Skip to content
Cloudflare API
Start here
API Reference
Zero Trust

Devices

List devices (deprecated)
Deprecated
zero_trust.devices.list(DeviceListParams**kwargs) -> SyncSinglePage[Device]
GET/accounts/{account_id}/devices
Get device (deprecated)
Deprecated
zero_trust.devices.get(strdevice_id, DeviceGetParams**kwargs) -> DeviceGetResponse
GET/accounts/{account_id}/devices/{device_id}
ModelsExpand Collapse
class Device:
id: Optional[str]

Registration ID. Equal to Device ID except for accounts which enabled multi-user mode.

maxLength36
created: Optional[datetime]

When the device was created.

formatdate-time
deleted: Optional[bool]

True if the device was deleted.

device_type: Optional[Literal["windows", "mac", "linux", 3 more]]
One of the following:
"windows"
"mac"
"linux"
"android"
"ios"
"chromeos"
ip: Optional[str]

IPv4 or IPv6 address.

key: Optional[str]

The device's public key.

last_seen: Optional[datetime]

When the device last connected to Cloudflare services.

formatdate-time
mac_address: Optional[str]

The device mac address.

manufacturer: Optional[str]

The device manufacturer name.

model: Optional[str]

The device model name.

name: Optional[str]

The device name.

os_distro_name: Optional[str]

The Linux distro name.

os_distro_revision: Optional[str]

The Linux distro revision.

os_version: Optional[str]

The operating system version.

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

revoked_at: Optional[datetime]

When the device was revoked.

formatdate-time
serial_number: Optional[str]

The device serial number.

updated: Optional[datetime]

When the device was updated.

formatdate-time
user: Optional[User]
id: Optional[str]

UUID.

maxLength36
email: Optional[str]

The contact email address of the user.

maxLength90
name: Optional[str]

The enrolled device user's name.

version: Optional[str]

The WARP client version.

class DeviceGetResponse:
id: Optional[str]

Registration ID. Equal to Device ID except for accounts which enabled multi-user mode.

maxLength36
account: Optional[Account]
Deprecatedid: Optional[str]
Deprecatedaccount_type: Optional[str]
name: Optional[str]

The name of the enrolled account.

created: Optional[datetime]

When the device was created.

formatdate-time
deleted: Optional[bool]

True if the device was deleted.

device_type: Optional[str]
Deprecatedgateway_device_id: Optional[str]
ip: Optional[str]

IPv4 or IPv6 address.

key: Optional[str]

The device's public key.

key_type: Optional[str]

Type of the key.

last_seen: Optional[datetime]

When the device last connected to Cloudflare services.

formatdate-time
mac_address: Optional[str]

The device mac address.

model: Optional[str]

The device model name.

name: Optional[str]

The device name.

os_version: Optional[str]

The operating system version.

serial_number: Optional[str]

The device serial number.

tunnel_type: Optional[str]

Type of the tunnel connection used.

updated: Optional[datetime]

When the device was updated.

formatdate-time
user: Optional[User]
id: Optional[str]

UUID.

maxLength36
email: Optional[str]

The contact email address of the user.

maxLength90
name: Optional[str]

The enrolled device user's name.

version: Optional[str]

The WARP client version.

DevicesDevices

List devices
zero_trust.devices.devices.list(DeviceListParams**kwargs) -> SyncCursorPagination[DeviceListResponse]
GET/accounts/{account_id}/devices/physical-devices
Get device
zero_trust.devices.devices.get(strdevice_id, DeviceGetParams**kwargs) -> DeviceGetResponse
GET/accounts/{account_id}/devices/physical-devices/{device_id}
Delete device
zero_trust.devices.devices.delete(strdevice_id, DeviceDeleteParams**kwargs) -> object
DELETE/accounts/{account_id}/devices/physical-devices/{device_id}
Revoke device registrations
zero_trust.devices.devices.revoke(strdevice_id, DeviceRevokeParams**kwargs) -> object
POST/accounts/{account_id}/devices/physical-devices/{device_id}/revoke
ModelsExpand Collapse
class DeviceListResponse:

A WARP Device.

id: str

The unique ID of the device.

active_registrations: int

The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted.

created_at: str

The RFC3339 timestamp when the device was created.

last_seen_at: Optional[str]

The RFC3339 timestamp when the device was last seen.

name: str

The name of the device.

updated_at: str

The RFC3339 timestamp when the device was last updated.

client_version: Optional[str]

Version of the WARP client.

deleted_at: Optional[str]

The RFC3339 timestamp when the device was deleted.

device_type: Optional[str]

The device operating system.

hardware_id: Optional[str]

A string that uniquely identifies the hardware or virtual machine (VM).

last_seen_registration: Optional[LastSeenRegistration]

The last seen registration for the device.

policy: Optional[LastSeenRegistrationPolicy]

A summary of the device profile evaluated for the registration.

id: str

The ID of the device settings profile.

default: bool

Whether the device settings profile is the default profile for the account.

deleted: bool

Whether the device settings profile was deleted.

name: str

The name of the device settings profile.

updated_at: str

The RFC3339 timestamp of when the device settings profile last changed for the registration.

last_seen_user: Optional[LastSeenUser]

The last user to use the WARP device.

id: Optional[str]

UUID.

maxLength36
email: Optional[str]

The contact email address of the user.

maxLength90
name: Optional[str]

The enrolled device user's name.

mac_address: Optional[str]

The device MAC address.

manufacturer: Optional[str]

The device manufacturer.

model: Optional[str]

The model name of the device.

os_version: Optional[str]

The device operating system version number.

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

serial_number: Optional[str]

The device serial number.

class DeviceGetResponse:

A WARP Device.

id: str

The unique ID of the device.

active_registrations: int

The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted.

created_at: str

The RFC3339 timestamp when the device was created.

last_seen_at: Optional[str]

The RFC3339 timestamp when the device was last seen.

name: str

The name of the device.

updated_at: str

The RFC3339 timestamp when the device was last updated.

client_version: Optional[str]

Version of the WARP client.

deleted_at: Optional[str]

The RFC3339 timestamp when the device was deleted.

device_type: Optional[str]

The device operating system.

hardware_id: Optional[str]

A string that uniquely identifies the hardware or virtual machine (VM).

last_seen_registration: Optional[LastSeenRegistration]

The last seen registration for the device.

policy: Optional[LastSeenRegistrationPolicy]

A summary of the device profile evaluated for the registration.

id: str

The ID of the device settings profile.

default: bool

Whether the device settings profile is the default profile for the account.

deleted: bool

Whether the device settings profile was deleted.

name: str

The name of the device settings profile.

updated_at: str

The RFC3339 timestamp of when the device settings profile last changed for the registration.

last_seen_user: Optional[LastSeenUser]

The last user to use the WARP device.

id: Optional[str]

UUID.

maxLength36
email: Optional[str]

The contact email address of the user.

maxLength90
name: Optional[str]

The enrolled device user's name.

mac_address: Optional[str]

The device MAC address.

manufacturer: Optional[str]

The device manufacturer.

model: Optional[str]

The model name of the device.

os_version: Optional[str]

The device operating system version number.

