# Accounts ## List Accounts `accounts.list(AccountListParams**kwargs) -> SyncV4PagePaginationArray[Account]` **get** `/accounts` List all accounts you have ownership or verified access to. ### Parameters - `direction: Optional[Literal["asc", "desc"]]` Direction to order results. - `"asc"` - `"desc"` - `name: Optional[str]` Name of the account. - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Maximum number of results per page. ### Returns - `class Account: …` - `id: str` Identifier - `name: str` Account name - `type: Literal["standard", "enterprise"]` - `"standard"` - `"enterprise"` - `created_on: Optional[datetime]` Timestamp for the creation of the account - `managed_by: Optional[ManagedBy]` Parent container details - `parent_org_id: Optional[str]` ID of the parent Organization, if one exists - `parent_org_name: Optional[str]` Name of the parent Organization, if one exists - `settings: Optional[Settings]` Account settings - `abuse_contact_email: Optional[str]` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor: Optional[bool]` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.accounts.list() page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "name": "Demo Account", "type": "standard", "created_on": "2014-03-01T12:21:02.0000Z", "managed_by": { "parent_org_id": "4536bcfad5faccb111b47003c79917fa", "parent_org_name": "Demo Parent Organization" }, "settings": { "abuse_contact_email": "abuse_contact_email", "enforce_twofactor": true } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Account Details `accounts.get(AccountGetParams**kwargs) -> Account` **get** `/accounts/{account_id}` Get information about a specific account that you are a member of. ### Parameters - `account_id: str` Account identifier tag. ### Returns - `class Account: …` - `id: str` Identifier - `name: str` Account name - `type: Literal["standard", "enterprise"]` - `"standard"` - `"enterprise"` - `created_on: Optional[datetime]` Timestamp for the creation of the account - `managed_by: Optional[ManagedBy]` Parent container details - `parent_org_id: Optional[str]` ID of the parent Organization, if one exists - `parent_org_name: Optional[str]` Name of the parent Organization, if one exists - `settings: Optional[Settings]` Account settings - `abuse_contact_email: Optional[str]` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor: Optional[bool]` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) account = client.accounts.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(account.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "name": "Demo Account", "type": "standard", "created_on": "2014-03-01T12:21:02.0000Z", "managed_by": { "parent_org_id": "4536bcfad5faccb111b47003c79917fa", "parent_org_name": "Demo Parent Organization" }, "settings": { "abuse_contact_email": "abuse_contact_email", "enforce_twofactor": true } } } ``` ## Create an account `accounts.create(AccountCreateParams**kwargs) -> Account` **post** `/accounts` Create an account (only available for tenant admins at this time) ### Parameters - `name: str` Account name - `type: Optional[Literal["standard", "enterprise"]]` - `"standard"` - `"enterprise"` - `unit: Optional[Unit]` information related to the tenant unit, and optionally, an id of the unit to create the account on. see https://developers.cloudflare.com/tenant/how-to/manage-accounts/ - `id: Optional[str]` Tenant unit ID ### Returns - `class Account: …` - `id: str` Identifier - `name: str` Account name - `type: Literal["standard", "enterprise"]` - `"standard"` - `"enterprise"` - `created_on: Optional[datetime]` Timestamp for the creation of the account - `managed_by: Optional[ManagedBy]` Parent container details - `parent_org_id: Optional[str]` ID of the parent Organization, if one exists - `parent_org_name: Optional[str]` Name of the parent Organization, if one exists - `settings: Optional[Settings]` Account settings - `abuse_contact_email: Optional[str]` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor: Optional[bool]` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) account = client.accounts.create( name="name", ) print(account.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "name": "Demo Account", "type": "standard", "created_on": "2014-03-01T12:21:02.0000Z", "managed_by": { "parent_org_id": "4536bcfad5faccb111b47003c79917fa", "parent_org_name": "Demo Parent Organization" }, "settings": { "abuse_contact_email": "abuse_contact_email", "enforce_twofactor": true } } } ``` ## Update Account `accounts.update(AccountUpdateParams**kwargs) -> Account` **put** `/accounts/{account_id}` Update an existing account. ### Parameters - `account_id: str` Account identifier tag. - `id: str` Identifier - `name: str` Account name - `type: Literal["standard", "enterprise"]` - `"standard"` - `"enterprise"` - `managed_by: Optional[ManagedBy]` Parent container details - `parent_org_id: Optional[str]` ID of the parent Organization, if one exists - `parent_org_name: Optional[str]` Name of the parent Organization, if one exists - `settings: Optional[Settings]` Account settings - `abuse_contact_email: Optional[str]` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor: Optional[bool]` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Returns - `class Account: …` - `id: str` Identifier - `name: str` Account name - `type: Literal["standard", "enterprise"]` - `"standard"` - `"enterprise"` - `created_on: Optional[datetime]` Timestamp for the creation of the account - `managed_by: Optional[ManagedBy]` Parent container details - `parent_org_id: Optional[str]` ID of the parent Organization, if one exists - `parent_org_name: Optional[str]` Name of the parent Organization, if one exists - `settings: Optional[Settings]` Account settings - `abuse_contact_email: Optional[str]` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor: Optional[bool]` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) account = client.accounts.update( account_id="023e105f4ecef8ad9ca31a8372d0c353", id="023e105f4ecef8ad9ca31a8372d0c353", name="Demo Account", type="standard", ) print(account.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "name": "Demo Account", "type": "standard", "created_on": "2014-03-01T12:21:02.0000Z", "managed_by": { "parent_org_id": "4536bcfad5faccb111b47003c79917fa", "parent_org_name": "Demo Parent Organization" }, "settings": { "abuse_contact_email": "abuse_contact_email", "enforce_twofactor": true } } } ``` ## Delete a specific account `accounts.delete(AccountDeleteParams**kwargs) -> AccountDeleteResponse` **delete** `/accounts/{account_id}` Delete a specific account (only available for tenant admins at this time). This is a permanent operation that will delete any zones or other resources under the account ### Parameters - `account_id: str` The account ID of the account to be deleted ### Returns - `class AccountDeleteResponse: …` - `id: str` Identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) account = client.accounts.delete( account_id="account_id", ) print(account.