# Devices ## List devices (deprecated) `zero_trust.devices.list(DeviceListParams**kwargs) -> SyncSinglePage[Device]` **get** `/accounts/{account_id}/devices` List WARP devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated**: please use one of the following endpoints instead: - GET /accounts/{account_id}/devices/physical-devices - GET /accounts/{account_id}/devices/registrations ### Parameters - `account_id: str` ### Returns - `class Device: …` - `id: Optional[str]` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `created: Optional[datetime]` When the device was created. - `deleted: Optional[bool]` True if the device was deleted. - `device_type: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `ip: Optional[str]` IPv4 or IPv6 address. - `key: Optional[str]` The device's public key. - `last_seen: Optional[datetime]` When the device last connected to Cloudflare services. - `mac_address: Optional[str]` The device mac address. - `manufacturer: Optional[str]` The device manufacturer name. - `model: Optional[str]` The device model name. - `name: Optional[str]` The device name. - `os_distro_name: Optional[str]` The Linux distro name. - `os_distro_revision: Optional[str]` The Linux distro revision. - `os_version: Optional[str]` The operating system version. - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `revoked_at: Optional[datetime]` When the device was revoked. - `serial_number: Optional[str]` The device serial number. - `updated: Optional[datetime]` When the device was updated. - `user: Optional[User]` - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. - `version: Optional[str]` The WARP client version. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.list( account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created": "2017-06-14T00:00:00Z", "deleted": true, "device_type": "windows", "ip": "1.1.1.1", "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=", "last_seen": "2017-06-14T00:00:00Z", "mac_address": "00-00-5E-00-53-00", "manufacturer": "My phone corp", "model": "MyPhone(pro-X)", "name": "My mobile device", "os_distro_name": "ubuntu", "os_distro_revision": "1.0.0", "os_version": "10.0.0", "os_version_extra": "(a) or 6889 or Ubuntu 24.04", "revoked_at": "2017-06-14T00:00:00Z", "serial_number": "EXAMPLEHMD6R", "updated": "2017-06-14T00:00:00Z", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "version": "1.0.0" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device (deprecated) `zero_trust.devices.get(strdevice_id, DeviceGetParams**kwargs) -> DeviceGetResponse` **get** `/accounts/{account_id}/devices/{device_id}` Fetches a single WARP device. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated**: please use one of the following endpoints instead: - GET /accounts/{account_id}/devices/physical-devices/{device_id} - GET /accounts/{account_id}/devices/registrations/{registration_id} ### Parameters - `account_id: str` - `device_id: str` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). ### Returns - `class DeviceGetResponse: …` - `id: Optional[str]` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `account: Optional[Account]` - `id: Optional[str]` - `account_type: Optional[str]` - `name: Optional[str]` The name of the enrolled account. - `created: Optional[datetime]` When the device was created. - `deleted: Optional[bool]` True if the device was deleted. - `device_type: Optional[str]` - `gateway_device_id: Optional[str]` - `ip: Optional[str]` IPv4 or IPv6 address. - `key: Optional[str]` The device's public key. - `key_type: Optional[str]` Type of the key. - `last_seen: Optional[datetime]` When the device last connected to Cloudflare services. - `mac_address: Optional[str]` The device mac address. - `model: Optional[str]` The device model name. - `name: Optional[str]` The device name. - `os_version: Optional[str]` The operating system version. - `serial_number: Optional[str]` The device serial number. - `tunnel_type: Optional[str]` Type of the tunnel connection used. - `updated: Optional[datetime]` When the device was updated. - `user: Optional[User]` - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. - `version: Optional[str]` The WARP client version. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device = client.zero_trust.devices.get( device_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(device.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "account": { "id": "id", "account_type": "account_type", "name": "Company" }, "created": "2017-06-14T00:00:00Z", "deleted": true, "device_type": "windows", "gateway_device_id": "PD33E90AXfafe14643cbbbc-4a0ed4fc8415Q", "ip": "1.1.1.1", "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=", "key_type": "curve25519", "last_seen": "2017-06-14T00:00:00Z", "mac_address": "00-00-5E-00-53-00", "model": "MyPhone(pro-X)", "name": "My mobile device", "os_version": "10.0.0", "serial_number": "EXAMPLEHMD6R", "tunnel_type": "masque", "updated": "2017-06-14T00:00:00Z", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "version": "1.0.0" }, "success": true } ``` ## Domain Types ### Device - `class Device: …` - `id: Optional[str]` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `created: Optional[datetime]` When the device was created. - `deleted: Optional[bool]` True if the device was deleted. - `device_type: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `ip: Optional[str]` IPv4 or IPv6 address. - `key: Optional[str]` The device's public key. - `last_seen: Optional[datetime]` When the device last connected to Cloudflare services. - `mac_address: Optional[str]` The device mac address. - `manufacturer: Optional[str]` The device manufacturer name. - `model: Optional[str]` The device model name. - `name: Optional[str]` The device name. - `os_distro_name: Optional[str]` The Linux distro name. - `os_distro_revision: Optional[str]` The Linux distro revision. - `os_version: Optional[str]` The operating system version. - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `revoked_at: Optional[datetime]` When the device was revoked. - `serial_number: Optional[str]` The device serial number. - `updated: Optional[datetime]` When the device was updated. - `user: Optional[User]` - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. - `version: Optional[str]` The WARP client version. ### Device Get Response - `class DeviceGetResponse: …` - `id: Optional[str]` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `account: Optional[Account]` - `id: Optional[str]` - `account_type: Optional[str]` - `name: Optional[str]` The name of the enrolled account. - `created: Optional[datetime]` When the device was created. - `deleted: Optional[bool]` True if the device was deleted. - `device_type: Optional[str]` - `gateway_device_id: Optional[str]` - `ip: Optional[str]` IPv4 or IPv6 address. - `key: Optional[str]` The device's public key. - `key_type: Optional[str]` Type of the key. - `last_seen: Optional[datetime]` When the device last connected to Cloudflare services. - `mac_address: Optional[str]` The device mac address. - `model: Optional[str]` The device model name. - `name: Optional[str]` The device name. - `os_version: Optional[str]` The operating system version. - `serial_number: Optional[str]` The device serial number. - `tunnel_type: Optional[str]` Type of the tunnel connection used. - `updated: Optional[datetime]` When the device was updated. - `user: Optional[User]` - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. - `version: Optional[str]` The WARP client version. # Devices ## List devices `zero_trust.devices.devices.list(DeviceListParams**kwargs) -> SyncCursorPagination[DeviceListResponse]` **get** `/accounts/{account_id}/devices/physical-devices` Lists WARP devices. ### Parameters - `account_id: str` - `id: Optional[SequenceNotStr[str]]` Filter by a one or more device IDs. - `active_registrations: Optional[Literal["include", "only", "exclude"]]` Include or exclude devices with active registrations. The default is "only" - return only devices with active registrations. - `"include"` - `"only"` - `"exclude"` - `cursor: Optional[str]` Opaque token indicating the starting position when requesting the next set of records. A cursor value can be obtained from the result_info.cursor field in the response. - `include: Optional[str]` Comma-separated list of additional information that should be included in the device response. Supported values are: "last_seen_registration.policy". - `last_seen_user: Optional[LastSeenUser]` - `email: Optional[str]` Filter by the last seen user's email. - `per_page: Optional[int]` The maximum number of devices to return in a single response. - `search: Optional[str]` Search by device details. - `seen_after: Optional[str]` Filter by the last_seen timestamp - returns only devices last seen after this timestamp. - `seen_before: Optional[str]` Filter by the last_seen timestamp - returns only devices last seen before this timestamp. - `sort_by: Optional[Literal["name", "id", "client_version", 4 more]]` The device field to order results by. - `"name"` - `"id"` - `"client_version"` - `"last_seen_user.email"` - `"last_seen_at"` - `"active_registrations"` - `"created_at"` - `sort_order: Optional[Literal["asc", "desc"]]` Sort direction. - `"asc"` - `"desc"` ### Returns - `class DeviceListResponse: …` A WARP Device. - `id: str` The unique ID of the device. - `active_registrations: int` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: str` The RFC3339 timestamp when the device was created. - `last_seen_at: Optional[str]` The RFC3339 timestamp when the device was last seen. - `name: str` The name of the device. - `updated_at: str` The RFC3339 timestamp when the device was last updated. - `client_version: Optional[str]` Version of the WARP client. - `deleted_at: Optional[str]` The RFC3339 timestamp when the device was deleted. - `device_type: Optional[str]` The device operating system. - `hardware_id: Optional[str]` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration: Optional[LastSeenRegistration]` The last seen registration for the device. - `policy: Optional[LastSeenRegistrationPolicy]` A summary of the device profile evaluated for the registration. - `id: str` The ID of the device settings profile. - `default: bool` Whether the device settings profile is the default profile for the account. - `deleted: bool` Whether the device settings profile was deleted. - `name: str` The name of the device settings profile. - `updated_at: str` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user: Optional[LastSeenUser]` The last user to use the WARP device. - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. - `mac_address: Optional[str]` The device MAC address. - `manufacturer: Optional[str]` The device manufacturer. - `model: Optional[str]` The model name of the device. - `os_version: Optional[str]` The device operating system version number. - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip: Optional[str]` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number: Optional[str]` The device serial number. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.devices.list( account_id="account_id", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "fc9ab6ab-3b94-4319-9941-459462b3d73e", "active_registrations": 1, "created_at": "2025-02-14T13:17:00Z", "last_seen_at": "2025-02-14T13:17:00Z", "name": "My Device", "updated_at": "2025-02-14T13:17:00Z", "client_version": "1.0.0", "deleted_at": "2025-02-14T13:17:00Z", "device_type": "linux", "hardware_id": "hardware_id", "last_seen_registration": { "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" } }, "last_seen_user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "mac_address": "f5:01:73:cf:12:23", "manufacturer": "ACME", "model": "Mark VII", "os_version": "os_version", "os_version_extra": "os_version_extra", "public_ip": "1.1.1.1", "serial_number": "ABS765ASD8A" } ], "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Get device `zero_trust.devices.devices.get(strdevice_id, DeviceGetParams**kwargs) -> DeviceGetResponse` **get** `/accounts/{account_id}/devices/physical-devices/{device_id}` Fetches a single WARP