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

serial_number: Optional[str]

The device serial number.

DevicesResilience

DevicesResilienceGlobal WARP Override

Retrieve Global WARP override state
zero_trust.devices.resilience.global_warp_override.get(GlobalWARPOverrideGetParams**kwargs) -> GlobalWARPOverrideGetResponse
GET/accounts/{account_id}/devices/resilience/disconnect
Set Global WARP override state
zero_trust.devices.resilience.global_warp_override.create(GlobalWARPOverrideCreateParams**kwargs) -> GlobalWARPOverrideCreateResponse
POST/accounts/{account_id}/devices/resilience/disconnect
ModelsExpand Collapse
class GlobalWARPOverrideGetResponse:
disconnect: Optional[bool]

Disconnects all devices on the account using Global WARP override.

timestamp: Optional[datetime]

When the Global WARP override state was updated.

formatdate-time
class GlobalWARPOverrideCreateResponse:
disconnect: Optional[bool]

Disconnects all devices on the account using Global WARP override.

timestamp: Optional[datetime]

When the Global WARP override state was updated.

formatdate-time

DevicesRegistrations

List registrations
zero_trust.devices.registrations.list(RegistrationListParams**kwargs) -> SyncCursorPagination[RegistrationListResponse]
GET/accounts/{account_id}/devices/registrations
Get registration
zero_trust.devices.registrations.get(strregistration_id, RegistrationGetParams**kwargs) -> RegistrationGetResponse
GET/accounts/{account_id}/devices/registrations/{registration_id}
Delete registration
zero_trust.devices.registrations.delete(strregistration_id, RegistrationDeleteParams**kwargs) -> object
DELETE/accounts/{account_id}/devices/registrations/{registration_id}
Delete registrations
zero_trust.devices.registrations.bulk_delete(RegistrationBulkDeleteParams**kwargs) -> object
DELETE/accounts/{account_id}/devices/registrations
Revoke registrations
zero_trust.devices.registrations.revoke(RegistrationRevokeParams**kwargs) -> object
POST/accounts/{account_id}/devices/registrations/revoke
Unrevoke registrations
zero_trust.devices.registrations.unrevoke(RegistrationUnrevokeParams**kwargs) -> object
POST/accounts/{account_id}/devices/registrations/unrevoke
ModelsExpand Collapse
class RegistrationListResponse:

A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device.

id: str

The ID of the registration.

created_at: str

The RFC3339 timestamp when the registration was created.

device: Device

Device details embedded inside of a registration.

id: str

The ID of the device.

name: str

The name of the device.

client_version: Optional[str]

Version of the WARP client.

key: str

The public key used to connect to the Cloudflare network.

last_seen_at: str

The RFC3339 timestamp when the registration was last seen.

updated_at: str

The RFC3339 timestamp when the registration was last updated.

deleted_at: Optional[str]

The RFC3339 timestamp when the registration was deleted.

key_type: Optional[str]

The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE.

policy: Optional[Policy]

The device settings profile assigned to this registration.

id: str

The ID of the device settings profile.

default: bool

Whether the device settings profile is the default profile for the account.

deleted: bool

Whether the device settings profile was deleted.

name: str

The name of the device settings profile.

updated_at: str

The RFC3339 timestamp of when the device settings profile last changed for the registration.

revoked_at: Optional[str]

The RFC3339 timestamp when the registration was revoked.

tunnel_type: Optional[str]

Type of the tunnel - wireguard or masque.

user: Optional[User]
id: Optional[str]

UUID.

maxLength36
email: Optional[str]

The contact email address of the user.

maxLength90
name: Optional[str]

The enrolled device user's name.

class RegistrationGetResponse:

A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device.

id: str

The ID of the registration.

created_at: str

The RFC3339 timestamp when the registration was created.

device: Device

Device details embedded inside of a registration.

id: str

The ID of the device.

name: str

The name of the device.

client_version: Optional[str]

Version of the WARP client.

key: str

The public key used to connect to the Cloudflare network.

last_seen_at: str

The RFC3339 timestamp when the registration was last seen.

updated_at: str

The RFC3339 timestamp when the registration was last updated.

deleted_at: Optional[str]

The RFC3339 timestamp when the registration was deleted.

key_type: Optional[str]

The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE.

policy: Optional[Policy]

The device settings profile assigned to this registration.

id: str

The ID of the device settings profile.

default: bool

Whether the device settings profile is the default profile for the account.

deleted: bool

Whether the device settings profile was deleted.

name: str

The name of the device settings profile.

updated_at: str

The RFC3339 timestamp of when the device settings profile last changed for the registration.

revoked_at: Optional[str]

The RFC3339 timestamp when the registration was revoked.

tunnel_type: Optional[str]

Type of the tunnel - wireguard or masque.

user: Optional[User]
id: Optional[str]

UUID.

maxLength36
email: Optional[str]

The contact email address of the user.

maxLength90
name: Optional[str]

The enrolled device user's name.

DevicesDEX Tests

List Device DEX tests
zero_trust.devices.dex_tests.list(DEXTestListParams**kwargs) -> SyncV4PagePaginationArray[DEXTestListResponse]
GET/accounts/{account_id}/dex/devices/dex_tests
Get Device DEX test
zero_trust.devices.dex_tests.get(strdex_test_id, DEXTestGetParams**kwargs) -> DEXTestGetResponse
GET/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}
Create Device DEX test
zero_trust.devices.dex_tests.create(DEXTestCreateParams**kwargs) -> DEXTestCreateResponse
POST/accounts/{account_id}/dex/devices/dex_tests
Update Device DEX test
zero_trust.devices.dex_tests.update(strdex_test_id, DEXTestUpdateParams**kwargs) -> DEXTestUpdateResponse
PUT/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}
Delete Device DEX test
zero_trust.devices.dex_tests.delete(strdex_test_id, DEXTestDeleteParams**kwargs) -> DEXTestDeleteResponse
DELETE/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}
ModelsExpand Collapse
class SchemaData:

The configuration object which contains the details for the WARP client to conduct the test.

host: Optional[str]

The desired endpoint to test.

kind: Optional[str]

The type of test.

method: Optional[str]

The HTTP request method type.

class SchemaHTTP:
data: SchemaData

The configuration object which contains the details for the WARP client to conduct the test.

enabled: bool

Determines whether or not the test is active.

interval: str

How often the test will run.

name: str

The name of the DEX test. Must be unique.

description: Optional[str]

Additional details about the test.

target_policies: Optional[List[TargetPolicy]]

Device settings profiles targeted by this test.

id: Optional[str]

The id of the device settings profile.

default: Optional[bool]

Whether the profile is the account default.

name: Optional[str]

The name of the device settings profile.

targeted: Optional[bool]
test_id: Optional[str]

The unique identifier for the test.

maxLength32
class DEXTestListResponse:
data: Data

The configuration object which contains the details for the WARP client to conduct the test.

host: str

The desired endpoint to test.

kind: Literal["http", "traceroute"]

The type of test.