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### Account - `class Account: …` - `id: str` Identifier - `name: str` Account name - `type: Literal["standard", "enterprise"]` - `"standard"` - `"enterprise"` - `created_on: Optional[datetime]` Timestamp for the creation of the account - `managed_by: Optional[ManagedBy]` Parent container details - `parent_org_id: Optional[str]` ID of the parent Organization, if one exists - `parent_org_name: Optional[str]` Name of the parent Organization, if one exists - `settings: Optional[Settings]` Account settings - `abuse_contact_email: Optional[str]` Sets an abuse contact email to notify for abuse reports. - `enforce_twofactor: Optional[bool]` Indicates whether membership in this account requires that Two-Factor Authentication is enabled ### Account Delete Response - `class AccountDeleteResponse: …` - `id: str` Identifier # Account Organizations # Account Profile # Members ## List Members `accounts.members.list(MemberListParams**kwargs) -> SyncV4PagePaginationArray[Member]` **get** `/accounts/{account_id}/members` List all members of an account. ### Parameters - `account_id: str` Account identifier tag. - `direction: Optional[Literal["asc", "desc"]]` Direction to order results. - `"asc"` - `"desc"` - `order: Optional[Literal["user.first_name", "user.last_name", "user.email", "status"]]` Field to order results by. - `"user.first_name"` - `"user.last_name"` - `"user.email"` - `"status"` - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Maximum number of results per page. - `status: Optional[Literal["accepted", "pending", "rejected"]]` A member's status in the account. - `"accepted"` - `"pending"` - `"rejected"` ### Returns - `class Member: …` - `id: Optional[str]` Membership identifier tag. - `email: Optional[str]` The contact email address of the user. - `policies: Optional[List[Policy]]` Access policy for the membership - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. - `roles: Optional[List[Role]]` Roles assigned to this Member. - `id: str` Role identifier tag. - `description: str` Description of role's permissions. - `name: str` Role name. - `permissions: Permissions` - `analytics: Optional[PermissionGrant]` - `read: Optional[bool]` - `write: Optional[bool]` - `billing: Optional[PermissionGrant]` - `cache_purge: Optional[PermissionGrant]` - `dns: Optional[PermissionGrant]` - `dns_records: Optional[PermissionGrant]` - `lb: Optional[PermissionGrant]` - `logs: Optional[PermissionGrant]` - `organization: Optional[PermissionGrant]` - `ssl: Optional[PermissionGrant]` - `waf: Optional[PermissionGrant]` - `zone_settings: Optional[PermissionGrant]` - `zones: Optional[PermissionGrant]` - `status: Optional[Literal["accepted", "pending"]]` A member's status in the account. - `"accepted"` - `"pending"` - `user: Optional[User]` Details of the user associated to the membership. - `email: str` The contact email address of the user. - `id: Optional[str]` Identifier - `first_name: Optional[str]` User's first name - `last_name: Optional[str]` User's last name - `two_factor_authentication_enabled: Optional[bool]` Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.accounts.members.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "4536bcfad5faccb111b47003c79917fa", "email": "user@example.com", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ], "roles": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "status": "accepted", "user": { "email": "user@example.com", "id": "023e105f4ecef8ad9ca31a8372d0c353", "first_name": "John", "last_name": "Appleseed", "two_factor_authentication_enabled": true } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Member Details `accounts.members.get(strmember_id, MemberGetParams**kwargs) -> Member` **get** `/accounts/{account_id}/members/{member_id}` Get information about a specific member of an account. ### Parameters - `account_id: str` Account identifier tag. - `member_id: str` Membership identifier tag. ### Returns - `class Member: …` - `id: Optional[str]` Membership identifier tag. - `email: Optional[str]` The contact email address of the user. - `policies: Optional[List[Policy]]` Access policy for the membership - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. - `roles: Optional[List[Role]]` Roles assigned to this Member. - `id: str` Role identifier tag. - `description: str` Description of role's permissions. - `name: str` Role name. - `permissions: Permissions` - `analytics: Optional[PermissionGrant]` - `read: Optional[bool]` - `write: Optional[bool]` - `billing: Optional[PermissionGrant]` - `cache_purge: Optional[PermissionGrant]` - `dns: Optional[PermissionGrant]` - `dns_records: Optional[PermissionGrant]` - `lb: Optional[PermissionGrant]` - `logs: Optional[PermissionGrant]` - `organization: Optional[PermissionGrant]` - `ssl: Optional[PermissionGrant]` - `waf: Optional[PermissionGrant]` - `zone_settings: Optional[PermissionGrant]` - `zones: Optional[PermissionGrant]` - `status: Optional[Literal["accepted", "pending"]]` A member's status in the account. - `"accepted"` - `"pending"` - `user: Optional[User]` Details of the user associated to the membership. - `email: str` The contact email address of the user. - `id: Optional[str]` Identifier - `first_name: Optional[str]` User's first name - `last_name: Optional[str]` User's last name - `two_factor_authentication_enabled: Optional[bool]` Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) member = client.accounts.members.get( member_id="4536bcfad5faccb111b47003c79917fa", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(member.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4536bcfad5faccb111b47003c79917fa", "email": "user@example.com", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ], "roles": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "status": "accepted", "user": { "email": "user@example.com", "id": "023e105f4ecef8ad9ca31a8372d0c353", "first_name": "John", "last_name": "Appleseed", "two_factor_authentication_enabled": true } } } ``` ## Add Member `accounts.members.create(MemberCreateParams**kwargs) -> Member` **post** `/accounts/{account_id}/members` Add a user to the list of members for this account. ### Parameters - `account_id: str` Account identifier tag. - `email: str` The contact email address of the user. - `roles: SequenceNotStr[str]` Array of roles associated with this member. - `status: Optional[Literal["accepted", "pending"]]` Status of the member invitation. If not provided during creation, defaults to 'pending'. Changing from 'accepted' back to 'pending' will trigger a replacement of the member resource in Terraform. - `"accepted"` - `"pending"` ### Returns - `class Member: …` - `id: Optional[str]` Membership identifier tag. - `email: Optional[str]` The contact email address of the user. - `policies: Optional[List[Policy]]` Access policy for the membership - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. - `roles: Optional[List[Role]]` Roles assigned to this Member. - `id: str` Role identifier tag. - `description: str` Description of role's permissions. - `name: str` Role name. - `permissions: Permissions` - `analytics: Optional[PermissionGrant]` - `read: Optional[bool]` - `write: Optional[bool]` - `billing: Optional[PermissionGrant]` - `cache_purge: Optional[PermissionGrant]` - `dns: Optional[PermissionGrant]` - `dns_records: Optional[PermissionGrant]` - `lb: Optional[PermissionGrant]` - `logs: Optional[PermissionGrant]` - `organization: Optional[PermissionGrant]` - `ssl: Optional[PermissionGrant]` - `waf: Optional[PermissionGrant]` - `zone_settings: Optional[PermissionGrant]` - `zones: Optional[PermissionGrant]` - `status: Optional[Literal["accepted", "pending"]]` A member's status in the account. - `"accepted"` - `"pending"` - `user: Optional[User]` Details of the user associated to the membership. - `email: str` The contact email address of the user. - `id: Optional[str]` Identifier - `first_name: Optional[str]` User's first name - `last_name: Optional[str]` User's last name - `two_factor_authentication_enabled: Optional[bool]` Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) member = client.accounts.members.