust.networks.subnets
Methods
Lists and filters subnets in an account.
zero_trust.networks.subnets.cloudflare_source
Methods
Updates the Cloudflare Source subnet of the given address family
zero_trust.networks.virtual_networks
Methods
Adds a new virtual network to an account.
Deletes an existing virtual network.
Updates an existing virtual network.
Get a virtual network.
Lists and filters virtual networks in an account.
Domain types
Organizations
zero_trust.organizations
Methods
Sets up a Zero Trust organization for your account or zone.
Returns the configuration for your Zero Trust organization.
Revokes a user's access across all applications.
Updates the configuration for your Zero Trust organization.
Domain types
zero_trust.organizations.doh
Methods
Returns the DoH settings for your Zero Trust organization.
Updates the DoH settings for your Zero Trust organization.
Risk Scoring
zero_trust.risk_scoring
Methods
Get risk event/score information for a specific user
Clear the risk score for a particular user
zero_trust.risk_scoring.behaviours
Methods
Get all behaviors and associated configuration
Update configuration for risk behaviors
zero_trust.risk_scoring.integrations
Methods
Create new risk score integration.
Delete a risk score integration.
Get risk score integration by id.
List all risk score integrations for the account.
Overwrite the reference_id, tenant_url, and active values with the ones provided.
zero_trust.risk_scoring.integrations.references
Methods
Get risk score integration by reference id.
zero_trust.risk_scoring.summary
Methods
Get risk score info for all users in the account
Seats
zero_trust.seats
Methods
Removes a user from a Zero Trust seat when both access_seat
and gateway_seat
are set to false.
Domain types
Tunnels
zero_trust.tunnels
Methods
Lists and filters all types of Tunnels in an account.
Domain types
zero_trust.tunnels.cloudflared
Methods
Creates a new Cloudflare Tunnel in an account.
Deletes a Cloudflare Tunnel from an account.
Updates an existing Cloudflare Tunnel.
Fetches a single Cloudflare Tunnel.
Lists and filters Cloudflare Tunnels in an account.
zero_trust.tunnels.cloudflared.configurations
Methods
Gets the configuration for a remotely-managed tunnel
Adds or updates the configuration for a remotely-managed tunnel.
zero_trust.tunnels.cloudflared.connections
Methods
Removes a connection (aka Cloudflare Tunnel Connector) from a Cloudflare Tunnel independently of its current state. If no connector id (client_id) is provided all connectors will be removed. We recommend running this command after rotating tokens.
Fetches connection details for a Cloudflare Tunnel.
Domain types
A client (typically cloudflared) that maintains connections to a Cloudflare data center.
zero_trust.tunnels.cloudflared.connectors
Methods
Fetches connector and connection details for a Cloudflare Tunnel.
zero_trust.tunnels.cloudflared.management
Methods
Gets a management token used to access the management resources (i.e. Streaming Logs) of a tunnel.
zero_trust.tunnels.cloudflared.token
Methods
Gets the token used to associate cloudflared with a specific tunnel.
zero_trust.tunnels.warp_connector
Methods
Creates a new Warp Connector Tunnel in an account.
Deletes a Warp Connector Tunnel from an account.
Updates an existing Warp Connector Tunnel.
Fetches a single Warp Connector Tunnel.
Lists and filters Warp Connector Tunnels in an account.
zero_trust.tunnels.warp_connector.token
Methods
Gets the token used to associate warp device with a specific Warp Connector tunnel.