One of the following:
"http"
"traceroute"
method: Optional[Literal["GET"]]

The HTTP request method type.

enabled: bool

Determines whether or not the test is active.

interval: str

How often the test will run.

name: str

The name of the DEX test. Must be unique.

description: Optional[str]

Additional details about the test.

target_policies: Optional[List[TargetPolicy]]

DEX rules targeted by this test

id: str

API Resource UUID tag.

maxLength36
default: Optional[bool]

Whether the DEX rule is the account default

name: Optional[str]

The name of the DEX rule

targeted: Optional[bool]
test_id: Optional[str]

The unique identifier for the test.

maxLength32
class DEXTestGetResponse:
data: Data

The configuration object which contains the details for the WARP client to conduct the test.

host: str

The desired endpoint to test.

kind: Literal["http", "traceroute"]

The type of test.

One of the following:
"http"
"traceroute"
method: Optional[Literal["GET"]]

The HTTP request method type.

enabled: bool

Determines whether or not the test is active.

interval: str

How often the test will run.

name: str

The name of the DEX test. Must be unique.

description: Optional[str]

Additional details about the test.

target_policies: Optional[List[TargetPolicy]]

DEX rules targeted by this test

id: str

API Resource UUID tag.

maxLength36
default: Optional[bool]

Whether the DEX rule is the account default

name: Optional[str]

The name of the DEX rule

targeted: Optional[bool]
test_id: Optional[str]

The unique identifier for the test.

maxLength32
class DEXTestCreateResponse:
data: Data

The configuration object which contains the details for the WARP client to conduct the test.

host: str

The desired endpoint to test.

kind: Literal["http", "traceroute"]

The type of test.

One of the following:
"http"
"traceroute"
method: Optional[Literal["GET"]]

The HTTP request method type.

enabled: bool

Determines whether or not the test is active.

interval: str

How often the test will run.

name: str

The name of the DEX test. Must be unique.

description: Optional[str]

Additional details about the test.

target_policies: Optional[List[TargetPolicy]]

DEX rules targeted by this test

id: str

API Resource UUID tag.

maxLength36
default: Optional[bool]

Whether the DEX rule is the account default

name: Optional[str]

The name of the DEX rule

targeted: Optional[bool]
test_id: Optional[str]

The unique identifier for the test.

maxLength32
class DEXTestUpdateResponse:
data: Data

The configuration object which contains the details for the WARP client to conduct the test.

host: str

The desired endpoint to test.

kind: Literal["http", "traceroute"]

The type of test.

One of the following:
"http"
"traceroute"
method: Optional[Literal["GET"]]

The HTTP request method type.

enabled: bool

Determines whether or not the test is active.

interval: str

How often the test will run.

name: str

The name of the DEX test. Must be unique.

description: Optional[str]

Additional details about the test.

target_policies: Optional[List[TargetPolicy]]

DEX rules targeted by this test

id: str

API Resource UUID tag.

maxLength36
default: Optional[bool]

Whether the DEX rule is the account default

name: Optional[str]

The name of the DEX rule

targeted: Optional[bool]
test_id: Optional[str]

The unique identifier for the test.

maxLength32
class DEXTestDeleteResponse:
dex_tests: Optional[List[DEXTest]]
data: DEXTestData

The configuration object which contains the details for the WARP client to conduct the test.

host: str

The desired endpoint to test.

kind: Literal["http", "traceroute"]

The type of test.

One of the following:
"http"
"traceroute"
method: Optional[Literal["GET"]]

The HTTP request method type.

enabled: bool

Determines whether or not the test is active.

interval: str

How often the test will run.

name: str

The name of the DEX test. Must be unique.

description: Optional[str]

Additional details about the test.

target_policies: Optional[List[DEXTestTargetPolicy]]

DEX rules targeted by this test

id: str

API Resource UUID tag.

maxLength36
default: Optional[bool]

Whether the DEX rule is the account default

name: Optional[str]

The name of the DEX rule

targeted: Optional[bool]
test_id: Optional[str]

The unique identifier for the test.

maxLength32

DevicesIP Profiles

List IP profiles
zero_trust.devices.ip_profiles.list(IPProfileListParams**kwargs) -> SyncSinglePage[IPProfile]
GET/accounts/{account_id}/devices/ip-profiles
Get IP profile
zero_trust.devices.ip_profiles.get(strprofile_id, IPProfileGetParams**kwargs) -> IPProfile
GET/accounts/{account_id}/devices/ip-profiles/{profile_id}
Create IP profile
zero_trust.devices.ip_profiles.create(IPProfileCreateParams**kwargs) -> IPProfile
POST/accounts/{account_id}/devices/ip-profiles
Update IP profile
zero_trust.devices.ip_profiles.update(strprofile_id, IPProfileUpdateParams**kwargs) -> IPProfile
PATCH/accounts/{account_id}/devices/ip-profiles/{profile_id}
Delete IP profile
zero_trust.devices.ip_profiles.delete(strprofile_id, IPProfileDeleteParams**kwargs) -> IPProfileDeleteResponse
DELETE/accounts/{account_id}/devices/ip-profiles/{profile_id}
ModelsExpand Collapse
class IPProfile:
id: str

The ID of the Device IP profile.

created_at: str

The RFC3339Nano timestamp when the Device IP profile was created.

description: Optional[str]

An optional description of the Device IP profile.

enabled: bool

Whether the Device IP profile is enabled.

match: str

The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes".

maxLength10000
name: str

A user-friendly name for the Device IP profile.

precedence: int

The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field.

subnet_id: str

The ID of the Subnet.

updated_at: str

The RFC3339Nano timestamp when the Device IP profile was last updated.

class IPProfileDeleteResponse:
id: Optional[str]

ID of the deleted Device IP profile.

