Skip to content
Cloudflare API
Start here
API Reference

Shared

ModelsExpand Collapse
int
class AuditLog:
id: Optional[str]

A string that uniquely identifies the audit log.

action: Optional[Action]
result: Optional[bool]

A boolean that indicates if the action attempted was successful.

type: Optional[str]

A short string that describes the action that was performed.

actor: Optional[Actor]
id: Optional[str]

The ID of the actor that performed the action. If a user performed the action, this will be their User ID.

email: Optional[str]

The email of the user that performed the action.

formatemail
ip: Optional[str]

The IP address of the request that performed the action.

type: Optional[Literal["user", "admin", "Cloudflare"]]

The type of actor, whether a User, Cloudflare Admin, or an Automated System.

One of the following:
"user"
"admin"
"Cloudflare"
interface: Optional[str]

The source of the event.

metadata: Optional[object]

An object which can lend more context to the action being logged. This is a flexible value and varies between different actions.

new_value: Optional[str]

The new value of the resource that was modified.

old_value: Optional[str]

The value of the resource before it was modified.

owner: Optional[Owner]
id: Optional[str]

Identifier

maxLength32
resource: Optional[Resource]
id: Optional[str]

An identifier for the resource that was affected by the action.

type: Optional[str]

A short string that describes the resource that was affected by the action.

when: Optional[datetime]

A UTC RFC3339 timestamp that specifies when the action being logged occured.

formatdate-time
Literal["digicert", "google", "lets_encrypt", "ssl_com"]

The Certificate Authority that will issue the certificate

One of the following:
"digicert"
"google"
"lets_encrypt"
"ssl_com"
Literal["origin-rsa", "origin-ecc", "keyless-certificate"]

Signature type desired on certificate ("origin-rsa" (rsa), "origin-ecc" (ecdsa), or "keyless-certificate" (for Keyless SSL servers).

One of the following:
"origin-rsa"
"origin-ecc"
"keyless-certificate"
class CloudflareTunnel:

A Cloudflare Tunnel that connects your origin to Cloudflare's edge.

id: Optional[str]

UUID of the tunnel.

formatuuid
maxLength36
account_tag: Optional[str]

Cloudflare account ID

maxLength32
config_src: Optional[Literal["local", "cloudflare"]]

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel on the Zero Trust dashboard.

One of the following:
"local"
"cloudflare"
Deprecatedconnections: Optional[List[Connection]]
This field will start returning an empty array. To fetch the connections of a given tunnel, please use the dedicated endpoint `/accounts/{account_id}/{tunnel_type}/{tunnel_id}/connections`

The Cloudflare Tunnel connections between your origin and Cloudflare's edge.

id: Optional[str]

UUID of the Cloudflare Tunnel connection.

formatuuid
maxLength36
client_id: Optional[str]

UUID of the Cloudflare Tunnel connector.

formatuuid
maxLength36
client_version: Optional[str]

The cloudflared version used to establish this connection.

colo_name: Optional[str]

The Cloudflare data center used for this connection.

is_pending_reconnect: Optional[bool]

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at: Optional[datetime]

Timestamp of when the connection was established.

formatdate-time
origin_ip: Optional[str]

The public IP address of the host running cloudflared.

uuid: Optional[str]

UUID of the Cloudflare Tunnel connection.

formatuuid
maxLength36
conns_active_at: Optional[datetime]

Timestamp of when the tunnel established at least one connection to Cloudflare's edge. If null, the tunnel is inactive.

formatdate-time
conns_inactive_at: Optional[datetime]

Timestamp of when the tunnel became inactive (no connections to Cloudflare's edge). If null, the tunnel is active.

formatdate-time
created_at: Optional[datetime]

Timestamp of when the resource was created.

formatdate-time
deleted_at: Optional[datetime]

Timestamp of when the resource was deleted. If null, the resource has not been deleted.

formatdate-time
metadata: Optional[object]

Metadata associated with the tunnel.

name: Optional[str]

A user-friendly name for a tunnel.