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", email="user@example.com", roles=["3536bcfad5faccb999b47003c79917fb"], ) print(member.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4536bcfad5faccb111b47003c79917fa", "email": "user@example.com", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ], "roles": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "status": "accepted", "user": { "email": "user@example.com", "id": "023e105f4ecef8ad9ca31a8372d0c353", "first_name": "John", "last_name": "Appleseed", "two_factor_authentication_enabled": true } } } ``` ## Update Member `accounts.members.update(strmember_id, MemberUpdateParams**kwargs) -> Member` **put** `/accounts/{account_id}/members/{member_id}` Modify an account member. ### Parameters - `account_id: str` Account identifier tag. - `member_id: str` Membership identifier tag. - `roles: Optional[Iterable[Role]]` Roles assigned to this member. - `id: str` Role identifier tag. - `description: str` Description of role's permissions. - `name: str` Role name. - `permissions: Permissions` - `analytics: Optional[PermissionGrant]` - `read: Optional[bool]` - `write: Optional[bool]` - `billing: Optional[PermissionGrant]` - `cache_purge: Optional[PermissionGrant]` - `dns: Optional[PermissionGrant]` - `dns_records: Optional[PermissionGrant]` - `lb: Optional[PermissionGrant]` - `logs: Optional[PermissionGrant]` - `organization: Optional[PermissionGrant]` - `ssl: Optional[PermissionGrant]` - `waf: Optional[PermissionGrant]` - `zone_settings: Optional[PermissionGrant]` - `zones: Optional[PermissionGrant]` ### Returns - `class Member: …` - `id: Optional[str]` Membership identifier tag. - `email: Optional[str]` The contact email address of the user. - `policies: Optional[List[Policy]]` Access policy for the membership - `id: Optional[str]` Policy identifier. - `access: Optional[Literal["allow", "deny"]]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: Optional[List[PolicyPermissionGroup]]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PolicyPermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resource_groups: Optional[List[PolicyResourceGroup]]` A list of resource groups that the policy applies to. - `id: str` Identifier of the resource group. - `scope: List[PolicyResourceGroupScope]` The scope associated to the resource group - `key: str` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: List[PolicyResourceGroupScopeObject]` A list of scope objects for additional context. - `key: str` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: Optional[PolicyResourceGroupMeta]` Attributes associated to the resource group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the resource group. - `roles: Optional[List[Role]]` Roles assigned to this Member. - `id: str` Role identifier tag. - `description: str` Description of role's permissions. - `name: str` Role name. - `permissions: Permissions` - `analytics: Optional[PermissionGrant]` - `read: Optional[bool]` - `write: Optional[bool]` - `billing: Optional[PermissionGrant]` - `cache_purge: Optional[PermissionGrant]` - `dns: Optional[PermissionGrant]` - `dns_records: Optional[PermissionGrant]` - `lb: Optional[PermissionGrant]` - `logs: Optional[PermissionGrant]` - `organization: Optional[PermissionGrant]` - `ssl: Optional[PermissionGrant]` - `waf: Optional[PermissionGrant]` - `zone_settings: Optional[PermissionGrant]` - `zones: Optional[PermissionGrant]` - `status: Optional[Literal["accepted", "pending"]]` A member's status in the account. - `"accepted"` - `"pending"` - `user: Optional[User]` Details of the user associated to the membership. - `email: str` The contact email address of the user. - `id: Optional[str]` Identifier - `first_name: Optional[str]` User's first name - `last_name: Optional[str]` User's last name - `two_factor_authentication_enabled: Optional[bool]` Indicates whether two-factor authentication is enabled for the user account. Does not apply to API authentication. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) member = client.accounts.members.update( member_id="4536bcfad5faccb111b47003c79917fa", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(member.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4536bcfad5faccb111b47003c79917fa", "email": "user@example.com", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ], "roles": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "status": "accepted", "user": { "email": "user@example.com", "id": "023e105f4ecef8ad9ca31a8372d0c353", "first_name": "John", "last_name": "Appleseed", "two_factor_authentication_enabled": true } } } ``` ## Remove Member `accounts.members.delete(strmember_id, MemberDeleteParams**kwargs) -> MemberDeleteResponse` **delete** `/accounts/{account_id}/members/{member_id}` Remove a member from an account. ### Parameters - `account_id: str` Account identifier tag. - `member_id: str` Membership identifier tag. ### Returns - `class MemberDeleteResponse: …` - `id: str` Identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) member = client.accounts.members.delete( member_id="4536bcfad5faccb111b47003c79917fa", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(member.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### Status - `Literal["member", "invited"]` Whether the user is a member of the organization or has an invitation pending. - `"member"` - `"invited"` ### Member Delete Response - `class MemberDeleteResponse: …` - `id: str` Identifier # Roles ## List Roles `accounts.roles.list(RoleListParams**kwargs) -> SyncV4PagePaginationArray[Role]` **get** `/accounts/{account_id}/roles` Get all available roles for an account. ### Parameters - `account_id: str` Account identifier tag. - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Number of roles per page. ### Returns - `class Role: …` - `id: str` Role identifier tag. - `description: str` Description of role's permissions. - `name: str` Role name. - `permissions: Permissions` - `analytics: Optional[PermissionGrant]` - `read: Optional[bool]` - `write: Optional[bool]` - `billing: Optional[PermissionGrant]` - `cache_purge: Optional[PermissionGrant]` - `dns: Optional[PermissionGrant]` - `dns_records: Optional[PermissionGrant]` - `lb: Optional[PermissionGrant]` - `logs: Optional[PermissionGrant]` - `organization: Optional[PermissionGrant]` - `ssl: Optional[PermissionGrant]` - `waf: Optional[PermissionGrant]` - `zone_settings: Optional[PermissionGrant]` - `zones: Optional[PermissionGrant]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.accounts.roles.