DevicesNetworks

List your device managed networks
zero_trust.devices.networks.list(NetworkListParams**kwargs) -> SyncSinglePage[DeviceNetwork]
GET/accounts/{account_id}/devices/networks
Get device managed network details
zero_trust.devices.networks.get(strnetwork_id, NetworkGetParams**kwargs) -> DeviceNetwork
GET/accounts/{account_id}/devices/networks/{network_id}
Create a device managed network
zero_trust.devices.networks.create(NetworkCreateParams**kwargs) -> DeviceNetwork
POST/accounts/{account_id}/devices/networks
Update a device managed network
zero_trust.devices.networks.update(strnetwork_id, NetworkUpdateParams**kwargs) -> DeviceNetwork
PUT/accounts/{account_id}/devices/networks/{network_id}
Delete a device managed network
zero_trust.devices.networks.delete(strnetwork_id, NetworkDeleteParams**kwargs) -> SyncSinglePage[DeviceNetwork]
DELETE/accounts/{account_id}/devices/networks/{network_id}
ModelsExpand Collapse
class DeviceNetwork:
config: Optional[Config]

The configuration object containing information for the WARP client to detect the managed network.

tls_sockaddr: str

A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host.

sha256: Optional[str]

The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate.

name: Optional[str]

The name of the device managed network. This name must be unique.

network_id: Optional[str]

API UUID.

maxLength36
type: Optional[Literal["tls"]]

The type of device managed network.

DevicesFleet Status

Get the live status of a latest device
zero_trust.devices.fleet_status.get(strdevice_id, FleetStatusGetParams**kwargs) -> FleetStatusGetResponse
GET/accounts/{account_id}/dex/devices/{device_id}/fleet-status/live
ModelsExpand Collapse
class FleetStatusGetResponse:
colo: str

Cloudflare colo

device_id: str

Device identifier (UUID v4)

mode: str

The mode under which the WARP client is run

platform: str

Operating system

status: str

Network status

timestamp: str

Timestamp in ISO format

version: str

WARP client version

always_on: Optional[bool]
battery_charging: Optional[bool]
battery_cycles: Optional[int]
formatint64
battery_pct: Optional[float]
formatfloat
connection_type: Optional[str]
cpu_pct: Optional[float]
formatfloat
cpu_pct_by_app: Optional[List[List[CPUPctByApp]]]
cpu_pct: Optional[float]
formatfloat
name: Optional[str]
device_ipv4: Optional[DeviceIPV4]
address: Optional[str]
asn: Optional[int]
aso: Optional[str]
location: Optional[DeviceIPV4Location]
city: Optional[str]
country_iso: Optional[str]
state_iso: Optional[str]
zip: Optional[str]
netmask: Optional[str]
version: Optional[str]
device_ipv6: Optional[DeviceIPV6]
address: Optional[str]
asn: Optional[int]
aso: Optional[str]
location: Optional[DeviceIPV6Location]
city: Optional[str]
country_iso: Optional[str]
state_iso: Optional[str]
zip: Optional[str]
netmask: Optional[str]
version: Optional[str]
device_name: Optional[str]

Device identifier (human readable)

disk_read_bps: Optional[int]
formatint64
disk_usage_pct: Optional[float]
formatfloat
disk_write_bps: Optional[int]
formatint64
doh_subdomain: Optional[str]
estimated_loss_pct: Optional[float]
formatfloat
firewall_enabled: Optional[bool]
gateway_ipv4: Optional[GatewayIPV4]
address: Optional[str]
asn: Optional[int]
aso: Optional[str]
location: Optional[GatewayIPV4Location]
city: Optional[str]
country_iso: Optional[str]
state_iso: Optional[str]
zip: Optional[str]
netmask: Optional[str]
version: Optional[str]
gateway_ipv6: Optional[GatewayIPV6]
address: Optional[str]
asn: Optional[int]
aso: Optional[str]
location: Optional[GatewayIPV6Location]
city: Optional[str]
country_iso: Optional[str]
state_iso: Optional[str]
zip: Optional[str]
netmask: Optional[str]
version: Optional[str]
handshake_latency_ms: Optional[float]
formatint64
isp_ipv4: Optional[ISPIPV4]
address: Optional[str]
asn: Optional[int]
aso: Optional[str]
location: Optional[ISPIPV4Location]
city: Optional[str]
country_iso: Optional[str]
state_iso: Optional[str]
zip: Optional[str]
netmask: Optional[str]
version: Optional[str]
isp_ipv6: Optional[ISPIPV6]
address: Optional[str]
asn: Optional[int]
aso: Optional[str]
location: Optional[ISPIPV6Location]
city: Optional[str]
country_iso: Optional[str]
state_iso: Optional[str]
zip: Optional[str]
netmask: Optional[str]
version: Optional[str]
metal: Optional[str]
network_rcvd_bps: Optional[int]
formatint64
network_sent_bps: Optional[int]
formatint64
network_ssid: Optional[str]
person_email: Optional[str]

User contact email address

ram_available_kb: Optional[int]
formatint64
ram_used_pct: Optional[float]
formatfloat
ram_used_pct_by_app: Optional[List[List[RamUsedPctByApp]]]
name: Optional[str]
ram_used_pct: Optional[float]
formatfloat
switch_locked: Optional[bool]
wifi_strength_dbm: Optional[int]
formatint64

DevicesPolicies

ModelsExpand Collapse
class DevicePolicyCertificates:
enabled: bool

The current status of the device policy certificate provisioning feature for WARP clients.

class FallbackDomain:
suffix: str

The domain suffix to match when resolving locally.

description: Optional[str]

A description of the fallback domain, displayed in the client UI.

maxLength100
dns_server: Optional[List[str]]

A list of IP addresses to handle domain resolution.

Optional[List[FallbackDomain]]
suffix: str

The domain suffix to match when resolving locally.

description: Optional[str]

A description of the fallback domain, displayed in the client UI.

maxLength100
dns_server: Optional[List[str]]

A list of IP addresses to handle domain resolution.

class SettingsPolicy:
allow_mode_switch: Optional[bool]

Whether to allow the user to switch WARP between modes.

allow_updates: Optional[bool]

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave: Optional[bool]

Whether to allow devices to leave the organization.

auto_connect: Optional[float]

The amount of time in seconds to reconnect after having been disabled.

captive_portal: Optional[float]

Turn on the captive portal after the specified amount of time.

default: Optional[bool]

Whether the policy is the default policy for an account.

description: Optional[str]

A description of the policy.

maxLength500
disable_auto_fallback: Optional[bool]

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled: Optional[bool]

Whether the policy will be applied to matching devices.

exclude: Optional[List[SplitTunnelExclude]]

List of routes excluded in the WARP client's tunnel.

One of the following:
class TeamsDevicesExcludeSplitTunnelWithAddress:
address: str

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesExcludeSplitTunnelWithHost:
host: str

The domain name to exclude from the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
exclude_office_ips: Optional[bool]

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains: Optional[List[FallbackDomain]]
suffix: str

The domain suffix to match when resolving locally.

description: Optional[str]

A description of the fallback domain, displayed in the client UI.

maxLength100
dns_server: Optional[List[str]]

A list of IP addresses to handle domain resolution.

gateway_unique_id: Optional[str]
include: Optional[List[SplitTunnelInclude]]

List of routes included in the WARP client's tunnel.

