Token Validation

Token ValidationConfiguration

List token validation configurations

token_validation.configuration.list() -> SyncV4PagePaginationArray[TokenConfig]

GET/zones/{zone_id}/token_validation/config

Get a single Token Configuration

token_validation.configuration.get(, ) -> TokenConfig

GET/zones/{zone_id}/token_validation/config/{config_id}

Create a new Token Validation configuration

token_validation.configuration.create() -> TokenConfig

POST/zones/{zone_id}/token_validation/config

Edit an existing Token Configuration

token_validation.configuration.edit(, ) -> ConfigurationEditResponse

PATCH/zones/{zone_id}/token_validation/config/{config_id}

Delete Token Configuration

token_validation.configuration.delete(, ) -> ConfigurationDeleteResponse

DELETE/zones/{zone_id}/token_validation/config/{config_id}

ModelsExpand Collapse

class TokenConfig: …

id: str

UUID.

maxLength36

minLength36

created_at: datetime

formatdate-time

credentials: Credentials

keys: List[CredentialsKey]

One of the following:

class CredentialsKeyAPIShieldCredentialsJWTKeyRSA: …

JSON representation of an RSA key.

alg: Literal["RS256", "RS384", "RS512", 3 more]

Algorithm

One of the following:

"RS256"

"RS384"

"RS512"

"PS256"

"PS384"

"PS512"

e: str

RSA exponent

kid: str

Key ID

kty: Literal["RSA"]

Key Type

n: str

RSA modulus

class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs256: …

JSON representation of an ES256 key

alg: Literal["ES256"]

Algorithm

crv: Literal["P-256"]

Curve

kid: str

Key ID

kty: Literal["EC"]

Key Type

x: str

X EC coordinate

y: str

Y EC coordinate

class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs384: …

JSON representation of an ES384 key

alg: Literal["ES384"]

Algorithm

crv: Literal["P-384"]

Curve

kid: str

Key ID

kty: Literal["EC"]

Key Type

x: str

X EC coordinate

y: str

Y EC coordinate

description: str

maxLength500

last_updated: datetime

formatdate-time

title: str

maxLength50

token_sources: List[str]

token_type: Literal["JWT"]

class ConfigurationEditResponse: …

id: Optional[str]

UUID.

maxLength36

minLength36

description: Optional[str]

maxLength500

title: Optional[str]

maxLength50

token_sources: Optional[List[str]]

class ConfigurationDeleteResponse: …

id: Optional[str]

UUID.

maxLength36

minLength36

Token ValidationConfigurationCredentials

Update Token Configuration credentials

token_validation.configuration.credentials.update(, ) -> CredentialUpdateResponse

PUT/zones/{zone_id}/token_validation/config/{config_id}/credentials

ModelsExpand Collapse

class CredentialUpdateResponse: …

errors: Message

keys: List[Key]

One of the following:

class KeyAPIShieldCredentialsJWTKeyRSA: …

JSON representation of an RSA key.

alg: Literal["RS256", "RS384", "RS512", 3 more]

Algorithm

One of the following:

"RS256"

"RS384"

"RS512"

"PS256"

"PS384"

"PS512"

e: str

RSA exponent

kid: str

Key ID

kty: Literal["RSA"]

Key Type

n: str

RSA modulus

class KeyAPIShieldCredentialsJWTKeyEcEs256: …

JSON representation of an ES256 key

alg: Literal["ES256"]

Algorithm

crv: Literal["P-256"]

Curve

kid: str

Key ID

kty: Literal["EC"]

Key Type

x: str

X EC coordinate

y: str

Y EC coordinate

class KeyAPIShieldCredentialsJWTKeyEcEs384: …

JSON representation of an ES384 key

alg: Literal["ES384"]

Algorithm

crv: Literal["P-384"]

Curve

kid: str

Key ID

kty: Literal["EC"]

Key Type

x: str

X EC coordinate

y: str

Y EC coordinate

messages: Message

success: Literal[true]

Whether the API call was successful.

Token ValidationRules

List token validation rules

token_validation.rules.list() -> SyncV4PagePaginationArray[TokenValidationRule]

GET/zones/{zone_id}/token_validation/rules

Create a token validation rule

token_validation.rules.create() -> TokenValidationRule

POST/zones/{zone_id}/token_validation/rules

Bulk create token validation rules

token_validation.rules.bulk_create() -> SyncSinglePage[TokenValidationRule]

POST/zones/{zone_id}/token_validation/rules/bulk

Bulk edit token validation rules

token_validation.rules.bulk_edit() -> SyncSinglePage[TokenValidationRule]

PATCH/zones/{zone_id}/token_validation/rules/bulk

Get a zone token validation rule

token_validation.rules.get(, ) -> TokenValidationRule

GET/zones/{zone_id}/token_validation/rules/{rule_id}

Delete a zone token validation rule

token_validation.rules.delete(, ) -> object

DELETE/zones/{zone_id}/token_validation/rules/{rule_id}

Edit a zone token validation rule

token_validation.rules.edit(, ) -> TokenValidationRule

PATCH/zones/{zone_id}/token_validation/rules/{rule_id}

ModelsExpand Collapse

class TokenValidationRule: …

A Token Validation rule that can enforce security policies using JWT Tokens.

action: Literal["log", "block"]

Action to take on requests that match operations included in selector and fail expression.

One of the following:

"log"

"block"

description: str

A human-readable description that gives more details than title.

maxLength500

enabled: bool

Toggle rule on or off.

expression: str

Rule expression. Requests that fail to match this expression will be subject to action.

For details on expressions, see the Cloudflare Docs.

selector: Selector

Select operations covered by this rule.

For details on selectors, see the Cloudflare Docs.

exclude: Optional[List[SelectorExclude]]

Ignore operations that were otherwise included by include.

operation_ids: Optional[List[str]]

Excluded operation IDs.

include: Optional[List[SelectorInclude]]

Select all matching operations.

host: Optional[List[str]]

Included hostnames.

title: str

A human-readable name for the rule.

maxLength50

id: Optional[str]

UUID.

maxLength36

minLength36

created_at: Optional[datetime]

formatdate-time

last_updated: Optional[datetime]

formatdate-time