Skip to content
Cloudflare API
Start here
API Reference
Magic Transit
IPSEC Tunnels

Set Pre-Shared Keys (PSK) for IPsec tunnels

magic_transit.ipsec_tunnels.psk_set(IPSECTunnelPSKSetParams**kwargs) -> IPSECTunnelPSKSetResponse
POST/accounts/{account_id}/magic/ipsec_tunnels/psk

Sets Pre-Shared Keys for multiple IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes. After PSKs are applied, they are immediately persisted to Cloudflare’s edge and cannot be retrieved later. Store the PSKs in a safe place.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Magic WAN WriteMagic Transit Write
ParametersExpand Collapse
account_id: str

Identifier

maxLength32
psks: Iterable[PSK]

List of tunnel ID and PSK pairs.

id: str

The ID of the IPsec tunnel.

maxLength32
psk: str

A randomly generated or provided string for use in the IPsec tunnel.

validate_only: Optional[bool]

If true, only run validation without persisting changes.

ReturnsExpand Collapse
class IPSECTunnelPSKSetResponse:
successfully_applied_psks: Optional[Dict[str, SuccessfullyAppliedPSKs]]

Map of tunnel IDs to successfully applied PSK details.

ipsec_id: str

The IKE identifier used for this tunnel on the Cloudflare edge.

ipsec_tunnel_id: str

Identifier

maxLength32
psk: str

A randomly generated or provided string for use in the IPsec tunnel.

psk_metadata: PSKMetadata

The PSK metadata that includes when the PSK was generated.

last_generated_on: Optional[datetime]

The date and time the tunnel was last modified.

formatdate-time
unapplied_psks: Optional[Dict[str, str]]

Map of tunnel IDs to failure reasons for PSKs that could not be applied.

Set Pre-Shared Keys (PSK) for IPsec tunnels

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
response = client.magic_transit.ipsec_tunnels.psk_set(
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
    psks=[{
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "psk": "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
    }],
)
print(response.successfully_applied_psks)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "successfully_applied_psks": {
      "foo": {
        "ipsec_id": "12345_abc123def4567890abcdef1234567890",
        "ipsec_tunnel_id": "023e105f4ecef8ad9ca31a8372d0c353",
        "psk": "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
        "psk_metadata": {
          "last_generated_on": "2017-06-14T05:20:00Z"
        }
      }
    },
    "unapplied_psks": {
      "foo": "string"
    }
  },
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "successfully_applied_psks": {
      "foo": {
        "ipsec_id": "12345_abc123def4567890abcdef1234567890",
        "ipsec_tunnel_id": "023e105f4ecef8ad9ca31a8372d0c353",
        "psk": "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
        "psk_metadata": {
          "last_generated_on": "2017-06-14T05:20:00Z"
        }
      }
    },
    "unapplied_psks": {
      "foo": "string"
    }
  },
  "success": true
}