One of the following:
class TeamsDevicesIncludeSplitTunnelWithAddress:
address: str

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesIncludeSplitTunnelWithHost:
host: str

The domain name to include in the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
lan_allow_minutes: Optional[float]

The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.

lan_allow_subnet_size: Optional[float]

The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.

match: Optional[str]

The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version".

maxLength500
name: Optional[str]

The name of the device settings profile.

maxLength100
policy_id: Optional[str]
maxLength36
precedence: Optional[float]

The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.

register_interface_ip_with_dns: Optional[bool]

Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support: Optional[bool]

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2: Optional[ServiceModeV2]
mode: Optional[str]

The mode to run the WARP client under.

port: Optional[float]

The port number when used with proxy mode.

support_url: Optional[str]

The URL to launch when the Send Feedback button is clicked.

switch_locked: Optional[bool]

Whether to allow the user to turn off the WARP switch and disconnect the client.

target_tests: Optional[List[TargetTest]]
id: Optional[str]

The id of the DEX test targeting this policy.

name: Optional[str]

The name of the DEX test targeting this policy.

tunnel_protocol: Optional[str]

Determines which tunnel protocol to use.

One of the following:
class TeamsDevicesExcludeSplitTunnelWithAddress:
address: str

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesExcludeSplitTunnelWithHost:
host: str

The domain name to exclude from the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
One of the following:
class TeamsDevicesIncludeSplitTunnelWithAddress:
address: str

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesIncludeSplitTunnelWithHost:
host: str

The domain name to include in the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

DevicesPoliciesDefault

Get the default device settings profile
zero_trust.devices.policies.default.get(DefaultGetParams**kwargs) -> DefaultGetResponse
GET/accounts/{account_id}/devices/policy
Update the default device settings profile
zero_trust.devices.policies.default.edit(DefaultEditParams**kwargs) -> DefaultEditResponse
PATCH/accounts/{account_id}/devices/policy
ModelsExpand Collapse
class DefaultGetResponse:
allow_mode_switch: Optional[bool]

Whether to allow the user to switch WARP between modes.

allow_updates: Optional[bool]

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave: Optional[bool]

Whether to allow devices to leave the organization.

auto_connect: Optional[float]

The amount of time in seconds to reconnect after having been disabled.

captive_portal: Optional[float]

Turn on the captive portal after the specified amount of time.

default: Optional[bool]

Whether the policy will be applied to matching devices.

disable_auto_fallback: Optional[bool]

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled: Optional[bool]

Whether the policy will be applied to matching devices.

exclude: Optional[List[SplitTunnelExclude]]

List of routes excluded in the WARP client's tunnel.

One of the following:
class TeamsDevicesExcludeSplitTunnelWithAddress:
address: str

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesExcludeSplitTunnelWithHost:
host: str

The domain name to exclude from the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
exclude_office_ips: Optional[bool]

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains: Optional[List[FallbackDomain]]
suffix: str

The domain suffix to match when resolving locally.

description: Optional[str]

A description of the fallback domain, displayed in the client UI.

maxLength100
dns_server: Optional[List[str]]

A list of IP addresses to handle domain resolution.

gateway_unique_id: Optional[str]
include: Optional[List[SplitTunnelInclude]]

List of routes included in the WARP client's tunnel.

One of the following:
class TeamsDevicesIncludeSplitTunnelWithAddress:
address: str

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesIncludeSplitTunnelWithHost:
host: str

The domain name to include in the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
register_interface_ip_with_dns: Optional[bool]

Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support: Optional[bool]

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2: Optional[ServiceModeV2]
mode: Optional[str]

The mode to run the WARP client under.

port: Optional[float]

The port number when used with proxy mode.

support_url: Optional[str]

The URL to launch when the Send Feedback button is clicked.

switch_locked: Optional[bool]

Whether to allow the user to turn off the WARP switch and disconnect the client.

tunnel_protocol: Optional[str]

Determines which tunnel protocol to use.

class DefaultEditResponse:
allow_mode_switch: Optional[bool]

Whether to allow the user to switch WARP between modes.

allow_updates: Optional[bool]

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave: Optional[bool]

Whether to allow devices to leave the organization.

auto_connect: Optional[float]

The amount of time in seconds to reconnect after having been disabled.

captive_portal: Optional[float]

Turn on the captive portal after the specified amount of time.

default: Optional[bool]

Whether the policy will be applied to matching devices.

disable_auto_fallback: Optional[bool]

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled: Optional[bool]

Whether the policy will be applied to matching devices.

exclude: Optional[List[SplitTunnelExclude]]

List of routes excluded in the WARP client's tunnel.

One of the following:
class TeamsDevicesExcludeSplitTunnelWithAddress:
address: str

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesExcludeSplitTunnelWithHost:
host: str

The domain name to exclude from the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
exclude_office_ips: Optional[bool]

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains: Optional[List[FallbackDomain]]
suffix: str

The domain suffix to match when resolving locally.

description: Optional[str]

A description of the fallback domain, displayed in the client UI.

maxLength100
dns_server: Optional[List[str]]

A list of IP addresses to handle domain resolution.

gateway_unique_id: Optional[str]
include: Optional[List[SplitTunnelInclude]]

List of routes included in the WARP client's tunnel.

One of the following:
class TeamsDevicesIncludeSplitTunnelWithAddress:
address: str

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesIncludeSplitTunnelWithHost:
host: str

The domain name to include in the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
register_interface_ip_with_dns: Optional[bool]

Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support: Optional[bool]

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2: Optional[ServiceModeV2]
mode: Optional[str]

The mode to run the WARP client under.

port: Optional[float]

The port number when used with proxy mode.

support_url: Optional[str]

The URL to launch when the Send Feedback button is clicked.

switch_locked: Optional[bool]

Whether to allow the user to turn off the WARP switch and disconnect the client.

tunnel_protocol: Optional[str]

Determines which tunnel protocol to use.

