# Token Validation # Configuration ## List token validation configurations `token_validation.configuration.list(ConfigurationListParams**kwargs) -> SyncV4PagePaginationArray[TokenConfig]` **get** `/zones/{zone_id}/token_validation/config` Lists all token validation configurations for this zone ### Parameters - `zone_id: str` Identifier. - `page: Optional[int]` Page number of paginated results. - `per_page: Optional[int]` Maximum number of results per page. ### Returns - `class TokenConfig: …` - `id: str` UUID. - `created_at: datetime` - `credentials: Credentials` - `keys: List[CredentialsKey]` - `class CredentialsKeyAPIShieldCredentialsJWTKeyRSA: …` JSON representation of an RSA key. - `alg: Literal["RS256", "RS384", "RS512", 3 more]` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: str` RSA exponent - `kid: str` Key ID - `kty: Literal["RSA"]` Key Type - `"RSA"` - `n: str` RSA modulus - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs256: …` JSON representation of an ES256 key - `alg: Literal["ES256"]` Algorithm - `"ES256"` - `crv: Literal["P-256"]` Curve - `"P-256"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs384: …` JSON representation of an ES384 key - `alg: Literal["ES384"]` Algorithm - `"ES384"` - `crv: Literal["P-384"]` Curve - `"P-384"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `description: str` - `last_updated: datetime` - `title: str` - `token_sources: List[str]` - `token_type: Literal["JWT"]` - `"JWT"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.token_validation.configuration.list( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "credentials": { "keys": [ { "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY" } ] }, "description": "Long description for Token Validation Configuration", "last_updated": "2014-01-01T05:20:00.12345Z", "title": "Example Token Validation Configuration", "token_sources": [ "http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]" ], "token_type": "JWT" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get a single Token Configuration `token_validation.configuration.get(strconfig_id, ConfigurationGetParams**kwargs) -> TokenConfig` **get** `/zones/{zone_id}/token_validation/config/{config_id}` Get a single Token Configuration ### Parameters - `zone_id: str` Identifier. - `config_id: str` UUID. ### Returns - `class TokenConfig: …` - `id: str` UUID. - `created_at: datetime` - `credentials: Credentials` - `keys: List[CredentialsKey]` - `class CredentialsKeyAPIShieldCredentialsJWTKeyRSA: …` JSON representation of an RSA key. - `alg: Literal["RS256", "RS384", "RS512", 3 more]` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: str` RSA exponent - `kid: str` Key ID - `kty: Literal["RSA"]` Key Type - `"RSA"` - `n: str` RSA modulus - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs256: …` JSON representation of an ES256 key - `alg: Literal["ES256"]` Algorithm - `"ES256"` - `crv: Literal["P-256"]` Curve - `"P-256"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs384: …` JSON representation of an ES384 key - `alg: Literal["ES384"]` Algorithm - `"ES384"` - `crv: Literal["P-384"]` Curve - `"P-384"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `description: str` - `last_updated: datetime` - `title: str` - `token_sources: List[str]` - `token_type: Literal["JWT"]` - `"JWT"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token_config = client.token_validation.configuration.get( config_id="4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(token_config.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "credentials": { "keys": [ { "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY" } ] }, "description": "Long description for Token Validation Configuration", "last_updated": "2014-01-01T05:20:00.12345Z", "title": "Example Token Validation Configuration", "token_sources": [ "http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]" ], "token_type": "JWT" }, "success": true } ``` ## Create a new Token Validation configuration `token_validation.configuration.create(ConfigurationCreateParams**kwargs) -> TokenConfig` **post** `/zones/{zone_id}/token_validation/config` Create a new Token Validation configuration ### Parameters - `zone_id: str` Identifier. - `credentials: Credentials` - `keys: Iterable[CredentialsKey]` - `class CredentialsKeyAPIShieldCredentialsJWTKeyRSA: …` JSON representation of an RSA key. - `alg: Literal["RS256", "RS384", "RS512", 3 more]` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: str` RSA exponent - `kid: str` Key ID - `kty: Literal["RSA"]` Key Type - `"RSA"` - `n: str` RSA modulus - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs256: …` JSON representation of an ES256 key - `alg: Literal["ES256"]` Algorithm - `"ES256"` - `crv: Literal["P-256"]` Curve - `"P-256"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs384: …` JSON representation of an ES384 key - `alg: Literal["ES384"]` Algorithm - `"ES384"` - `crv: Literal["P-384"]` Curve - `"P-384"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `description: