## Create a token validation rule `token_validation.rules.create(RuleCreateParams**kwargs) -> TokenValidationRule` **post** `/zones/{zone_id}/token_validation/rules` Create a token validation rule. ### Parameters - `zone_id: str` Identifier. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[Iterable[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[SequenceNotStr[str]]` Excluded operation IDs. - `include: Optional[Iterable[SelectorInclude]]` Select all matching operations. - `host: Optional[SequenceNotStr[str]]` Included hostnames. - `title: str` A human-readable name for the rule. ### Returns - `class TokenValidationRule: …` A Token Validation rule that can enforce security policies using JWT Tokens. - `action: Literal["log", "block"]` Action to take on requests that match operations included in `selector` and fail `expression`. - `"log"` - `"block"` - `description: str` A human-readable description that gives more details than `title`. - `enabled: bool` Toggle rule on or off. - `expression: str` Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `selector: Selector` Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/). - `exclude: Optional[List[SelectorExclude]]` Ignore operations that were otherwise included by `include`. - `operation_ids: Optional[List[str]]` Excluded operation IDs. - `include: Optional[List[SelectorInclude]]` Select all matching operations. - `host: Optional[List[str]]` Included hostnames. - `title: str` A human-readable name for the rule. - `id: Optional[str]` UUID. - `created_at: Optional[datetime]` - `last_updated: Optional[datetime]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) token_validation_rule = client.token_validation.rules.create( zone_id="023e105f4ecef8ad9ca31a8372d0c353", action="log", description="Long description for Token Validation Rule", enabled=True, expression="is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", selector={}, title="Example Token Validation Rule", ) print(token_validation_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "action": "log", "description": "Long description for Token Validation Rule", "enabled": true, "expression": "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")", "selector": { "exclude": [ { "operation_ids": [ "f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04" ] } ], "include": [ { "host": [ "v1.example.com", "v2.example.com" ] } ] }, "title": "Example Token Validation Rule", "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created_at": "2014-01-01T05:20:00.12345Z", "last_updated": "2014-01-01T05:20:00.12345Z" }, "success": true } ```