# Hostnames

## Get the Hostname Status for Client Authentication

`origin_tls_client_auth.hostnames.get(strhostname, HostnameGetParams**kwargs)  -> AuthenticatedOriginPull`

**get** `/zones/{zone_id}/origin_tls_client_auth/hostnames/{hostname}`

Retrieves the client certificate authentication status for a specific hostname, showing whether authenticated origin pulls are enabled.

### Parameters

- `zone_id: str`

  Identifier.

- `hostname: str`

  The hostname on the origin for which the client certificate uploaded will be used.

### Returns

- `class AuthenticatedOriginPull: …`

  - `cert_id: Optional[str]`

    Identifier.

  - `cert_status: Optional[Literal["initializing", "pending_deployment", "pending_deletion", 4 more]]`

    Status of the certificate or the association.

    - `"initializing"`

    - `"pending_deployment"`

    - `"pending_deletion"`

    - `"active"`

    - `"deleted"`

    - `"deployment_timed_out"`

    - `"deletion_timed_out"`

  - `cert_updated_at: Optional[datetime]`

    The time when the certificate was updated.

  - `cert_uploaded_on: Optional[datetime]`

    The time when the certificate was uploaded.

  - `certificate: Optional[str]`

    The hostname certificate.

  - `created_at: Optional[datetime]`

    The time when the certificate was created.

  - `enabled: Optional[bool]`

    Indicates whether hostname-level authenticated origin pulls is enabled. A null value voids the association.

  - `expires_on: Optional[datetime]`

    The date when the certificate expires.

  - `hostname: Optional[str]`

    The hostname on the origin for which the client certificate uploaded will be used.

  - `issuer: Optional[str]`

    The certificate authority that issued the certificate.

  - `serial_number: Optional[str]`

    The serial number on the uploaded certificate.

  - `signature: Optional[str]`

    The type of hash used for the certificate.

  - `status: Optional[Literal["initializing", "pending_deployment", "pending_deletion", 4 more]]`

    Status of the certificate or the association.

    - `"initializing"`

    - `"pending_deployment"`

    - `"pending_deletion"`

    - `"active"`

    - `"deleted"`

    - `"deployment_timed_out"`

    - `"deletion_timed_out"`

  - `updated_at: Optional[datetime]`

    The time when the certificate was updated.

### Example

```python
import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
authenticated_origin_pull = client.origin_tls_client_auth.hostnames.get(
    hostname="app.example.com",
    zone_id="023e105f4ecef8ad9ca31a8372d0c353",
)
print(authenticated_origin_pull.cert_id)
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "cert_id": "023e105f4ecef8ad9ca31a8372d0c353",
    "cert_status": "active",
    "cert_updated_at": "2100-01-01T05:20:00Z",
    "cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
    "created_at": "2100-01-01T05:20:00Z",
    "enabled": true,
    "expires_on": "2100-01-01T05:20:00Z",
    "hostname": "app.example.com",
    "issuer": "GlobalSign",
    "serial_number": "6743787633689793699141714808227354901",
    "signature": "SHA256WithRSA",
    "status": "active",
    "updated_at": "2100-01-01T05:20:00Z"
  }
}
```

## Enable or Disable a Hostname for Client Authentication

`origin_tls_client_auth.hostnames.update(HostnameUpdateParams**kwargs)  -> SyncSinglePage[HostnameUpdateResponse]`

**put** `/zones/{zone_id}/origin_tls_client_auth/hostnames`

Associate a hostname to a certificate and enable, disable or invalidate the association. If disabled, client certificate will not be sent to the hostname even if activated at the zone level. 100 maximum associations on a single certificate are allowed. Note: Use a null value for parameter *enabled* to invalidate the association.

### Parameters

- `zone_id: str`

  Identifier.

- `config: Iterable[Config]`

  - `cert_id: Optional[str]`

    Certificate identifier tag.