Deprecatedremote_config: Optional[bool]
Use the config_src field instead.

If true, the tunnel can be configured remotely from the Zero Trust dashboard. If false, the tunnel must be configured locally on the origin machine.

status: Optional[Literal["inactive", "degraded", "healthy", "down"]]

The status of the tunnel. Valid values are inactive (tunnel has never been run), degraded (tunnel is active and able to serve traffic but in an unhealthy state), healthy (tunnel is active and able to serve traffic), or down (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).

One of the following:
"inactive"
"degraded"
"healthy"
"down"
tun_type: Optional[Literal["cfd_tunnel", "warp_connector", "warp", 4 more]]

The type of tunnel.

One of the following:
"cfd_tunnel"
"warp_connector"
"warp"
"magic"
"ip_sec"
"gre"
"cni"
class ErrorData:
code: Optional[int]
documentation_url: Optional[str]
message: Optional[str]
source: Optional[Source]
pointer: Optional[str]
class Identifier:
id: Optional[str]

Identifier.

maxLength32
class LoadBalancerPreview:
pools: Optional[Dict[str, str]]

Monitored pool IDs mapped to their respective names.

preview_id: Optional[str]
class Member:
id: Optional[str]

Membership identifier tag.

maxLength32
email: Optional[str]

The contact email address of the user.

maxLength90
policies: Optional[List[Policy]]

Access policy for the membership

id: Optional[str]

Policy identifier.

access: Optional[Literal["allow", "deny"]]

Allow or deny operations against the resources.

One of the following:
"allow"
"deny"
permission_groups: Optional[List[PolicyPermissionGroup]]

A set of permission groups that are specified to the policy.

id: str

Identifier of the permission group.

meta: Optional[PolicyPermissionGroupMeta]

Attributes associated to the permission group.

key: Optional[str]
value: Optional[str]
name: Optional[str]

Name of the permission group.

resource_groups: Optional[List[PolicyResourceGroup]]

A list of resource groups that the policy applies to.

id: str

Identifier of the resource group.

scope: List[PolicyResourceGroupScope]

The scope associated to the resource group

key: str

This is a combination of pre-defined resource name and identifier (like Account ID etc.)

objects: List[PolicyResourceGroupScopeObject]

A list of scope objects for additional context.

key: str

This is a combination of pre-defined resource name and identifier (like Zone ID etc.)

meta: Optional[PolicyResourceGroupMeta]

Attributes associated to the resource group.

key: Optional[str]
value: Optional[str]
name: Optional[str]

Name of the resource group.

roles: Optional[List[Role]]

Roles assigned to this Member.

id: str

Role identifier tag.

maxLength32
description: str

Description of role's permissions.

name: str

Role name.

maxLength120
permissions: Permissions
analytics: Optional[PermissionGrant]
billing: Optional[PermissionGrant]
cache_purge: Optional[PermissionGrant]
dns: Optional[PermissionGrant]
dns_records: Optional[PermissionGrant]
lb: Optional[PermissionGrant]
logs: Optional[PermissionGrant]
organization: Optional[PermissionGrant]
ssl: Optional[PermissionGrant]
waf: Optional[PermissionGrant]
zone_settings: Optional[PermissionGrant]
zones: Optional[PermissionGrant]
status: Optional[Literal["accepted", "pending"]]

A member's status in the account.

One of the following:
"accepted"
"pending"
user: Optional[User]

Details of the user associated to the membership.

email: str

The contact email address of the user.

maxLength90
id: Optional[str]

Identifier

maxLength32
minLength32
first_name: Optional[str]

User's first name

maxLength60
last_name: Optional[str]

User's last name

maxLength60
two_factor_authentication_enabled: Optional[bool]

Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication.

class PaginationInfo:
count: Optional[float]

Total number of results for the requested service

page: Optional[float]

Current page within paginated list of results

per_page: Optional[float]

Number of results per page of results

total_count: Optional[float]

Total results available without any search parameters

str
class PermissionGrant:
read: Optional[bool]
write: Optional[bool]
class RatePlan:

The rate plan applied to the subscription.

id: Optional[Literal["free", "lite", "pro", 7 more]]

The ID of the rate plan.