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Role Details `accounts.roles.get(strrole_id, RoleGetParams**kwargs) -> Role` **get** `/accounts/{account_id}/roles/{role_id}` Get information about a specific role for an account. ### Parameters - `account_id: str` Account identifier tag. - `role_id: str` Role identifier tag. ### Returns - `class Role: …` - `id: str` Role identifier tag. - `description: str` Description of role's permissions. - `name: str` Role name. - `permissions: Permissions` - `analytics: Optional[PermissionGrant]` - `read: Optional[bool]` - `write: Optional[bool]` - `billing: Optional[PermissionGrant]` - `cache_purge: Optional[PermissionGrant]` - `dns: Optional[PermissionGrant]` - `dns_records: Optional[PermissionGrant]` - `lb: Optional[PermissionGrant]` - `logs: Optional[PermissionGrant]` - `organization: Optional[PermissionGrant]` - `ssl: Optional[PermissionGrant]` - `waf: Optional[PermissionGrant]` - `zone_settings: Optional[PermissionGrant]` - `zones: Optional[PermissionGrant]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) role = client.accounts.roles.get( role_id="3536bcfad5faccb999b47003c79917fb", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(role.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "3536bcfad5faccb999b47003c79917fb", "description": "Administrative access to the entire Account", "name": "Account Administrator", "permissions": { "analytics": { "read": true, "write": false }, "billing": { "read": true, "write": false }, "cache_purge": { "read": true, "write": false }, "dns": { "read": true, "write": false }, "dns_records": { "read": true, "write": false }, "lb": { "read": true, "write": false }, "logs": { "read": true, "write": false }, "organization": { "read": true, "write": false }, "ssl": { "read": true, "write": false }, "waf": { "read": true, "write": false }, "zone_settings": { "read": true, "write": false }, "zones": { "read": true, "write": true } } } } ``` # Subscriptions ## List Subscriptions `accounts.subscriptions.get(SubscriptionGetParams**kwargs) -> SyncSinglePage[Subscription]` **get** `/accounts/{account_id}/subscriptions` Lists all of an account's subscriptions. ### Parameters - `account_id: str` Identifier ### Returns - `class Subscription: …` - `id: Optional[str]` Subscription identifier tag. - `currency: Optional[str]` The monetary unit in which pricing information is displayed. - `current_period_end: Optional[datetime]` The end of the current period and also when the next billing is due. - `current_period_start: Optional[datetime]` When the current billing period started. May match initial_period_start if this is the first period. - `frequency: Optional[Literal["weekly", "monthly", "quarterly", "yearly"]]` How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `price: Optional[float]` The price of the subscription that will be billed, in US dollars. - `rate_plan: Optional[RatePlan]` The rate plan applied to the subscription. - `id: Optional[Literal["free", "lite", "pro", 7 more]]` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency: Optional[str]` The currency applied to the rate plan subscription. - `externally_managed: Optional[bool]` Whether this rate plan is managed externally from Cloudflare. - `is_contract: Optional[bool]` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name: Optional[str]` The full name of the rate plan. - `scope: Optional[str]` The scope that this rate plan applies to. - `sets: Optional[List[str]]` The list of sets this rate plan applies to. Returns array of strings. - `state: Optional[Literal["Trial", "Provisioned", "Paid", 4 more]]` The state that the subscription is in. - `"Trial"` - `"Provisioned"` - `"Paid"` - `"AwaitingPayment"` - `"Cancelled"` - `"Failed"` - `"Expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.accounts.subscriptions.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "506e3185e9c882d175a2d0cb0093d9f2", "currency": "USD", "current_period_end": "2014-03-31T12:20:00Z", "current_period_start": "2014-05-11T12:20:00Z", "frequency": "monthly", "price": 20, "rate_plan": { "id": "free", "currency": "USD", "externally_managed": false, "is_contract": false, "public_name": "Business Plan", "scope": "zone", "sets": [ "string" ] }, "state": "Paid" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Create Subscription `accounts.subscriptions.create(SubscriptionCreateParams**kwargs) -> Subscription` **post** `/accounts/{account_id}/subscriptions` Creates an account subscription. ### Parameters - `account_id: str` Identifier - `frequency: Optional[Literal["weekly", "monthly", "quarterly", "yearly"]]` How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `rate_plan: Optional[RatePlan]` The rate plan applied to the subscription. - `id: Optional[Literal["free", "lite", "pro", 7 more]]` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency: Optional[str]` The currency applied to the rate plan subscription. - `externally_managed: Optional[bool]` Whether this rate plan is managed externally from Cloudflare. - `is_contract: Optional[bool]` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name: Optional[str]` The full name of the rate plan. - `scope: Optional[str]` The scope that this rate plan applies to. - `sets: Optional[List[str]]` The list of sets this rate plan applies to. Returns array of strings. ### Returns - `class Subscription: …` - `id: Optional[str]` Subscription identifier tag. - `currency: Optional[str]` The monetary unit in which pricing information is displayed. - `current_period_end: Optional[datetime]` The end of the current period and also when the next billing is due. - `current_period_start: Optional[datetime]` When the current billing period started. May match initial_period_start if this is the first period. - `frequency: Optional[Literal["weekly", "monthly", "quarterly", "yearly"]]` How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `price: Optional[float]` The price of the subscription that will be billed, in US dollars. - `rate_plan: Optional[RatePlan]` The rate plan applied to the subscription. - `id: Optional[Literal["free", "lite", "pro", 7 more]]` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency: Optional[str]` The currency applied to the rate plan subscription. - `externally_managed: Optional[bool]` Whether this rate plan is managed externally from Cloudflare. - `is_contract: Optional[bool]` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name: Optional[str]` The full name of the rate plan. - `scope: Optional[str]` The scope that this rate plan applies to. - `sets: Optional[List[str]]` The list of sets this rate plan applies to. Returns array of strings. - `state: Optional[Literal["Trial", "Provisioned", "Paid", 4 more]]` The state that the subscription is in. - `"Trial"` - `"Provisioned"` - `"Paid"` - `"AwaitingPayment"` - `"Cancelled"` - `"Failed"` - `"Expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) subscription = client.accounts.subscriptions.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(subscription.