  - `enabled: Optional[bool]`

    Indicates whether hostname-level authenticated origin pulls is enabled. A null value voids the association.

  - `hostname: Optional[str]`

    The hostname on the origin for which the client certificate uploaded will be used.

### Returns

- `class HostnameUpdateResponse: …`

  - `id: Optional[str]`

    Identifier.

  - `cert_id: Optional[str]`

    Identifier.

  - `certificate: Optional[str]`

    The hostname certificate.

  - `enabled: Optional[bool]`

    Indicates whether hostname-level authenticated origin pulls is enabled. A null value voids the association.

  - `hostname: Optional[str]`

    The hostname on the origin for which the client certificate uploaded will be used.

  - `private_key: Optional[str]`

    The hostname certificate's private key.

### Example

```python
import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
page = client.origin_tls_client_auth.hostnames.update(
    zone_id="023e105f4ecef8ad9ca31a8372d0c353",
    config=[{}],
)
page = page.result[0]
print(page)
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "cert_id": "023e105f4ecef8ad9ca31a8372d0c353",
      "cert_status": "active",
      "cert_updated_at": "2100-01-01T05:20:00Z",
      "cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
      "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
      "created_at": "2100-01-01T05:20:00Z",
      "enabled": true,
      "expires_on": "2100-01-01T05:20:00Z",
      "hostname": "app.example.com",
      "issuer": "GlobalSign",
      "serial_number": "6743787633689793699141714808227354901",
      "signature": "SHA256WithRSA",
      "status": "active",
      "updated_at": "2100-01-01T05:20:00Z",
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n"
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000,
    "total_pages": 100
  }
}
```

## Domain Types

### Authenticated Origin Pull

- `class AuthenticatedOriginPull: …`

  - `cert_id: Optional[str]`

    Identifier.

  - `cert_status: Optional[Literal["initializing", "pending_deployment", "pending_deletion", 4 more]]`

    Status of the certificate or the association.

    - `"initializing"`

    - `"pending_deployment"`

    - `"pending_deletion"`

    - `"active"`

    - `"deleted"`

    - `"deployment_timed_out"`

    - `"deletion_timed_out"`

  - `cert_updated_at: Optional[datetime]`

    The time when the certificate was updated.

  - `cert_uploaded_on: Optional[datetime]`

    The time when the certificate was uploaded.

  - `certificate: Optional[str]`

    The hostname certificate.

  - `created_at: Optional[datetime]`

    The time when the certificate was created.

  - `enabled: Optional[bool]`

    Indicates whether hostname-level authenticated origin pulls is enabled. A null value voids the association.

  - `expires_on: Optional[datetime]`

    The date when the certificate expires.

  - `hostname: Optional[str]`

    The hostname on the origin for which the client certificate uploaded will be used.

  - `issuer: Optional[str]`

    The certificate authority that issued the certificate.

  - `serial_number: Optional[str]`

    The serial number on the uploaded certificate.

  - `signature: Optional[str]`

    The type of hash used for the certificate.

  - `status: Optional[Literal["initializing", "pending_deployment", "pending_deletion", 4 more]]`

    Status of the certificate or the association.

    - `"initializing"`

    - `"pending_deployment"`

    - `"pending_deletion"`

    - `"active"`

    - `"deleted"`

    - `"deployment_timed_out"`

    - `"deletion_timed_out"`

  - `updated_at: Optional[datetime]`

    The time when the certificate was updated.

### Hostname Update Response

- `class HostnameUpdateResponse: …`

  - `id: Optional[str]`

    Identifier.

  - `cert_id: Optional[str]`

    Identifier.

  - `certificate: Optional[str]`

    The hostname certificate.

  - `enabled: Optional[bool]`

    Indicates whether hostname-level authenticated origin pulls is enabled. A null value voids the association.

  - `hostname: Optional[str]`

    The hostname on the origin for which the client certificate uploaded will be used.

  - `private_key: Optional[str]`

    The hostname certificate's private key.