device. ### Parameters - `account_id: str` - `device_id: str` - `include: Optional[str]` Comma-separated list of additional information that should be included in the device response. Supported values are: "last_seen_registration.policy". ### Returns - `class DeviceGetResponse: …` A WARP Device. - `id: str` The unique ID of the device. - `active_registrations: int` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: str` The RFC3339 timestamp when the device was created. - `last_seen_at: Optional[str]` The RFC3339 timestamp when the device was last seen. - `name: str` The name of the device. - `updated_at: str` The RFC3339 timestamp when the device was last updated. - `client_version: Optional[str]` Version of the WARP client. - `deleted_at: Optional[str]` The RFC3339 timestamp when the device was deleted. - `device_type: Optional[str]` The device operating system. - `hardware_id: Optional[str]` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration: Optional[LastSeenRegistration]` The last seen registration for the device. - `policy: Optional[LastSeenRegistrationPolicy]` A summary of the device profile evaluated for the registration. - `id: str` The ID of the device settings profile. - `default: bool` Whether the device settings profile is the default profile for the account. - `deleted: bool` Whether the device settings profile was deleted. - `name: str` The name of the device settings profile. - `updated_at: str` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user: Optional[LastSeenUser]` The last user to use the WARP device. - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. - `mac_address: Optional[str]` The device MAC address. - `manufacturer: Optional[str]` The device manufacturer. - `model: Optional[str]` The model name of the device. - `os_version: Optional[str]` The device operating system version number. - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip: Optional[str]` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number: Optional[str]` The device serial number. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device = client.zero_trust.devices.devices.get( device_id="device_id", account_id="account_id", ) print(device.id) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "fc9ab6ab-3b94-4319-9941-459462b3d73e", "active_registrations": 1, "created_at": "2025-02-14T13:17:00Z", "last_seen_at": "2025-02-14T13:17:00Z", "name": "My Device", "updated_at": "2025-02-14T13:17:00Z", "client_version": "1.0.0", "deleted_at": "2025-02-14T13:17:00Z", "device_type": "linux", "hardware_id": "hardware_id", "last_seen_registration": { "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" } }, "last_seen_user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "mac_address": "f5:01:73:cf:12:23", "manufacturer": "ACME", "model": "Mark VII", "os_version": "os_version", "os_version_extra": "os_version_extra", "public_ip": "1.1.1.1", "serial_number": "ABS765ASD8A" }, "success": true } ``` ## Delete device `zero_trust.devices.devices.delete(strdevice_id, DeviceDeleteParams**kwargs) -> object` **delete** `/accounts/{account_id}/devices/physical-devices/{device_id}` Deletes a WARP device. ### Parameters - `account_id: str` - `device_id: str` ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device = client.zero_trust.devices.devices.delete( device_id="device_id", account_id="account_id", ) print(device) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Revoke device registrations `zero_trust.devices.devices.revoke(strdevice_id, DeviceRevokeParams**kwargs) -> object` **post** `/accounts/{account_id}/devices/physical-devices/{device_id}/revoke` Revokes all WARP registrations associated with the specified device. ### Parameters - `account_id: str` - `device_id: str` ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.zero_trust.devices.devices.revoke( device_id="device_id", account_id="account_id", ) print(response) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Domain Types ### Device List Response - `class DeviceListResponse: …` A WARP Device. - `id: str` The unique ID of the device. - `active_registrations: int` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: str` The RFC3339 timestamp when the device was created. - `last_seen_at: Optional[str]` The RFC3339 timestamp when the device was last seen. - `name: str` The name of the device. - `updated_at: str` The RFC3339 timestamp when the device was last updated. - `client_version: Optional[str]` Version of the WARP client. - `deleted_at: Optional[str]` The RFC3339 timestamp when the device was deleted. - `device_type: Optional[str]` The device operating system. - `hardware_id: Optional[str]` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration: Optional[LastSeenRegistration]` The last seen registration for the device. - `policy: Optional[LastSeenRegistrationPolicy]` A summary of the device profile evaluated for the registration. - `id: str` The ID of the device settings profile. - `default: bool` Whether the device settings profile is the default profile for the account. - `deleted: bool` Whether the device settings profile was deleted. - `name: str` The name of the device settings profile. - `updated_at: str` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user: Optional[LastSeenUser]` The last user to use the WARP device. - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. - `mac_address: Optional[str]` The device MAC address. - `manufacturer: Optional[str]` The device manufacturer. - `model: Optional[str]` The model name of the device. - `os_version: Optional[str]` The device operating system version number. - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip: Optional[str]` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number: Optional[str]` The device serial number. ### Device Get Response - `class DeviceGetResponse: …` A WARP Device. - `id: str` The unique ID of the device. - `active_registrations: int` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: str` The RFC3339 timestamp when the device was created. - `last_seen_at: Optional[str]` The