One of the following:
"free"
"lite"
"pro"
"pro_plus"
"business"
"enterprise"
"partners_free"
"partners_pro"
"partners_business"
"partners_enterprise"
currency: Optional[str]

The currency applied to the rate plan subscription.

externally_managed: Optional[bool]

Whether this rate plan is managed externally from Cloudflare.

is_contract: Optional[bool]

Whether a rate plan is enterprise-based (or newly adopted term contract).

public_name: Optional[str]

The full name of the rate plan.

scope: Optional[str]

The scope that this rate plan applies to.

sets: Optional[List[str]]

The list of sets this rate plan applies to. Returns array of strings.

class ResponseInfo:
code: int
minimum1000
message: str
documentation_url: Optional[str]
source: Optional[Source]
pointer: Optional[str]
One of the following:
class UnionMember0:
errors: Optional[List[ResponseInfo]]
code: int
minimum1000
message: str
documentation_url: Optional[str]
source: Optional[Source]
pointer: Optional[str]
messages: Optional[List[ResponseInfo]]
code: int
minimum1000
message: str
documentation_url: Optional[str]
source: Optional[Source]
pointer: Optional[str]
result: Optional[List[AuditLog]]
id: Optional[str]

A string that uniquely identifies the audit log.

action: Optional[Action]
result: Optional[bool]

A boolean that indicates if the action attempted was successful.

type: Optional[str]

A short string that describes the action that was performed.

actor: Optional[Actor]
id: Optional[str]

The ID of the actor that performed the action. If a user performed the action, this will be their User ID.

email: Optional[str]

The email of the user that performed the action.

formatemail
ip: Optional[str]

The IP address of the request that performed the action.

type: Optional[Literal["user", "admin", "Cloudflare"]]

The type of actor, whether a User, Cloudflare Admin, or an Automated System.

One of the following:
"user"
"admin"
"Cloudflare"
interface: Optional[str]

The source of the event.

metadata: Optional[object]

An object which can lend more context to the action being logged. This is a flexible value and varies between different actions.

new_value: Optional[str]

The new value of the resource that was modified.

old_value: Optional[str]

The value of the resource before it was modified.

owner: Optional[Owner]
id: Optional[str]

Identifier

maxLength32
resource: Optional[Resource]
id: Optional[str]

An identifier for the resource that was affected by the action.

type: Optional[str]

A short string that describes the resource that was affected by the action.

when: Optional[datetime]

A UTC RFC3339 timestamp that specifies when the action being logged occured.

formatdate-time
success: Optional[bool]
class AaaAPIResponseCommon:
errors: List[ResponseInfo]
code: int
minimum1000
message: str
documentation_url: Optional[str]
source: Optional[Source]
pointer: Optional[str]
messages: List[ResponseInfo]
code: int
minimum1000
message: str
documentation_url: Optional[str]
source: Optional[Source]
pointer: Optional[str]
success: Literal[true]

Whether the API call was successful

class Role:
id: str

Role identifier tag.

maxLength32
description: str

Description of role's permissions.

name: str

Role name.

maxLength120
permissions: Permissions
analytics: Optional[PermissionGrant]
billing: Optional[PermissionGrant]
cache_purge: Optional[PermissionGrant]
dns: Optional[PermissionGrant]
dns_records: Optional[PermissionGrant]
lb: Optional[PermissionGrant]
logs: Optional[PermissionGrant]
organization: Optional[PermissionGrant]
ssl: Optional[PermissionGrant]
waf: Optional[PermissionGrant]
zone_settings: Optional[PermissionGrant]
zones: Optional[PermissionGrant]
Literal["asc", "desc"]

Direction to order DNS records in.