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "506e3185e9c882d175a2d0cb0093d9f2", "currency": "USD", "current_period_end": "2014-03-31T12:20:00Z", "current_period_start": "2014-05-11T12:20:00Z", "frequency": "monthly", "price": 20, "rate_plan": { "id": "free", "currency": "USD", "externally_managed": false, "is_contract": false, "public_name": "Business Plan", "scope": "zone", "sets": [ "string" ] }, "state": "Paid" }, "success": true } ``` ## Update Subscription `accounts.subscriptions.update(strsubscription_identifier, SubscriptionUpdateParams**kwargs) -> Subscription` **put** `/accounts/{account_id}/subscriptions/{subscription_identifier}` Updates an account subscription. ### Parameters - `account_id: str` Identifier - `subscription_identifier: str` Subscription identifier tag. - `frequency: Optional[Literal["weekly", "monthly", "quarterly", "yearly"]]` How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `rate_plan: Optional[RatePlan]` The rate plan applied to the subscription. - `id: Optional[Literal["free", "lite", "pro", 7 more]]` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency: Optional[str]` The currency applied to the rate plan subscription. - `externally_managed: Optional[bool]` Whether this rate plan is managed externally from Cloudflare. - `is_contract: Optional[bool]` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name: Optional[str]` The full name of the rate plan. - `scope: Optional[str]` The scope that this rate plan applies to. - `sets: Optional[List[str]]` The list of sets this rate plan applies to. Returns array of strings. ### Returns - `class Subscription: …` - `id: Optional[str]` Subscription identifier tag. - `currency: Optional[str]` The monetary unit in which pricing information is displayed. - `current_period_end: Optional[datetime]` The end of the current period and also when the next billing is due. - `current_period_start: Optional[datetime]` When the current billing period started. May match initial_period_start if this is the first period. - `frequency: Optional[Literal["weekly", "monthly", "quarterly", "yearly"]]` How often the subscription is renewed automatically. - `"weekly"` - `"monthly"` - `"quarterly"` - `"yearly"` - `price: Optional[float]` The price of the subscription that will be billed, in US dollars. - `rate_plan: Optional[RatePlan]` The rate plan applied to the subscription. - `id: Optional[Literal["free", "lite", "pro", 7 more]]` The ID of the rate plan. - `"free"` - `"lite"` - `"pro"` - `"pro_plus"` - `"business"` - `"enterprise"` - `"partners_free"` - `"partners_pro"` - `"partners_business"` - `"partners_enterprise"` - `currency: Optional[str]` The currency applied to the rate plan subscription. - `externally_managed: Optional[bool]` Whether this rate plan is managed externally from Cloudflare. - `is_contract: Optional[bool]` Whether a rate plan is enterprise-based (or newly adopted term contract). - `public_name: Optional[str]` The full name of the rate plan. - `scope: Optional[str]` The scope that this rate plan applies to. - `sets: Optional[List[str]]` The list of sets this rate plan applies to. Returns array of strings. - `state: Optional[Literal["Trial", "Provisioned", "Paid", 4 more]]` The state that the subscription is in. - `"Trial"` - `"Provisioned"` - `"Paid"` - `"AwaitingPayment"` - `"Cancelled"` - `"Failed"` - `"Expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) subscription = client.accounts.subscriptions.update( subscription_identifier="506e3185e9c882d175a2d0cb0093d9f2", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(subscription.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "506e3185e9c882d175a2d0cb0093d9f2", "currency": "USD", "current_period_end": "2014-03-31T12:20:00Z", "current_period_start": "2014-05-11T12:20:00Z", "frequency": "monthly", "price": 20, "rate_plan": { "id": "free", "currency": "USD", "externally_managed": false, "is_contract": false, "public_name": "Business Plan", "scope": "zone", "sets": [ "string" ] }, "state": "Paid" }, "success": true } ``` ## Delete Subscription `accounts.subscriptions.delete(strsubscription_identifier, SubscriptionDeleteParams**kwargs) -> SubscriptionDeleteResponse` **delete** `/accounts/{account_id}/subscriptions/{subscription_identifier}` Deletes an account's subscription. ### Parameters - `account_id: str` Identifier - `subscription_identifier: str` Subscription identifier tag. ### Returns - `class SubscriptionDeleteResponse: …` - `subscription_id: Optional[str]` Subscription identifier tag. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) subscription = client.accounts.subscriptions.delete( subscription_identifier="506e3185e9c882d175a2d0cb0093d9f2", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(subscription.subscription_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "subscription_id": "506e3185e9c882d175a2d0cb0093d9f2" }, "success": true } ``` ## Domain Types ### Subscription Delete Response - `class SubscriptionDeleteResponse: …` - `subscription_id: Optional[str]` Subscription identifier tag. # Tokens ## List Tokens `accounts.tokens.list(TokenListParams**kwargs) -> SyncV4PagePaginationArray[Token]` **get** `/accounts/{account_id}/tokens` List all Account Owned API tokens created for this account. ### Parameters - `account_id: str` Account identifier tag. - `direction: Optional[Literal["asc", "desc"]]` Direction to order results. - `"asc"` - `"desc"` - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` Maximum number of results per page. ### Returns - `class Token: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.accounts.tokens.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Token Details `accounts.tokens.get(strtoken_id, TokenGetParams**kwargs) -> Token` **get** `/accounts/{account_id}/tokens/{token_id}` Get information about a specific Account Owned API token. ### Parameters - `account_id: str` Account identifier tag. - `token_id: str` Token identifier tag. ### Returns - `class Token: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token = client.accounts.tokens.get( token_id="ed17574386854bf78a67040be0a770b0", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(token.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } } ``` ## Create Token `accounts.tokens.create(TokenCreateParams**kwargs) -> TokenCreateResponse` **post** `/accounts/{account_id}/tokens` Create a new Account Owned API token. ### Parameters - `account_id: str` Account identifier tag. - `name: str` Token name. - `policies: Iterable[TokenPolicy]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[SequenceNotStr[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[SequenceNotStr[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[Union[str, datetime]]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before: Optional[Union[str, datetime]]` The time before which the token MUST NOT be accepted for processing. ### Returns - `class TokenCreateResponse: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `value: Optional[TokenValue]` The token value. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token = client.accounts.tokens.create( account_id="023e105f4ecef8ad9ca31a8372d0c353", name="readonly token", policies=[{ "effect": "allow", "permission_groups": [{ "id": "c8fed203ed3043cba015a93ad1616f1f" }, { "id": "82e64a83756745bbbb1c9c2701bf816b" }], "resources": { "foo": "string" }, }], ) print(token.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active", "value": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T" } } ``` ## Update Token `accounts.tokens.update(strtoken_id, TokenUpdateParams**kwargs) -> Token` **put** `/accounts/{account_id}/tokens/{token_id}` Update an existing token. ### Parameters - `account_id: str` Account identifier tag. - `token_id: str` Token identifier tag. - `name: str` Token name. - `policies: Iterable[TokenPolicy]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[SequenceNotStr[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[SequenceNotStr[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[Union[str, datetime]]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before: Optional[Union[str, datetime]]` The time before which the token MUST NOT be accepted for processing. - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Returns - `class Token: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token = client.accounts.tokens.update( token_id="ed17574386854bf78a67040be0a770b0", account_id="023e105f4ecef8ad9ca31a8372d0c353", name="readonly token", policies=[{ "effect": "allow", "permission_groups": [{ "id": "c8fed203ed3043cba015a93ad1616f1f" }, { "id": "82e64a83756745bbbb1c9c2701bf816b" }], "resources": { "foo": "string" }, }], ) print(token.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "condition": { "request_ip": { "in": [ "123.123.123.0/24", "2606:4700::/32" ], "not_in": [ "123.123.123.100/24", "2606:4700:4700::/48" ] } }, "expires_on": "2020-01-01T00:00:00Z", "issued_on": "2018-07-01T05:20:00Z", "last_used_on": "2020-01-02T12:34:00Z", "modified_on": "2018-07-02T05:20:00Z", "name": "readonly token", "not_before": "2018-07-01T05:20:00Z", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "effect": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resources": { "foo": "string" } } ], "status": "active" } } ``` ## Delete Token `accounts.tokens.delete(strtoken_id, TokenDeleteParams**kwargs) -> TokenDeleteResponse` **delete** `/accounts/{account_id}/tokens/{token_id}` Destroy an Account Owned API token. ### Parameters - `account_id: str` Account identifier tag. - `token_id: str` Token identifier tag. ### Returns - `class TokenDeleteResponse: …` - `id: str` Identifier ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token = client.accounts.tokens.delete( token_id="ed17574386854bf78a67040be0a770b0", account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(token.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Verify Token `accounts.tokens.verify(TokenVerifyParams**kwargs) -> TokenVerifyResponse` **get** `/accounts/{account_id}/tokens/verify` Test whether a token works. ### Parameters - `account_id: str` Account identifier tag. ### Returns - `class TokenVerifyResponse: …` - `id: str` Token identifier tag. - `status: Literal["active", "disabled", "expired"]` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.accounts.tokens.verify( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "ed17574386854bf78a67040be0a770b0", "status": "active", "expires_on": "2020-01-01T00:00:00Z", "not_before": "2018-07-01T05:20:00Z" } } ``` ## Domain Types ### Token Create Response - `class TokenCreateResponse: …` - `id: Optional[str]` Token identifier tag. - `condition: Optional[Condition]` - `request_ip: Optional[ConditionRequestIP]` Client IP restrictions. - `in_: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `not_in: Optional[List[TokenConditionCIDRList]]` List of IPv4/IPv6 CIDR addresses. - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `issued_on: Optional[datetime]` The time on which the token was created. - `last_used_on: Optional[datetime]` Last time the token was used. - `modified_on: Optional[datetime]` Last time the token was modified. - `name: Optional[str]` Token name. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. - `policies: Optional[List[TokenPolicy]]` List of access policies assigned to the token. - `id: str` Policy identifier. - `effect: Literal["allow", "deny"]` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: List[PermissionGroup]` A set of permission groups that are specified to the policy. - `id: str` Identifier of the permission group. - `meta: Optional[PermissionGroupMeta]` Attributes associated to the permission group. - `key: Optional[str]` - `value: Optional[str]` - `name: Optional[str]` Name of the permission group. - `resources: Union[Dict[str, str], Dict[str, Dict[str, str]]]` A list of resource names that the policy applies to. - `Dict[str, str]` Map of simple string resource permissions - `Dict[str, Dict[str, str]]` Map of nested resource permissions - `status: Optional[Literal["active", "disabled", "expired"]]` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `value: Optional[TokenValue]` The token value. ### Token Delete Response - `class TokenDeleteResponse: …` - `id: str` Identifier ### Token Verify Response - `class TokenVerifyResponse: …` - `id: str` Token identifier tag. - `status: Literal["active", "disabled", "expired"]` Status of the token. - `"active"` - `"disabled"` - `"expired"` - `expires_on: Optional[datetime]` The expiration time on or after which the JWT MUST NOT be accepted for processing. - `not_before: Optional[datetime]` The time before which the token MUST NOT be accepted for processing. # Permission Groups ## List Permission Groups `accounts.tokens.permission_groups.list(PermissionGroupListParams**kwargs) -> SyncSinglePage[PermissionGroupListResponse]` **get** `/accounts/{account_id}/tokens/permission_groups` Find all available permission groups for Account Owned API Tokens ### Parameters - `account_id: str` Account identifier tag. - `name: Optional[str]` Filter by the name of the permission group. The value must be URL-encoded. - `scope: Optional[str]` Filter by the scope of the permission group. The value must be URL-encoded. ### Returns - `class PermissionGroupListResponse: …` - `id: Optional[str]` Public ID. - `name: Optional[str]` Permission Group Name - `scopes: Optional[List[Literal["com.cloudflare.api.account", "com.cloudflare.api.account.zone", "com.cloudflare.api.user", "com.cloudflare.edge.r2.bucket"]]]` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.accounts.tokens.permission_groups.list( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "7cf72faf220841aabcfdfab81c43c4f6", "name": "Billing Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "9d24387c6e8544e2bc4024a03991339f", "name": "Load Balancing: Monitors and Pools Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "d2a1802cc9a34e30852f8b33869b2f3c", "name": "Load Balancing: Monitors and Pools Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "8b47d2786a534c08a1f94ee8f9f599ef", "name": "Workers KV Storage Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "f7f0eda5697f475c90846e879bab8666", "name": "Workers KV Storage Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "1a71c399035b4950a1bd1466bbe4f420", "name": "Workers