RFC3339 timestamp when the device was last seen. - `name: str` The name of the device. - `updated_at: str` The RFC3339 timestamp when the device was last updated. - `client_version: Optional[str]` Version of the WARP client. - `deleted_at: Optional[str]` The RFC3339 timestamp when the device was deleted. - `device_type: Optional[str]` The device operating system. - `hardware_id: Optional[str]` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration: Optional[LastSeenRegistration]` The last seen registration for the device. - `policy: Optional[LastSeenRegistrationPolicy]` A summary of the device profile evaluated for the registration. - `id: str` The ID of the device settings profile. - `default: bool` Whether the device settings profile is the default profile for the account. - `deleted: bool` Whether the device settings profile was deleted. - `name: str` The name of the device settings profile. - `updated_at: str` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user: Optional[LastSeenUser]` The last user to use the WARP device. - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. - `mac_address: Optional[str]` The device MAC address. - `manufacturer: Optional[str]` The device manufacturer. - `model: Optional[str]` The model name of the device. - `os_version: Optional[str]` The device operating system version number. - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip: Optional[str]` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number: Optional[str]` The device serial number. # Resilience # Global WARP Override ## Retrieve Global WARP override state `zero_trust.devices.resilience.global_warp_override.get(GlobalWARPOverrideGetParams**kwargs) -> GlobalWARPOverrideGetResponse` **get** `/accounts/{account_id}/devices/resilience/disconnect` Fetch the Global WARP override state. ### Parameters - `account_id: str` ### Returns - `class GlobalWARPOverrideGetResponse: …` - `disconnect: Optional[bool]` Disconnects all devices on the account using Global WARP override. - `timestamp: Optional[datetime]` When the Global WARP override state was updated. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) global_warp_override = client.zero_trust.devices.resilience.global_warp_override.get( account_id="699d98642c564d2e855e9661899b7252", ) print(global_warp_override.disconnect) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disconnect": false, "timestamp": "1970-01-01T00:00:00.000Z" }, "success": true } ``` ## Set Global WARP override state `zero_trust.devices.resilience.global_warp_override.create(GlobalWARPOverrideCreateParams**kwargs) -> GlobalWARPOverrideCreateResponse` **post** `/accounts/{account_id}/devices/resilience/disconnect` Sets the Global WARP override state. ### Parameters - `account_id: str` - `disconnect: bool` Disconnects all devices on the account using Global WARP override. - `justification: Optional[str]` Reasoning for setting the Global WARP override state. This will be surfaced in the audit log. ### Returns - `class GlobalWARPOverrideCreateResponse: …` - `disconnect: Optional[bool]` Disconnects all devices on the account using Global WARP override. - `timestamp: Optional[datetime]` When the Global WARP override state was updated. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) global_warp_override = client.zero_trust.devices.resilience.global_warp_override.create( account_id="699d98642c564d2e855e9661899b7252", disconnect=False, ) print(global_warp_override.disconnect) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disconnect": false, "timestamp": "1970-01-01T00:00:00.000Z" }, "success": true } ``` ## Domain Types ### Global WARP Override Get Response - `class GlobalWARPOverrideGetResponse: …` - `disconnect: Optional[bool]` Disconnects all devices on the account using Global WARP override. - `timestamp: Optional[datetime]` When the Global WARP override state was updated. ### Global WARP Override Create Response - `class GlobalWARPOverrideCreateResponse: …` - `disconnect: Optional[bool]` Disconnects all devices on the account using Global WARP override. - `timestamp: Optional[datetime]` When the Global WARP override state was updated. # Registrations ## List registrations `zero_trust.devices.registrations.list(RegistrationListParams**kwargs) -> SyncCursorPagination[RegistrationListResponse]` **get** `/accounts/{account_id}/devices/registrations` Lists WARP registrations. ### Parameters - `account_id: str` - `id: Optional[SequenceNotStr[str]]` Filter by registration ID. - `cursor: Optional[str]` Opaque token indicating the starting position when requesting the next set of records. A cursor value can be obtained from the result_info.cursor field in the response. - `device: Optional[Device]` - `id: Optional[str]` Filter by WARP device ID. - `include: Optional[str]` Comma-separated list of additional information that should be included in the registration response. Supported values are: "policy". - `per_page: Optional[int]` The maximum number of devices to return in a single response. - `search: Optional[str]` Filter by registration details. - `seen_after: Optional[str]` Filter by the last_seen timestamp - returns only registrations last seen after this timestamp. - `seen_before: Optional[str]` Filter by the last_seen timestamp - returns only registrations last seen before this timestamp. - `sort_by: Optional[Literal["id", "user.name", "user.email", 2 more]]` The registration field to order results by. - `"id"` - `"user.name"` - `"user.email"` - `"last_seen_at"` - `"created_at"` - `sort_order: Optional[Literal["asc", "desc"]]` Sort direction. - `"asc"` - `"desc"` - `status: Optional[Literal["active", "all", "revoked"]]` Filter by registration status. Defaults to 'active'. - `"active"` - `"all"` - `"revoked"` - `user: Optional[User]` - `id: Optional[SequenceNotStr[str]]` Filter by user ID. ### Returns - `class RegistrationListResponse: …` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: str` The ID of the registration. - `created_at: str` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: str` The ID