DevicesPoliciesDefaultExcludes

Get the Split Tunnel exclude list
zero_trust.devices.policies.default.excludes.get(ExcludeGetParams**kwargs) -> SyncSinglePage[SplitTunnelExclude]
GET/accounts/{account_id}/devices/policy/exclude
Set the Split Tunnel exclude list
zero_trust.devices.policies.default.excludes.update(ExcludeUpdateParams**kwargs) -> SyncSinglePage[SplitTunnelExclude]
PUT/accounts/{account_id}/devices/policy/exclude

DevicesPoliciesDefaultIncludes

Get the Split Tunnel include list
zero_trust.devices.policies.default.includes.get(IncludeGetParams**kwargs) -> SyncSinglePage[SplitTunnelInclude]
GET/accounts/{account_id}/devices/policy/include
Set the Split Tunnel include list
zero_trust.devices.policies.default.includes.update(IncludeUpdateParams**kwargs) -> SyncSinglePage[SplitTunnelInclude]
PUT/accounts/{account_id}/devices/policy/include

DevicesPoliciesDefaultFallback Domains

Get your Local Domain Fallback list
zero_trust.devices.policies.default.fallback_domains.get(FallbackDomainGetParams**kwargs) -> SyncSinglePage[FallbackDomain]
GET/accounts/{account_id}/devices/policy/fallback_domains
Set your Local Domain Fallback list
zero_trust.devices.policies.default.fallback_domains.update(FallbackDomainUpdateParams**kwargs) -> SyncSinglePage[FallbackDomain]
PUT/accounts/{account_id}/devices/policy/fallback_domains

DevicesPoliciesDefaultCertificates

Get device certificate provisioning status
zero_trust.devices.policies.default.certificates.get(CertificateGetParams**kwargs) -> DevicePolicyCertificates
GET/zones/{zone_id}/devices/policy/certificates
Update device certificate provisioning status
zero_trust.devices.policies.default.certificates.edit(CertificateEditParams**kwargs) -> DevicePolicyCertificates
PATCH/zones/{zone_id}/devices/policy/certificates

DevicesPoliciesCustom

List device settings profiles
zero_trust.devices.policies.custom.list(CustomListParams**kwargs) -> SyncSinglePage[SettingsPolicy]
GET/accounts/{account_id}/devices/policies
Get device settings profile by ID
zero_trust.devices.policies.custom.get(strpolicy_id, CustomGetParams**kwargs) -> SettingsPolicy
GET/accounts/{account_id}/devices/policy/{policy_id}
Create a device settings profile
zero_trust.devices.policies.custom.create(CustomCreateParams**kwargs) -> SettingsPolicy
POST/accounts/{account_id}/devices/policy
Update a device settings profile
zero_trust.devices.policies.custom.edit(strpolicy_id, CustomEditParams**kwargs) -> SettingsPolicy
PATCH/accounts/{account_id}/devices/policy/{policy_id}
Delete a device settings profile
zero_trust.devices.policies.custom.delete(strpolicy_id, CustomDeleteParams**kwargs) -> SyncSinglePage[SettingsPolicy]
DELETE/accounts/{account_id}/devices/policy/{policy_id}

DevicesPoliciesCustomExcludes

Get the Split Tunnel exclude list for a device settings profile
zero_trust.devices.policies.custom.excludes.get(strpolicy_id, ExcludeGetParams**kwargs) -> SyncSinglePage[SplitTunnelExclude]
GET/accounts/{account_id}/devices/policy/{policy_id}/exclude
Set the Split Tunnel exclude list for a device settings profile
zero_trust.devices.policies.custom.excludes.update(strpolicy_id, ExcludeUpdateParams**kwargs) -> SyncSinglePage[SplitTunnelExclude]
PUT/accounts/{account_id}/devices/policy/{policy_id}/exclude

DevicesPoliciesCustomIncludes

Get the Split Tunnel include list for a device settings profile
zero_trust.devices.policies.custom.includes.get(strpolicy_id, IncludeGetParams**kwargs) -> SyncSinglePage[SplitTunnelInclude]
GET/accounts/{account_id}/devices/policy/{policy_id}/include
Set the Split Tunnel include list for a device settings profile
zero_trust.devices.policies.custom.includes.update(strpolicy_id, IncludeUpdateParams**kwargs) -> SyncSinglePage[SplitTunnelInclude]
PUT/accounts/{account_id}/devices/policy/{policy_id}/include

DevicesPoliciesCustomFallback Domains

Get the Local Domain Fallback list for a device settings profile
zero_trust.devices.policies.custom.fallback_domains.get(strpolicy_id, FallbackDomainGetParams**kwargs) -> SyncSinglePage[FallbackDomain]
GET/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains
Set the Local Domain Fallback list for a device settings profile
zero_trust.devices.policies.custom.fallback_domains.update(strpolicy_id, FallbackDomainUpdateParams**kwargs) -> SyncSinglePage[FallbackDomain]
PUT/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains

DevicesPosture

List device posture rules
zero_trust.devices.posture.list(PostureListParams**kwargs) -> SyncSinglePage[DevicePostureRule]
GET/accounts/{account_id}/devices/posture
Get device posture rule details
zero_trust.devices.posture.get(strrule_id, PostureGetParams**kwargs) -> DevicePostureRule
GET/accounts/{account_id}/devices/posture/{rule_id}
Create a device posture rule
zero_trust.devices.posture.create(PostureCreateParams**kwargs) -> DevicePostureRule
POST/accounts/{account_id}/devices/posture
Update a device posture rule
zero_trust.devices.posture.update(strrule_id, PostureUpdateParams**kwargs) -> DevicePostureRule
PUT/accounts/{account_id}/devices/posture/{rule_id}
Delete a device posture rule
zero_trust.devices.posture.delete(strrule_id, PostureDeleteParams**kwargs) -> PostureDeleteResponse
DELETE/accounts/{account_id}/devices/posture/{rule_id}
ModelsExpand Collapse
str
class ClientCertificateInput:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
cn: str

Common Name that is protected by the certificate.

class CrowdstrikeInput:
connection_id: str

Posture Integration ID.

last_seen: Optional[str]

For more details on last seen, please refer to the Crowdstrike documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
os: Optional[str]

Os Version.

overall: Optional[str]

Overall.

sensor_config: Optional[str]

SensorConfig.

state: Optional[Literal["online", "offline", "unknown"]]

For more details on state, please refer to the Crowdstrike documentation.

One of the following:
"online"
"offline"
"unknown"
version: Optional[str]

Version.

version_operator: Optional[Literal["<", "<=", ">", 2 more]]

Version Operator.

One of the following:
"<"
"<="
">"
">="
"=="
DeviceInput

The value to be checked against.

One of the following:
class FileInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

exists: Optional[bool]

Whether or not file exists.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class UniqueClientIDInput:
id: str

List ID.

operating_system: Literal["android", "ios", "chromeos"]

Operating System.

One of the following:
"android"
"ios"
"chromeos"
class DomainJoinedInput:
operating_system: Literal["windows"]

Operating System.

domain: Optional[str]

Domain.

class OSVersionInput:
operating_system: Literal["windows"]

Operating System.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
version: str

Version of OS.

os_distro_name: Optional[str]

Operating System Distribution Name (linux only).

os_distro_revision: Optional[str]

Version of OS Distribution (linux only).