str` - `title: str` - `token_sources: SequenceNotStr[str]` - `token_type: Literal["JWT"]` - `"JWT"` ### Returns - `class TokenConfig: …` - `id: str` UUID. - `created_at: datetime` - `credentials: Credentials` - `keys: List[CredentialsKey]` - `class CredentialsKeyAPIShieldCredentialsJWTKeyRSA: …` JSON representation of an RSA key. - `alg: Literal["RS256", "RS384", "RS512", 3 more]` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: str` RSA exponent - `kid: str` Key ID - `kty: Literal["RSA"]` Key Type - `"RSA"` - `n: str` RSA modulus - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs256: …` JSON representation of an ES256 key - `alg: Literal["ES256"]` Algorithm - `"ES256"` - `crv: Literal["P-256"]` Curve - `"P-256"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs384: …` JSON representation of an ES384 key - `alg: Literal["ES384"]` Algorithm - `"ES384"` - `crv: Literal["P-384"]` Curve - `"P-384"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `description: str` - `last_updated: datetime` - `title: str` - `token_sources: List[str]` - `token_type: Literal["JWT"]` - `"JWT"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token_config = client.token_validation.configuration.create( zone_id="023e105f4ecef8ad9ca31a8372d0c353", credentials={ "keys": [{ "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY", }] }, description="Long description for Token Validation Configuration", title="Example Token Validation Configuration", token_sources=["http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]"], token_type="JWT", ) print(token_config.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "credentials": { "keys": [ { "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY" } ] }, "description": "Long description for Token Validation Configuration", "last_updated": "2014-01-01T05:20:00.12345Z", "title": "Example Token Validation Configuration", "token_sources": [ "http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]" ], "token_type": "JWT" }, "success": true } ``` ## Edit an existing Token Configuration `token_validation.configuration.edit(strconfig_id, ConfigurationEditParams**kwargs) -> ConfigurationEditResponse` **patch** `/zones/{zone_id}/token_validation/config/{config_id}` Edit fields of an existing Token Configuration ### Parameters - `zone_id: str` Identifier. - `config_id: str` UUID. - `description: Optional[str]` - `title: Optional[str]` - `token_sources: Optional[SequenceNotStr[str]]` ### Returns - `class ConfigurationEditResponse: …` - `id: Optional[str]` UUID. - `description: Optional[str]` - `title: Optional[str]` - `token_sources: Optional[List[str]]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.token_validation.configuration.edit( config_id="4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "Long description for Token Validation Configuration", "title": "Example Token Validation Configuration", "token_sources": [ "http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]" ] }, "success": true } ``` ## Delete Token Configuration `token_validation.configuration.delete(strconfig_id, ConfigurationDeleteParams**kwargs) -> ConfigurationDeleteResponse` **delete** `/zones/{zone_id}/token_validation/config/{config_id}` Delete Token Configuration ### Parameters - `zone_id: str` Identifier. - `config_id: str` UUID. ### Returns - `class ConfigurationDeleteResponse: …` - `id: Optional[str]` UUID. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) configuration = client.token_validation.configuration.delete( config_id="4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(configuration.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### Token Config - `class TokenConfig: …` - `id: str` UUID. - `created_at: datetime` - `credentials: Credentials` - `keys: List[CredentialsKey]` - `class CredentialsKeyAPIShieldCredentialsJWTKeyRSA: …` JSON representation of an RSA key. - `alg: Literal["RS256", "RS384", "RS512", 3 more]` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: str` RSA exponent - `kid: str` Key ID - `kty: Literal["RSA"]` Key Type - `"RSA"` - `n: str` RSA modulus - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs256: …` JSON representation of an ES256 key - `alg: Literal["ES256"]` Algorithm - `"ES256"` - `crv: Literal["P-256"]` Curve - `"P-256"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `class CredentialsKeyAPIShieldCredentialsJWTKeyEcEs384: …` JSON representation of an ES384 key - `alg: Literal["ES384"]` Algorithm - `"ES384"` - `crv: Literal["P-384"]` Curve - `"P-384"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `description: str` - `last_updated: datetime` - `title: str` - `token_sources: List[str]` - `token_type: Literal["JWT"]` - `"JWT"` ### Configuration Edit Response - `class ConfigurationEditResponse: …` - `id: Optional[str]` UUID. - `description: Optional[str]` - `title: Optional[str]` - `token_sources: Optional[List[str]]` ### Configuration Delete Response - `class ConfigurationDeleteResponse: …` - `id: Optional[str]` UUID. # Credentials ## Update Token