of the device. - `name: str` The name of the device. - `client_version: Optional[str]` Version of the WARP client. - `key: str` The public key used to connect to the Cloudflare network. - `last_seen_at: str` The RFC3339 timestamp when the registration was last seen. - `updated_at: str` The RFC3339 timestamp when the registration was last updated. - `deleted_at: Optional[str]` The RFC3339 timestamp when the registration was deleted. - `key_type: Optional[str]` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy: Optional[Policy]` The device settings profile assigned to this registration. - `id: str` The ID of the device settings profile. - `default: bool` Whether the device settings profile is the default profile for the account. - `deleted: bool` Whether the device settings profile was deleted. - `name: str` The name of the device settings profile. - `updated_at: str` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at: Optional[str]` The RFC3339 timestamp when the registration was revoked. - `tunnel_type: Optional[str]` Type of the tunnel - wireguard or masque. - `user: Optional[User]` - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.registrations.list( account_id="account_id", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [], "messages": [], "result": [ { "created_at": "2025-02-14T13:17:00Z", "deleted_at": null, "device": { "client_version": "1.0.0", "id": "32aa0404-78f1-49a4-99e0-97f575081356", "name": "My Device" }, "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "key": "U+QTP50RsWfeLGHF4tlGDnmGeuwtsz46KCHr5OyhWq00Rsdfl45mgnQAuEJ6CO0YrkyTl9FUf5iB0bwYR3g4EEFEHhtu6jFaqfMrBMBSz6itv9HQXkaR9OieKQ==", "key_type": "secp256r1", "last_seen_at": "2025-02-14T13:17:00Z", "revoked_at": null, "tunnel_type": "masque", "updated_at": "2025-02-14T13:17:00Z", "user": { "email": "alice@example.org", "id": "30323c1f-318d-4ec9-92c7-5a8c4d25c4fc", "name": "Alice" } }, { "created_at": "2025-02-15T10:20:00Z", "deleted_at": null, "device": { "client_version": "1.0.1", "id": "43bb1515-8902-50b5-aa01-a88686192467", "name": "Bob's Laptop" }, "id": "22eedc7a-4a1d-5417-c5b3-f73a983c277b", "key": "V/RSP61StXgfmLHJG5umHEonHfvxtz57LDIs6PziXr11Stegm56nhrRBvFK7DP1ZsLzUm0GVg6jC1cxZS4h5FFGFJiju7kGbrgNsCNCT77juw0IRYlS0QpjgLR==", "key_type": "secp256r1", "last_seen_at": "2025-02-15T10:25:00Z", "revoked_at": null, "tunnel_type": "masque", "updated_at": "2025-02-15T10:25:00Z", "user": { "email": "bob@example.com", "id": "41434d2a-429e-5fd0-a3d8-6b9d5e36d5ad", "name": "Bob" } } ], "result_info": { "count": 2, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null }, "success": true } ``` ## Get registration `zero_trust.devices.registrations.get(strregistration_id, RegistrationGetParams**kwargs) -> RegistrationGetResponse` **get** `/accounts/{account_id}/devices/registrations/{registration_id}` Fetches a single WARP registration. ### Parameters - `account_id: str` - `registration_id: str` - `include: Optional[str]` Comma-separated list of additional information that should be included in the registration response. Supported values are: "policy". ### Returns - `class RegistrationGetResponse: …` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: str` The ID of the registration. - `created_at: str` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: str` The ID of the device. - `name: str` The name of the device. - `client_version: Optional[str]` Version of the WARP client. - `key: str` The public key used to connect to the Cloudflare network. - `last_seen_at: str` The RFC3339 timestamp when the registration was last seen. - `updated_at: str` The RFC3339 timestamp when the registration was last updated. - `deleted_at: Optional[str]` The RFC3339 timestamp when the registration was deleted. - `key_type: Optional[str]` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy: Optional[Policy]` The device settings profile assigned to this registration. - `id: str` The ID of the device settings profile. - `default: bool` Whether the device settings profile is the default profile for the account. - `deleted: bool` Whether the device settings profile was deleted. - `name: str` The name of the device settings profile. - `updated_at: str` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at: Optional[str]` The RFC3339 timestamp when the registration was revoked. - `tunnel_type: Optional[str]` Type of the tunnel - wireguard or masque. - `user: Optional[User]` - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) registration = client.zero_trust.devices.registrations.get( registration_id="registration_id", account_id="account_id", ) print(registration.id) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "created_at": "2025-02-14T13:17:00Z", "device": { "id": "32aa0404-78f1-49a4-99e0-97f575081356", "name": "My Device", "client_version": "1.0.0" }, "key": "U+QTP50RsWfeLGHF4tlGDnmGeuwtsz46KCHr5OyhWq00Rsdfl45mgnQAuEJ6CO0YrkyTl9FUf5iB0bwYR3g4EEFEHhtu6jFaqfMrBMBSz6itv9HQXkaR9OieKQ==", "last_seen_at": "2025-02-14T13:17:00Z", "updated_at": "2025-02-14T13:17:00Z", "deleted_at": "2025-02-14T13:17:00Z", "key_type": "secp256r1", "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" }, "revoked_at": "2025-02-14T13:17:00Z", "tunnel_type": "masque", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" } }, "success": true } ``` ## Delete registration `zero_trust.devices.registrations.delete(strregistration_id, RegistrationDeleteParams**kwargs) -> object` **delete** `/accounts/{account_id}/devices/registrations/{registration_id}` Deletes a WARP registration. ### Parameters - `account_id: str` - `registration_id: str` ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) registration = client.zero_trust.devices.registrations.delete( registration_id="registration_id", account_id="account_id", ) print(registration) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Delete registrations `zero_trust.devices.registrations.bulk_delete(RegistrationBulkDeleteParams**kwargs) -> object` **delete** `/accounts/{account_id}/devices/registrations` Deletes a list of WARP registrations. ### Parameters - `account_id: str` - `id: SequenceNotStr[str]` A list of registration IDs to delete. ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.zero_trust.devices.registrations.bulk_delete( account_id="account_id", id=["string"], ) print(response) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Revoke registrations `zero_trust.devices.registrations.revoke(RegistrationRevokeParams**kwargs) -> object` **post** `/accounts/{account_id}/devices/registrations/revoke` Revokes a list of WARP registrations. ### Parameters - `account_id: str` - `id: SequenceNotStr[str]` A list of registration IDs to revoke. ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.zero_trust.devices.registrations.revoke( account_id="account_id", id=["string"], ) print(response) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Unrevoke registrations `zero_trust.devices.registrations.unrevoke(RegistrationUnrevokeParams**kwargs) -> object` **post** `/accounts/{account_id}/devices/registrations/unrevoke` Unrevokes a list of WARP registrations. ### Parameters - `account_id: str` - `id: SequenceNotStr[str]` A list of registration IDs to unrevoke. ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.zero_trust.devices.registrations.unrevoke( account_id="account_id", id=["string"], ) print(response) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Domain Types ### Registration List Response - `class RegistrationListResponse: …` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: str` The ID of the registration. - `created_at: str` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: str` The ID of the device. - `name: str` The name of the device. - `client_version: Optional[str]` Version of the WARP client. - `key: str` The public key used to connect to the Cloudflare network. - `last_seen_at: str` The RFC3339 timestamp when the registration was last seen. - `updated_at: str` The RFC3339 timestamp when the registration was last updated. - `deleted_at: Optional[str]` The RFC3339 timestamp when the registration was deleted. - `key_type: Optional[str]` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy: Optional[Policy]` The device settings profile assigned to this registration. - `id: str` The ID of the device settings profile. - `default: bool` Whether the device settings profile is the default profile for the account. - `deleted: bool` Whether the device settings profile was deleted. - `name: str` The name of the device settings profile. - `updated_at: str` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at: Optional[str]` The RFC3339 timestamp when the registration was revoked. - `tunnel_type: Optional[str]` Type of the tunnel - wireguard or masque. - `user: Optional[User]` - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. ### Registration Get Response - `class RegistrationGetResponse: …` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: str` The ID of the registration. - `created_at: str` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: str` The ID of the device. - `name: str` The name of the device. - `client_version: Optional[str]` Version of the WARP client. - `key: str` The public key used to connect to the Cloudflare network. - `last_seen_at: str` The RFC3339 timestamp when the registration was last seen. - `updated_at: str` The RFC3339 timestamp when the registration was last updated. - `deleted_at: Optional[str]` The RFC3339 timestamp when the registration was deleted. - `key_type: Optional[str]` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy: Optional[Policy]` The device settings profile assigned to this registration. - `id: str` The ID of the device settings profile. - `default: bool` Whether the device settings profile is the default profile for the account. - `deleted: bool` Whether the device settings profile was deleted. - `name: str` The name of the device settings profile. - `updated_at: str` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at: Optional[str]` The RFC3339 timestamp when the registration was revoked. - `tunnel_type: Optional[str]` Type of the tunnel - wireguard or masque. - `user: Optional[User]` - `id: Optional[str]` UUID. - `email: Optional[str]` The contact email address of the user. - `name: Optional[str]` The enrolled device user's name. # DEX Tests ## List Device DEX tests `zero_trust.devices.dex_tests.list(DEXTestListParams**kwargs) -> SyncV4PagePaginationArray[DEXTestListResponse]` **get** `/accounts/{account_id}/dex/devices/dex_tests` Fetch all DEX tests ### Parameters - `account_id: str` - `kind: Optional[Literal["http", "traceroute"]]` Filter by test type - `"http"` - `"traceroute"` - `page: Optional[float]` Page number of paginated results - `per_page: Optional[float]` Number of items per page - `test_name: Optional[str]` Filter by test name ### Returns - `class DEXTestListResponse: …` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) page = client.zero_trust.devices.dex_tests.list( account_id="01a7362d577a6c3019a474fd6f485823", ) page = page.result[0] print(page.test_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } ] } ``` ## Get Device DEX test `zero_trust.devices.dex_tests.get(strdex_test_id, DEXTestGetParams**kwargs) -> DEXTestGetResponse` **get** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Fetch a single DEX test. ### Parameters - `account_id: str` - `dex_test_id: str` The unique identifier for the test. ### Returns - `class DEXTestGetResponse: …` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) dex_test = client.zero_trust.devices.dex_tests.get( dex_test_id="372e67954025e0ba6aaa6d586b9e0b59", account_id="01a7362d577a6c3019a474fd6f485823", ) print(dex_test.test_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Create Device DEX test `zero_trust.devices.dex_tests.create(DEXTestCreateParams**kwargs) -> DEXTestCreateResponse` **post** `/accounts/{account_id}/dex/devices/dex_tests` Create a DEX test. ### Parameters - `account_id: str` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[Iterable[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` ### Returns - `class