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

class FirewallInput:
enabled: bool

Enabled.

operating_system: Literal["windows", "mac"]

Operating System.

One of the following:
"windows"
"mac"
class SentineloneInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesCarbonblackInputRequest:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class TeamsDevicesAccessSerialNumberListInputRequest:
id: str

UUID of Access List.

maxLength36
class DiskEncryptionInput:
check_disks: Optional[List[CarbonblackInput]]

List of volume names to be checked for encryption.

require_all: Optional[bool]

Whether to check all disks for encryption.

class TeamsDevicesApplicationInputRequest:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

Path for the application.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class ClientCertificateInput:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
cn: str

Common Name that is protected by the certificate.

class TeamsDevicesClientCertificateV2InputRequest:
certificate_id: str

UUID of Cloudflare managed certificate.

maxLength36
check_private_key: bool

Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key.

operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
cn: Optional[str]

Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables.

extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]

List of values indicating purposes for which the certificate public key can be used.

One of the following:
"clientAuth"
"emailProtection"
locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]
paths: Optional[List[str]]

List of paths to check for client certificate on linux.

trust_stores: Optional[List[Literal["system", "user"]]]

List of trust stores to check for client certificate.

One of the following:
"system"
"user"
subject_alternative_names: Optional[List[str]]

List of certificate Subject Alternative Names.

class TeamsDevicesAntivirusInputRequest:
update_window_days: Optional[float]

Number of days that the antivirus should be updated within.

class WorkspaceOneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown"]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
connection_id: str

Posture Integration ID.

class CrowdstrikeInput:
connection_id: str

Posture Integration ID.

last_seen: Optional[str]

For more details on last seen, please refer to the Crowdstrike documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
os: Optional[str]

Os Version.

overall: Optional[str]

Overall.

sensor_config: Optional[str]

SensorConfig.

state: Optional[Literal["online", "offline", "unknown"]]

For more details on state, please refer to the Crowdstrike documentation.

One of the following:
"online"
"offline"
"unknown"
version: Optional[str]

Version.

version_operator: Optional[Literal["<", "<=", ">", 2 more]]

Version Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class IntuneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
"notapplicable"
"ingraceperiod"
"error"
connection_id: str

Posture Integration ID.

class KolideInput:
connection_id: str

Posture Integration ID.

count_operator: Literal["<", "<=", ">", 2 more]

Count Operator.

One of the following:
"<"
"<="
">"
">="
"=="
issue_count: str

The Number of Issues.

class TaniumInput:
connection_id: str

Posture Integration ID.

eid_last_seen: Optional[str]

For more details on eid last seen, refer to the Tanium documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator to evaluate risk_level or eid_last_seen.

One of the following:
"<"
"<="
">"
">="
"=="
risk_level: Optional[Literal["low", "medium", "high", "critical"]]

For more details on risk level, refer to the Tanium documentation.

One of the following:
"low"
"medium"
"high"
"critical"
score_operator: Optional[Literal["<", "<=", ">", 2 more]]

Score Operator.

One of the following:
"<"
"<="
">"
">="
"=="
total_score: Optional[float]

For more details on total score, refer to the Tanium documentation.

class SentineloneS2sInput:
connection_id: str

Posture Integration ID.

active_threats: Optional[float]

The Number of active threats.

infected: Optional[bool]

Whether device is infected.

is_active: Optional[bool]

Whether device is active.

network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]

Network status of device.

One of the following:
"connected"
"disconnected"
"disconnecting"
"connecting"
operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]

Agent operational state.

One of the following:
"na"
"partially_disabled"
"auto_fully_disabled"
"fully_disabled"
"auto_partially_disabled"
"disabled_error"
"db_corruption"
operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class TeamsDevicesCustomS2sInputRequest:
connection_id: str

Posture Integration ID.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
score: float

A value between 0-100 assigned to devices set by the 3rd party posture provider.

class DeviceMatch:
platform: Optional[Literal["windows", "mac", "linux", 3 more]]
One of the following:
"windows"
"mac"
"linux"
"android"
"ios"
"chromeos"
class DevicePostureRule:
id: Optional[str]

API UUID.

maxLength36
description: Optional[str]

The description of the device posture rule.

expiration: Optional[str]

Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client.

input: Optional[DeviceInput]

The value to be checked against.

match: Optional[List[DeviceMatch]]

The conditions that the client must match to run the rule.

platform: Optional[Literal["windows", "mac", "linux", 3 more]]
One of the following:
"windows"
"mac"
"linux"
"android"
"ios"
"chromeos"
name: Optional[str]

The name of the device posture rule.

schedule: Optional[str]

Polling frequency for the WARP client posture check. Default: 5m (poll every five minutes). Minimum: 1m.

type: Optional[Literal["file", "application", "tanium", 20 more]]

The type of device posture rule.

One of the following:
"file"
"application"
"tanium"
"gateway"
"warp"
"disk_encryption"
"serial_number"
"sentinelone"
"carbonblack"
"firewall"
"os_version"
"domain_joined"
"client_certificate"
"client_certificate_v2"
"antivirus"
"unique_client_id"
"kolide"
"tanium_s2s"
"crowdstrike_s2s"
"intune"
"workspace_one"
"sentinelone_s2s"
"custom_s2s"
class DiskEncryptionInput:
check_disks: Optional[List[CarbonblackInput]]

List of volume names to be checked for encryption.

require_all: Optional[bool]

Whether to check all disks for encryption.

class DomainJoinedInput:
operating_system: Literal["windows"]

Operating System.

domain: Optional[str]

Domain.

class FileInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

exists: Optional[bool]

Whether or not file exists.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class FirewallInput:
enabled: bool

Enabled.

operating_system: Literal["windows", "mac"]

Operating System.

One of the following:
"windows"
"mac"
class IntuneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
"notapplicable"
"ingraceperiod"
"error"
connection_id: str

Posture Integration ID.

class KolideInput:
connection_id: str

Posture Integration ID.

count_operator: Literal["<", "<=", ">", 2 more]

Count Operator.

One of the following:
"<"
"<="
">"
">="
"=="
issue_count: str

The Number of Issues.

class OSVersionInput:
operating_system: Literal["windows"]

Operating System.

operator: Literal["<", "<=", ">", 2 more]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
version: str

Version of OS.

os_distro_name: Optional[str]

Operating System Distribution Name (linux only).

os_distro_revision: Optional[str]

Version of OS Distribution (linux only).

os_version_extra: Optional[str]

Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.

class SentineloneInput:
operating_system: Literal["windows", "linux", "mac"]

Operating system.