One of the following:
"asc"
"desc"
class Subscription:
id: Optional[str]

Subscription identifier tag.

maxLength32
currency: Optional[str]

The monetary unit in which pricing information is displayed.

current_period_end: Optional[datetime]

The end of the current period and also when the next billing is due.

formatdate-time
current_period_start: Optional[datetime]

When the current billing period started. May match initial_period_start if this is the first period.

formatdate-time
frequency: Optional[Literal["weekly", "monthly", "quarterly", "yearly"]]

How often the subscription is renewed automatically.

One of the following:
"weekly"
"monthly"
"quarterly"
"yearly"
price: Optional[float]

The price of the subscription that will be billed, in US dollars.

rate_plan: Optional[RatePlan]

The rate plan applied to the subscription.

state: Optional[Literal["Trial", "Provisioned", "Paid", 4 more]]

The state that the subscription is in.

One of the following:
"Trial"
"Provisioned"
"Paid"
"AwaitingPayment"
"Cancelled"
"Failed"
"Expired"
class SubscriptionComponent:

A component value for a subscription.

default: Optional[float]

The default amount assigned.

name: Optional[str]

The name of the component value.

price: Optional[float]

The unit price for the component value.

value: Optional[float]

The amount of the component value assigned.

class SubscriptionZone:

A simple zone object. May have null properties if not a zone subscription.

id: Optional[str]

Identifier

maxLength32
name: Optional[str]

The domain name

maxLength253
class Token:
id: Optional[str]

Token identifier tag.

maxLength32
condition: Optional[Condition]
request_ip: Optional[ConditionRequestIP]

Client IP restrictions.

in_: Optional[List[TokenConditionCIDRList]]

List of IPv4/IPv6 CIDR addresses.

not_in: Optional[List[TokenConditionCIDRList]]

List of IPv4/IPv6 CIDR addresses.

expires_on: Optional[datetime]

The expiration time on or after which the JWT MUST NOT be accepted for processing.

formatdate-time
issued_on: Optional[datetime]

The time on which the token was created.

formatdate-time
last_used_on: Optional[datetime]

Last time the token was used.

formatdate-time
modified_on: Optional[datetime]

Last time the token was modified.

formatdate-time
name: Optional[str]

Token name.

maxLength120
not_before: Optional[datetime]

The time before which the token MUST NOT be accepted for processing.

formatdate-time
policies: Optional[List[TokenPolicy]]

List of access policies assigned to the token.

id: str

Policy identifier.

effect: Literal["allow", "deny"]

Allow or deny operations against the resources.

One of the following:
"allow"
"deny"
permission_groups: List[PermissionGroup]

A set of permission groups that are specified to the policy.

id: str

Identifier of the permission group.

meta: Optional[PermissionGroupMeta]

Attributes associated to the permission group.

key: Optional[str]
value: Optional[str]
name: Optional[str]

Name of the permission group.

resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]

A list of resource names that the policy applies to.

One of the following:
Dict[str, str]

Map of simple string resource permissions

Dict[str, Dict[str, str]]

Map of nested resource permissions

status: Optional[Literal["active", "disabled", "expired"]]

Status of the token.

One of the following:
"active"
"disabled"
"expired"
str

IPv4/IPv6 CIDR.

class TokenPolicy:
id: str

Policy identifier.

effect: Literal["allow", "deny"]

Allow or deny operations against the resources.

One of the following:
"allow"
"deny"
permission_groups: List[PermissionGroup]

A set of permission groups that are specified to the policy.

id: str

Identifier of the permission group.

meta: Optional[PermissionGroupMeta]

Attributes associated to the permission group.

key: Optional[str]
value: Optional[str]
name: Optional[str]

Name of the permission group.

resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]

A list of resource names that the policy applies to.

One of the following:
Dict[str, str]

Map of simple string resource permissions

Dict[str, Dict[str, str]]

Map of nested resource permissions

str

The token value.