Scripts Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "e086da7e2179491d91ee5f35b3ca210a", "name": "Workers Scripts Write", "scopes": [ "com.cloudflare.api.account" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## List Permission Groups `accounts.tokens.permission_groups.get(PermissionGroupGetParams**kwargs) -> PermissionGroupGetResponse` **get** `/accounts/{account_id}/tokens/permission_groups` Find all available permission groups for Account Owned API Tokens ### Parameters - `account_id: str` Account identifier tag. - `name: Optional[str]` Filter by the name of the permission group. The value must be URL-encoded. - `scope: Optional[str]` Filter by the scope of the permission group. The value must be URL-encoded. ### Returns - `List[PermissionGroupGetResponseItem]` - `id: Optional[str]` Public ID. - `name: Optional[str]` Permission Group Name - `scopes: Optional[List[Literal["com.cloudflare.api.account", "com.cloudflare.api.account.zone", "com.cloudflare.api.user", "com.cloudflare.edge.r2.bucket"]]]` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) permission_groups = client.accounts.tokens.permission_groups.get( account_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(permission_groups) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "7cf72faf220841aabcfdfab81c43c4f6", "name": "Billing Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "9d24387c6e8544e2bc4024a03991339f", "name": "Load Balancing: Monitors and Pools Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "d2a1802cc9a34e30852f8b33869b2f3c", "name": "Load Balancing: Monitors and Pools Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "8b47d2786a534c08a1f94ee8f9f599ef", "name": "Workers KV Storage Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "f7f0eda5697f475c90846e879bab8666", "name": "Workers KV Storage Write", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "1a71c399035b4950a1bd1466bbe4f420", "name": "Workers Scripts Read", "scopes": [ "com.cloudflare.api.account" ] }, { "id": "e086da7e2179491d91ee5f35b3ca210a", "name": "Workers Scripts Write", "scopes": [ "com.cloudflare.api.account" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Permission Group List Response - `class PermissionGroupListResponse: …` - `id: Optional[str]` Public ID. - `name: Optional[str]` Permission Group Name - `scopes: Optional[List[Literal["com.cloudflare.api.account", "com.cloudflare.api.account.zone", "com.cloudflare.api.user", "com.cloudflare.edge.r2.bucket"]]]` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` ### Permission Group Get Response - `List[PermissionGroupGetResponseItem]` - `id: Optional[str]` Public ID. - `name: Optional[str]` Permission Group Name - `scopes: Optional[List[Literal["com.cloudflare.api.account", "com.cloudflare.api.account.zone", "com.cloudflare.api.user", "com.cloudflare.edge.r2.bucket"]]]` Resources to which the Permission Group is scoped - `"com.cloudflare.api.account"` - `"com.cloudflare.api.account.zone"` - `"com.cloudflare.api.user"` - `"com.cloudflare.edge.r2.bucket"` # Value ## Roll Token `accounts.tokens.value.update(strtoken_id, ValueUpdateParams**kwargs) -> TokenValue` **put** `/accounts/{account_id}/tokens/{token_id}/value` Roll the Account Owned API token secret. ### Parameters - `account_id: str` Account identifier tag. - `token_id: str` Token identifier tag. - `body: object` ### Returns - `str` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token_value = client.accounts.tokens.value.update( token_id="ed17574386854bf78a67040be0a770b0", account_id="023e105f4ecef8ad9ca31a8372d0c353", body={}, ) print(token_value) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T" } ``` # Logs # Audit ## Get account audit logs (Version 2) `accounts.logs.audit.list(AuditListParams**kwargs) -> SyncCursorPaginationAfter[AuditListResponse]` **get** `/accounts/{account_id}/logs/audit` Gets a list of audit logs for an account. ### Parameters - `account_id: str` The unique id that identifies the account. - `before: Union[null, null]` Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `since: Union[null, null]` Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. - `id: Optional[ID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by their IDs. - `account_name: Optional[AccountName]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the account name. - `action_result: Optional[ActionResult]` - `not_: Optional[List[Literal["success", "failure"]]]` Filters out audit logs by whether the action was successful or not. - `"success"` - `"failure"` - `action_type: Optional[ActionType]` - `not_: Optional[List[Literal["create", "delete", "view", "update"]]]` Filters out audit logs by the action type. - `"create"` - `"delete"` - `"view"` - `"update"` - `actor_context: Optional[ActorContext]` - `not_: Optional[List[Literal["api_key", "api_token", "dash", 2 more]]]` Filters out audit logs by the actor context. - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `actor_email: Optional[ActorEmail]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the actor's email address. - `actor_id: Optional[ActorID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the actor ID. This can be either the Account ID or User ID. - `actor_ip_address: Optional[ActorIPAddress]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs IP address where the action was initiated. - `actor_token_id: Optional[ActorTokenID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the API token ID when the actor context is an api_token or oauth. - `actor_token_name: Optional[ActorTokenName]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the API token name when the actor context is an api_token or oauth. - `actor_type: Optional[ActorType]` - `not_: Optional[List[Literal["account", "cloudflare_admin", "system", "user"]]]` Filters out audit logs by the actor type. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `audit_log_id: Optional[AuditLogID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by their IDs. - `cursor: Optional[str]` The cursor is an opaque token used to paginate through large sets of records. It indicates the position from which to continue when requesting the next set of records. A valid cursor value can be obtained from the cursor object in the result_info structure of a previous response. - `direction: Optional[Literal["desc", "asc"]]` Sets sorting order. - `"desc"` - `"asc"` - `limit: Optional[float]` The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit. - `raw_cf_rayid: Optional[RawCfRayID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the response CF Ray ID. - `raw_method: Optional[RawMethod]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the HTTP method for the API call. - `raw_status_code: Optional[RawStatusCode]` - `not_: Optional[Iterable[int]]` Filters out audit logs by the response status code that was returned. - `raw_uri: Optional[RawURI]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the request URI. - `resource_id: Optional[ResourceID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the resource ID. - `resource_product: Optional[ResourceProduct]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the Cloudflare product associated with the changed resource. - `resource_scope: Optional[ResourceScope]` - `not_: Optional[List[Literal["accounts", "user", "zones", "memberships"]]]` Filters out audit logs by the resource scope, specifying whether the resource is associated with an user, an account, a zone, or a membership. - `"accounts"` - `"user"` - `"zones"` - `"memberships"` - `resource_type: Optional[ResourceType]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs based on the unique type of resource changed by the action. - `zone_id: Optional[ZoneID]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the zone ID. - `zone_name: Optional[ZoneName]` - `not_: Optional[SequenceNotStr[str]]` Filters out audit logs by the zone name associated with the change. ### Returns - `class AuditListResponse: …` - `id: Optional[str]` A unique identifier for the audit log entry. - `account: Optional[Account]` Contains account related information. - `id: Optional[str]` A unique identifier for the account. - `name: Optional[str]` A string that identifies the account name. - `action: Optional[Action]` Provides information about the action performed. - `description: Optional[str]` A short description of the action performed. - `result: Optional[str]` The result of the action, indicating success or failure. - `time: Optional[datetime]` A timestamp indicating when the action was logged. - `type: Optional[str]` A short string that describes the action that was performed. - `actor: Optional[Actor]` Provides details about the actor who performed the action. - `id: Optional[str]` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context: Optional[Literal["api_key", "api_token", "dash", 2 more]]` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email: Optional[str]` The email of the actor who performed the action. - `ip_address: Optional[str]` The IP address of the request that performed the action. - `token_id: Optional[str]` The API token ID when the actor context is an api_token or oauth. - `token_name: Optional[str]` The API token name when the actor context is an api_token or oauth. - `type: Optional[Literal["account", "cloudflare_admin", "system", "user"]]` The type of actor. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `raw: Optional[Raw]` Provides raw information about the request and response. - `cf_rayid: Optional[str]` The Cloudflare Ray ID for the request. - `method: Optional[str]` The HTTP method of the request. - `status_code: Optional[int]` The HTTP response status code returned by the API. - `uri: Optional[str]` The URI of the request. - `user_agent: Optional[str]` The client's user agent string sent with the request. - `resource: Optional[Resource]` Provides details about the affected resource. - `id: Optional[str]` The unique identifier for the affected resource. - `product: Optional[str]` The Cloudflare product associated with the resource. - `request: Optional[object]` - `response: Optional[object]` - `scope: Optional[object]` The scope of the resource. - `type: Optional[str]` The type of the resource. - `zone: Optional[Zone]` Provides details about the zone affected by the action. - `id: Optional[str]` A string that identifies the zone id. - `name: Optional[str]` A string that identifies the zone name. ### Example ```python import os from datetime import date from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.accounts.logs.audit.list( account_id="a67e14daa5f8dceeb91fe5449ba496ef", before=date.fromisoformat("2024-10-31"), since=date.fromisoformat("2024-10-30"), ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "message": "message" } ], "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "account": { "id": "4bb334f7c94c4a29a045f03944f072e5", "name": "Example Account" }, "action": { "description": "Add Member", "result": "success", "time": "2024-04-26T17:31:07Z", "type": "create" }, "actor": { "id": "f6b5de0326bb5182b8a4840ee01ec774", "context": "dash", "email": "alice@example.com", "ip_address": "198.41.129.166", "token_id": "token_id", "token_name": "token_name", "type": "user" }, "raw": { "cf_ray_id": "8e9b1c60ef9e1c9a", "method": "POST", "status_code": 200, "uri": "/accounts/4bb334f7c94c4a29a045f03944f072e5/members", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15" }, "resource": { "id": "id", "product": "members", "request": {}, "response": {}, "scope": {}, "type": "type" }, "zone": { "id": "id", "name": "example.com" } } ], "result_info": { "count": "1", "cursor": "ASqdKd7dKgxh-aZ8bm0mZos1BtW4BdEqifCzNkEeGRzi_5SN_-362Y8sF-C1TRn60_6rd3z2dIajf9EAPyQ_NmIeAMkacmaJPXipqvP7PLU4t72wyqBeJfjmjdE=" }, "success": true } ``` ## Domain Types ### Audit List Response - `class AuditListResponse: …` - `id: Optional[str]` A unique identifier for the audit log entry. - `account: Optional[Account]` Contains account related information. - `id: Optional[str]` A unique identifier for the account. - `name: Optional[str]` A string that identifies the account name. - `action: Optional[Action]` Provides information about the action performed. - `description: Optional[str]` A short description of the action performed. - `result: Optional[str]` The result of the action, indicating success or failure. - `time: Optional[datetime]` A timestamp indicating when the action was logged. - `type: Optional[str]` A short string that describes the action that was performed. - `actor: Optional[Actor]` Provides details about the actor who performed the action. - `id: Optional[str]` The ID of the actor who performed the action. If a user performed the action, this will be their User ID. - `context: Optional[Literal["api_key", "api_token", "dash", 2 more]]` - `"api_key"` - `"api_token"` - `"dash"` - `"oauth"` - `"origin_ca_key"` - `email: Optional[str]` The email of the actor who performed the action. - `ip_address: Optional[str]` The IP address of the request that performed the action. - `token_id: Optional[str]` The API token ID when the actor context is an api_token or oauth. - `token_name: Optional[str]` The API token name when the actor context is an api_token or oauth. - `type: Optional[Literal["account", "cloudflare_admin", "system", "user"]]` The type of actor. - `"account"` - `"cloudflare_admin"` - `"system"` - `"user"` - `raw: Optional[Raw]` Provides raw information about the request and response. - `cf_rayid: Optional[str]` The Cloudflare Ray ID for the request. - `method: Optional[str]` The HTTP method of the request. - `status_code: Optional[int]` The HTTP response status code returned by the API. - `uri: Optional[str]` The URI of the request. - `user_agent: Optional[str]` The client's user agent string sent with the request. - `resource: Optional[Resource]` Provides details about the affected resource. - `id: Optional[str]` The unique identifier for the affected resource. - `product: Optional[str]` The Cloudflare product associated with the resource. - `request: Optional[object]` - `response: Optional[object]` - `scope: Optional[object]` The scope of the resource. - `type: Optional[str]` The type of the resource. - `zone: Optional[Zone]` Provides details about the zone affected by the action. - `id: Optional[str]` A string that identifies the zone id. - `name: Optional[str]` A string that identifies the zone name.