One of the following:
"windows"
"linux"
"mac"
path: str

File path.

sha256: Optional[str]

SHA-256.

thumbprint: Optional[str]

Signing certificate thumbprint.

class SentineloneS2sInput:
connection_id: str

Posture Integration ID.

active_threats: Optional[float]

The Number of active threats.

infected: Optional[bool]

Whether device is infected.

is_active: Optional[bool]

Whether device is active.

network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]

Network status of device.

One of the following:
"connected"
"disconnected"
"disconnecting"
"connecting"
operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]

Agent operational state.

One of the following:
"na"
"partially_disabled"
"auto_fully_disabled"
"fully_disabled"
"auto_partially_disabled"
"disabled_error"
"db_corruption"
operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator.

One of the following:
"<"
"<="
">"
">="
"=="
class TaniumInput:
connection_id: str

Posture Integration ID.

eid_last_seen: Optional[str]

For more details on eid last seen, refer to the Tanium documentation.

operator: Optional[Literal["<", "<=", ">", 2 more]]

Operator to evaluate risk_level or eid_last_seen.

One of the following:
"<"
"<="
">"
">="
"=="
risk_level: Optional[Literal["low", "medium", "high", "critical"]]

For more details on risk level, refer to the Tanium documentation.

One of the following:
"low"
"medium"
"high"
"critical"
score_operator: Optional[Literal["<", "<=", ">", 2 more]]

Score Operator.

One of the following:
"<"
"<="
">"
">="
"=="
total_score: Optional[float]

For more details on total score, refer to the Tanium documentation.

class UniqueClientIDInput:
id: str

List ID.

operating_system: Literal["android", "ios", "chromeos"]

Operating System.

One of the following:
"android"
"ios"
"chromeos"
class WorkspaceOneInput:
compliance_status: Literal["compliant", "noncompliant", "unknown"]

Compliance Status.

One of the following:
"compliant"
"noncompliant"
"unknown"
connection_id: str

Posture Integration ID.

class PostureDeleteResponse:
id: Optional[str]

API UUID.

maxLength36

DevicesPostureIntegrations

List your device posture integrations
zero_trust.devices.posture.integrations.list(IntegrationListParams**kwargs) -> SyncSinglePage[Integration]
GET/accounts/{account_id}/devices/posture/integration
Get device posture integration details
zero_trust.devices.posture.integrations.get(strintegration_id, IntegrationGetParams**kwargs) -> Integration
GET/accounts/{account_id}/devices/posture/integration/{integration_id}
Create a device posture integration
zero_trust.devices.posture.integrations.create(IntegrationCreateParams**kwargs) -> Integration
POST/accounts/{account_id}/devices/posture/integration
Update a device posture integration
zero_trust.devices.posture.integrations.edit(strintegration_id, IntegrationEditParams**kwargs) -> Integration
PATCH/accounts/{account_id}/devices/posture/integration/{integration_id}
Delete a device posture integration
zero_trust.devices.posture.integrations.delete(strintegration_id, IntegrationDeleteParams**kwargs) -> IntegrationDeleteResponse
DELETE/accounts/{account_id}/devices/posture/integration/{integration_id}
ModelsExpand Collapse
class Integration:
id: Optional[str]

API UUID.

maxLength36
config: Optional[Config]

The configuration object containing third-party integration information.

api_url: str

The Workspace One API URL provided in the Workspace One Admin Dashboard.

auth_url: str

The Workspace One Authorization URL depending on your region.

client_id: str

The Workspace One client ID provided in the Workspace One Admin Dashboard.

interval: Optional[str]

The interval between each posture check with the third-party API. Use m for minutes (e.g. 5m) and h for hours (e.g. 12h).

name: Optional[str]

The name of the device posture integration.

type: Optional[Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]]

The type of device posture integration.

One of the following:
"workspace_one"
"crowdstrike_s2s"
"uptycs"
"intune"
"kolide"
"tanium_s2s"
"sentinelone_s2s"
"custom_s2s"
Union[str, object, null]
One of the following:
str
object

DevicesRevoke

Revoke devices (deprecated)
Deprecated
zero_trust.devices.revoke.create(RevokeCreateParams**kwargs) -> RevokeCreateResponse
POST/accounts/{account_id}/devices/revoke
ModelsExpand Collapse
Union[str, object, null]
One of the following:
str
object

DevicesSettings

Get device settings for a Zero Trust account
zero_trust.devices.settings.get(SettingGetParams**kwargs) -> DeviceSettings
GET/accounts/{account_id}/devices/settings
Update device settings for a Zero Trust account
zero_trust.devices.settings.update(SettingUpdateParams**kwargs) -> DeviceSettings
PUT/accounts/{account_id}/devices/settings
Patch device settings for a Zero Trust account
zero_trust.devices.settings.edit(SettingEditParams**kwargs) -> DeviceSettings
PATCH/accounts/{account_id}/devices/settings
Reset device settings for a Zero Trust account with defaults. This turns off all proxying.
zero_trust.devices.settings.delete(SettingDeleteParams**kwargs) -> DeviceSettings
DELETE/accounts/{account_id}/devices/settings
ModelsExpand Collapse
class DeviceSettings:
disable_for_time: Optional[float]

Sets the time limit, in seconds, that a user can use an override code to bypass WARP.

external_emergency_signal_enabled: Optional[bool]

Controls whether the external emergency disconnect feature is enabled.

external_emergency_signal_fingerprint: Optional[str]

The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value.

external_emergency_signal_interval: Optional[str]

The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds.

external_emergency_signal_url: Optional[str]

The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host.

gateway_proxy_enabled: Optional[bool]

Enable gateway proxy filtering on TCP.

gateway_udp_proxy_enabled: Optional[bool]

Enable gateway proxy filtering on UDP.

root_certificate_installation_enabled: Optional[bool]

Enable installation of cloudflare managed root certificate.

use_zt_virtual_ip: Optional[bool]

Enable using CGNAT virtual IPv4.

DevicesUnrevoke

Unrevoke devices (deprecated)
Deprecated
zero_trust.devices.unrevoke.create(UnrevokeCreateParams**kwargs) -> UnrevokeCreateResponse
POST/accounts/{account_id}/devices/unrevoke
ModelsExpand Collapse
Union[str, object, null]
One of the following:
str
object

DevicesOverride Codes

Get override codes (deprecated)
Deprecated
zero_trust.devices.override_codes.list(strdevice_id, OverrideCodeListParams**kwargs) -> SyncSinglePage[object]
GET/accounts/{account_id}/devices/{device_id}/override_codes
Get override codes
zero_trust.devices.override_codes.get(strregistration_id, OverrideCodeGetParams**kwargs) -> OverrideCodeGetResponse
GET/accounts/{account_id}/devices/registrations/{registration_id}/override_codes
ModelsExpand Collapse
class OverrideCodeGetResponse:
disable_for_time: Optional[Dict[str, str]]