Configuration credentials `token_validation.configuration.credentials.update(strconfig_id, CredentialUpdateParams**kwargs) -> CredentialUpdateResponse` **put** `/zones/{zone_id}/token_validation/config/{config_id}/credentials` Update Token Configuration credentials ### Parameters - `zone_id: str` Identifier. - `config_id: str` UUID. - `keys: Iterable[Key]` - `class KeyAPIShieldCredentialsJWTKeyRSA: …` JSON representation of an RSA key. - `alg: Literal["RS256", "RS384", "RS512", 3 more]` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: str` RSA exponent - `kid: str` Key ID - `kty: Literal["RSA"]` Key Type - `"RSA"` - `n: str` RSA modulus - `class KeyAPIShieldCredentialsJWTKeyEcEs256: …` JSON representation of an ES256 key - `alg: Literal["ES256"]` Algorithm - `"ES256"` - `crv: Literal["P-256"]` Curve - `"P-256"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `class KeyAPIShieldCredentialsJWTKeyEcEs384: …` JSON representation of an ES384 key - `alg: Literal["ES384"]` Algorithm - `"ES384"` - `crv: Literal["P-384"]` Curve - `"P-384"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate ### Returns - `class CredentialUpdateResponse: …` - `errors: Message` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageItemSource]` - `pointer: Optional[str]` - `keys: List[Key]` - `class KeyAPIShieldCredentialsJWTKeyRSA: …` JSON representation of an RSA key. - `alg: Literal["RS256", "RS384", "RS512", 3 more]` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: str` RSA exponent - `kid: str` Key ID - `kty: Literal["RSA"]` Key Type - `"RSA"` - `n: str` RSA modulus - `class KeyAPIShieldCredentialsJWTKeyEcEs256: …` JSON representation of an ES256 key - `alg: Literal["ES256"]` Algorithm - `"ES256"` - `crv: Literal["P-256"]` Curve - `"P-256"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `class KeyAPIShieldCredentialsJWTKeyEcEs384: …` JSON representation of an ES384 key - `alg: Literal["ES384"]` Algorithm - `"ES384"` - `crv: Literal["P-384"]` Curve - `"P-384"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `messages: Message` - `success: Literal[true]` Whether the API call was successful. - `true` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) credential = client.token_validation.configuration.credentials.update( config_id="4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", zone_id="023e105f4ecef8ad9ca31a8372d0c353", keys=[{ "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY", }], ) print(credential.errors) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "keys": [ { "alg": "ES256", "crv": "P-256", "kid": "38013f13-c266-4eec-a72a-92ec92779f21", "kty": "EC", "x": "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ", "y": "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY" } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### Credential Update Response - `class CredentialUpdateResponse: …` - `errors: Message` - `code: int` - `message: str` - `documentation_url: Optional[str]` - `source: Optional[MessageItemSource]` - `pointer: Optional[str]` - `keys: List[Key]` - `class KeyAPIShieldCredentialsJWTKeyRSA: …` JSON representation of an RSA key. - `alg: Literal["RS256", "RS384", "RS512", 3 more]` Algorithm - `"RS256"` - `"RS384"` - `"RS512"` - `"PS256"` - `"PS384"` - `"PS512"` - `e: str` RSA exponent - `kid: str` Key ID - `kty: Literal["RSA"]` Key Type - `"RSA"` - `n: str` RSA modulus - `class KeyAPIShieldCredentialsJWTKeyEcEs256: …` JSON representation of an ES256 key - `alg: Literal["ES256"]` Algorithm - `"ES256"` - `crv: Literal["P-256"]` Curve - `"P-256"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `class KeyAPIShieldCredentialsJWTKeyEcEs384: …` JSON representation of an ES384 key - `alg: Literal["ES384"]` Algorithm - `"ES384"` - `crv: Literal["P-384"]` Curve - `"P-384"` - `kid: str` Key ID - `kty: Literal["EC"]` Key Type - `"EC"` - `x: str` X EC coordinate - `y: str` Y EC coordinate - `messages: Message` - `success: Literal[true]` Whether the API call was successful. - `true` # Rules ## List token validation rules `token_validation.rules.list(RuleListParams**kwargs) -> SyncV4PagePaginationArray[TokenValidationRule]` **get** `/zones/{zone_id}/token_validation/rules` List token validation rules ### Parameters - `zone_id: str` Identifier. - `id: Optional[str]` Select rules with these IDs. - `action: Optional[Literal["log", "block"]]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `enabled: Optional[bool]` Toggle rule on or off. - `host: Optional[str]` Select rules with this host in `include`. - `hostname: Optional[str]` Select rules with this host in `include`. - `page: Optional[int]` Page number of paginated results. - `per_page: Optional[int]` Maximum number of results per page. - `rule_id: Optional[str]` Select rules with these IDs. - `token_configuration: Optional[SequenceNotStr[str]]` Select rules using any of these token configurations. ### Returns - `class TokenValidationRule: …` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[List[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[List[str]]` Excluded operation IDs. - `include: Optional[List[SelectorInclude]]` Select all matching operations. - `host: Optional[List[str]]` Included hostnames. - `title: str` A human-readable name for the rule. - `id: Optional[str]` UUID. - `created_at: Optional[datetime]` - `last_updated: Optional[datetime]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.token_validation.rules.list( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create a token validation rule `token_validation.rules.create(RuleCreateParams**kwargs) -> TokenValidationRule` **post** `/zones/{zone_id}/token_validation/rules` Create a token validation rule. ### Parameters - `zone_id: str` Identifier. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[Iterable[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[SequenceNotStr[str]]` Excluded operation IDs. - `include: Optional[Iterable[SelectorInclude]]` Select all matching operations. - `host: Optional[SequenceNotStr[str]]` Included hostnames. - `title: str` A human-readable name for the rule. ### Returns - `class TokenValidationRule: …` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[List[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[List[str]]` Excluded operation IDs. - `include: Optional[List[SelectorInclude]]` Select all matching operations. - `host: Optional[List[str]]` Included hostnames. - `title: str` A human-readable name for the rule. - `id: Optional[str]` UUID. - `created_at: Optional[datetime]` - `last_updated: Optional[datetime]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token_validation_rule = client.token_validation.rules.create( zone_id="023e105f4ecef8ad9ca31a8372d0c353", action="log", description="Long description for Token Validation Rule", enabled=True, expression="is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", selector={}, title="Example Token Validation Rule", ) print(token_validation_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Bulk create token validation rules `token_validation.rules.bulk_create(RuleBulkCreateParams**kwargs) -> SyncSinglePage[TokenValidationRule]` **post** `/zones/{zone_id}/token_validation/rules/bulk` Create zone token validation rules. A request can create multiple Token Validation Rules. ### Parameters - `zone_id: str` Identifier. - `body: Iterable[Body]` - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: BodySelector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[Iterable[BodySelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[SequenceNotStr[str]]` Excluded operation IDs. - `include: Optional[Iterable[BodySelectorInclude]]` Select all matching operations. - `host: Optional[SequenceNotStr[str]]` Included hostnames. - `title: str` A human-readable name for the rule. ### Returns - `class TokenValidationRule: …` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[List[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[List[str]]` Excluded operation IDs. - `include: Optional[List[SelectorInclude]]` Select all matching operations. - `host: Optional[List[str]]` Included hostnames. - `title: str` A human-readable name for the rule. - `id: Optional[str]` UUID. - `created_at: Optional[datetime]` - `last_updated: Optional[datetime]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.token_validation.rules.bulk_create( zone_id="023e105f4ecef8ad9ca31a8372d0c353", body=[{ "action": "log", "description": "Long description for Token Validation Rule", "enabled": True, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": {}, "title": "Example Token Validation Rule", }], ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Bulk edit token validation rules `token_validation.rules.bulk_edit(RuleBulkEditParams**kwargs) -> SyncSinglePage[TokenValidationRule]` **patch** `/zones/{zone_id}/token_validation/rules/bulk` Edit token validation rules. A request can update multiple Token Validation Rules. Rules can be re-ordered using the `position` field. Returns all updated rules. ### Parameters - `zone_id: str` Identifier. - `body: Iterable[Body]` - `id: str` Rule ID this patch applies to - `action: Optional[Literal["log", "block"]]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: Optional[str]` A human-readable description that gives more details than `title`. - `enabled: Optional[bool]` Toggle rule on or off. - `expression: Optional[str]` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `position: Optional[BodyPosition]` Update rule order among zone rules. - `class BodyPositionAPIShieldIndex: …` - `index: int` Move rule to this position - `class BodyPositionAPIShieldBefore: …` Move rule to after rule with ID. - `before: Optional[str]` Move rule to before rule with this ID. - `class BodyPositionAPIShieldAfter: …` Move rule to before rule with ID. - `after: Optional[str]` Move rule to after rule with this ID. - `selector: Optional[BodySelector]` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[Iterable[BodySelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[SequenceNotStr[str]]` Excluded operation IDs. - `include: Optional[Iterable[BodySelectorInclude]]` Select all matching operations. - `host: Optional[SequenceNotStr[str]]` Included hostnames. - `title: Optional[str]` A human-readable name for the rule. ### Returns - `class TokenValidationRule: …` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[List[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[List[str]]` Excluded operation IDs. - `include: Optional[List[SelectorInclude]]` Select all matching operations. - `host: Optional[List[str]]` Included hostnames. - `title: str` A human-readable name for the rule. - `id: Optional[str]` UUID. - `created_at: Optional[datetime]` - `last_updated: Optional[datetime]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.token_validation.rules.bulk_edit( zone_id="023e105f4ecef8ad9ca31a8372d0c353", body=[{ "id": "0d9bf70c-92e1-4bb3-9411-34a3bcc59003" }], ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Get a zone token validation rule `token_validation.rules.get(strrule_id, RuleGetParams**kwargs) -> TokenValidationRule` **get** `/zones/{zone_id}/token_validation/rules/{rule_id}` Get a zone token validation rule. ### Parameters - `zone_id: str` Identifier. - `rule_id: str` UUID. ### Returns - `class TokenValidationRule: …` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[List[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[List[str]]` Excluded operation IDs. - `include: Optional[List[SelectorInclude]]` Select all matching operations. - `host: Optional[List[str]]` Included hostnames. - `title: str` A human-readable name for the rule. - `id: Optional[str]` UUID. - `created_at: Optional[datetime]` - `last_updated: Optional[datetime]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token_validation_rule = client.token_validation.rules.get( rule_id="4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(token_validation_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Delete a zone token validation rule `token_validation.rules.delete(strrule_id, RuleDeleteParams**kwargs) -> object` **delete** `/zones/{zone_id}/token_validation/rules/{rule_id}` Delete a zone token validation rule. ### Parameters - `zone_id: str` Identifier. - `rule_id: str` UUID. ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) rule = client.token_validation.rules.delete( rule_id="4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(rule) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {} } ``` ## Edit a zone token validation rule `token_validation.rules.edit(strrule_id, RuleEditParams**kwargs) -> TokenValidationRule` **patch** `/zones/{zone_id}/token_validation/rules/{rule_id}` Edit a zone token validation rule. ### Parameters - `zone_id: str` Identifier. - `rule_id: str` UUID. - `action: Optional[Literal["log", "block"]]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: Optional[str]` A human-readable description that gives more details than `title`. - `enabled: Optional[bool]` Toggle rule on or off. - `expression: Optional[str]` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `position: Optional[Position]` Update rule order among zone rules. - `class PositionAPIShieldIndex: …` - `index: int` Move rule to this position - `class PositionAPIShieldBefore: …` Move rule to after rule with ID. - `before: Optional[str]` Move rule to before rule with this ID. - `class PositionAPIShieldAfter: …` Move rule to before rule with ID. - `after: Optional[str]` Move rule to after rule with this ID. - `selector: Optional[Selector]` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[Iterable[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[SequenceNotStr[str]]` Excluded operation IDs. - `include: Optional[Iterable[SelectorInclude]]` Select all matching operations. - `host: Optional[SequenceNotStr[str]]` Included hostnames. - `title: Optional[str]` A human-readable name for the rule. ### Returns - `class TokenValidationRule: …` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[List[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[List[str]]` Excluded operation IDs. - `include: Optional[List[SelectorInclude]]` Select all matching operations. - `host: Optional[List[str]]` Included hostnames. - `title: str` A human-readable name for the rule. - `id: Optional[str]` UUID. - `created_at: Optional[datetime]` - `last_updated: Optional[datetime]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token_validation_rule = client.token_validation.rules.edit( rule_id="4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(token_validation_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ``` ## Domain Types ### Token Validation Rule - `class TokenValidationRule: …` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[List[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[List[str]]` Excluded operation IDs. - `include: Optional[List[SelectorInclude]]` Select all matching operations. - `host: Optional[List[str]]` Included hostnames. - `title: str` A human-readable name for the rule. - `id: Optional[str]` UUID. - `created_at: Optional[datetime]` - `last_updated: Optional[datetime]`