DEXTestCreateResponse: …` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) dex_test = client.zero_trust.devices.dex_tests.create( account_id="01a7362d577a6c3019a474fd6f485823", data={ "host": "https://dash.cloudflare.com", "kind": "http", }, enabled=True, interval="30m", name="HTTP dash health check", ) print(dex_test.test_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Update Device DEX test `zero_trust.devices.dex_tests.update(strdex_test_id, DEXTestUpdateParams**kwargs) -> DEXTestUpdateResponse` **put** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Update a DEX test. ### Parameters - `account_id: str` - `dex_test_id: str` API Resource UUID tag. - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[Iterable[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` ### Returns - `class DEXTestUpdateResponse: …` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) dex_test = client.zero_trust.devices.dex_tests.update( dex_test_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="01a7362d577a6c3019a474fd6f485823", data={ "host": "https://dash.cloudflare.com", "kind": "http", }, enabled=True, interval="30m", name="HTTP dash health check", ) print(dex_test.test_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Delete Device DEX test `zero_trust.devices.dex_tests.delete(strdex_test_id, DEXTestDeleteParams**kwargs) -> DEXTestDeleteResponse` **delete** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Delete a Device DEX test. Returns the remaining device dex tests for the account. ### Parameters - `account_id: str` - `dex_test_id: str` API Resource UUID tag. ### Returns - `class DEXTestDeleteResponse: …` - `dex_tests: Optional[List[DEXTest]]` - `data: DEXTestData` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[DEXTestTargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted ) dex_test = client.zero_trust.devices.dex_tests.delete( dex_test_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="01a7362d577a6c3019a474fd6f485823", ) print(dex_test.dex_tests) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "dex_tests": [ { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59" } ] } } ``` ## Domain Types ### Schema Data - `class SchemaData: …` The configuration object which contains the details for the WARP client to conduct the test. - `host: Optional[str]` The desired endpoint to test. - `kind: Optional[str]` The type of test. - `method: Optional[str]` The HTTP request method type. ### Schema HTTP - `class SchemaHTTP: …` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: Optional[str]` The desired endpoint to test. - `kind: Optional[str]` The type of test. - `method: Optional[str]` The HTTP request method type. - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` Device settings profiles targeted by this test. - `id: Optional[str]` The id of the device settings profile. - `default: Optional[bool]` Whether the profile is the account default. - `name: Optional[str]` The name of the device settings profile. - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### DEX Test List Response - `class DEXTestListResponse: …` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### DEX Test Get Response - `class DEXTestGetResponse: …` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### DEX Test Create Response - `class DEXTestCreateResponse: …` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### DEX Test Update Response - `class DEXTestUpdateResponse: …` - `data: Data` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[TargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. ### DEX Test Delete Response - `class DEXTestDeleteResponse: …` - `dex_tests: Optional[List[DEXTest]]` - `data: DEXTestData` The configuration object which contains the details for the WARP client to conduct the test. - `host: str` The desired endpoint to test. - `kind: Literal["http", "traceroute"]` The type of test. - `"http"` - `"traceroute"` - `method: Optional[Literal["GET"]]` The HTTP request method type. - `"GET"` - `enabled: bool` Determines whether or not the test is active. - `interval: str` How often the test will run. - `name: str` The name of the DEX test. Must be unique. - `description: Optional[str]` Additional details about the test. - `target_policies: Optional[List[DEXTestTargetPolicy]]` DEX rules targeted by this test - `id: str` API Resource UUID tag. - `default: Optional[bool]` Whether the DEX rule is the account default - `name: Optional[str]` The name of the DEX rule - `targeted: Optional[bool]` - `test_id: Optional[str]` The unique identifier for the test. # IP Profiles ## List IP profiles `zero_trust.devices.ip_profiles.list(IPProfileListParams**kwargs) -> SyncSinglePage[IPProfile]` **get** `/accounts/{account_id}/devices/ip-profiles` Lists WARP Device IP profiles. ### Parameters - `account_id: str` - `per_page: Optional[int]` The number of IP profiles to return per page. ### Returns - `class IPProfile: …` - `id: str` The ID of the Device IP profile. - `created_at: str` The RFC3339Nano timestamp when the Device IP profile was created. - `description: Optional[str]` An optional description of the Device IP profile. - `enabled: bool` Whether the Device IP profile is enabled. - `match: str` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: str` A user-friendly name for the Device IP profile. - `precedence: int` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: str` The ID of the Subnet. - `updated_at: str` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.ip_profiles.list( account_id="account_id", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 10, "total_count": 10, "total_pages": 1 } } ``` ## Get IP profile `zero_trust.devices.ip_profiles.get(strprofile_id, IPProfileGetParams**kwargs) -> IPProfile` **get** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Fetches a single WARP Device IP profile. ### Parameters - `account_id: str` - `profile_id: str` ### Returns - `class IPProfile: …` - `id: str` The ID of the Device IP profile. - `created_at: str` The RFC3339Nano timestamp when the Device IP profile was created. - `description: Optional[str]` An optional description of the Device IP profile. - `enabled: bool` Whether the Device IP profile is enabled. - `match: str` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: str` A user-friendly name for the Device IP profile. - `precedence: int` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: str` The ID of the Subnet. - `updated_at: str` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) ip_profile = client.zero_trust.devices.ip_profiles.get( profile_id="profile_id", account_id="account_id", ) print(ip_profile.id) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Create IP profile `zero_trust.devices.ip_profiles.create(IPProfileCreateParams**kwargs) -> IPProfile` **post** `/accounts/{account_id}/devices/ip-profiles` Creates a WARP Device IP profile. Currently, only IPv4 Device subnets can be associated. ### Parameters - `account_id: str` - `match: str` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: str` A user-friendly name for the Device IP profile. - `precedence: int` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: str` The ID of the Subnet. - `description: Optional[str]` An optional description of the Device IP profile. - `enabled: Optional[bool]` Whether the Device IP profile will be applied to matching devices. ### Returns - `class IPProfile: …` - `id: str` The ID of the Device IP profile. - `created_at: str` The RFC3339Nano timestamp when the Device IP profile was created. - `description: Optional[str]` An optional description of the Device IP profile. - `enabled: bool` Whether the Device IP profile is enabled. - `match: str` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: str` A user-friendly name for the Device IP profile. - `precedence: int` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: str` The ID of the Subnet. - `updated_at: str` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) ip_profile = client.zero_trust.devices.ip_profiles.create( account_id="account_id", match="identity.email == \"test@cloudflare.com\"", name="IPv4 Cloudflare Source IPs", precedence=100, subnet_id="b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", ) print(ip_profile.id) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Update IP profile `zero_trust.devices.ip_profiles.update(strprofile_id, IPProfileUpdateParams**kwargs) -> IPProfile` **patch** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Updates a WARP Device IP profile. Currently, only IPv4 Device subnets can be associated. ### Parameters - `account_id: str` - `profile_id: str` - `description: Optional[str]` An optional description of the Device IP profile. - `enabled: Optional[bool]` Whether the Device IP profile is enabled. - `match: Optional[str]` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: Optional[str]` A user-friendly name for the Device IP profile. - `precedence: Optional[int]` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: Optional[str]` The ID of the Subnet. ### Returns - `class IPProfile: …` - `id: str` The ID of the Device IP profile. - `created_at: str` The RFC3339Nano timestamp when the Device IP profile was created. - `description: Optional[str]` An optional description of the Device IP profile. - `enabled: bool` Whether the Device IP profile is enabled. - `match: str` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: str` A user-friendly name for the Device IP profile. - `precedence: int` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: str` The ID of the Subnet. - `updated_at: str` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) ip_profile = client.zero_trust.devices.ip_profiles.update( profile_id="profile_id", account_id="account_id", ) print(ip_profile.id) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Delete IP profile `zero_trust.devices.ip_profiles.delete(strprofile_id, IPProfileDeleteParams**kwargs) -> IPProfileDeleteResponse` **delete** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Delete a WARP Device IP profile. ### Parameters - `account_id: str` - `profile_id: str` ### Returns - `class IPProfileDeleteResponse: …` - `id: Optional[str]` ID of the deleted Device IP profile. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) ip_profile = client.zero_trust.devices.ip_profiles.delete( profile_id="profile_id", account_id="account_id", ) print(ip_profile.id) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### IP Profile - `class IPProfile: …` - `id: str` The ID of the Device IP profile. - `created_at: str` The RFC3339Nano timestamp when the Device IP profile was created. - `description: Optional[str]` An optional description of the Device IP profile. - `enabled: bool` Whether the Device IP profile is enabled. - `match: str` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: str` A user-friendly name for the Device IP profile. - `precedence: int` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: str` The ID of the Subnet. - `updated_at: str` The RFC3339Nano timestamp when the Device IP profile was last updated. ### IP Profile Delete Response - `class IPProfileDeleteResponse: …` - `id: Optional[str]` ID of the deleted Device IP profile. # Networks ## List your device managed networks `zero_trust.devices.networks.list(NetworkListParams**kwargs) -> SyncSinglePage[DeviceNetwork]` **get** `/accounts/{account_id}/devices/networks` Fetches a list of managed networks for an account. ### Parameters - `account_id: str` ### Returns - `class DeviceNetwork: …` - `config: Optional[Config]` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: str` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256: Optional[str]` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: Optional[str]` The name of the device managed network. This name must be unique. - `network_id: Optional[str]` API UUID. - `type: Optional[Literal["tls"]]` The type of device managed network. - `"tls"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.networks.list( account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.network_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device managed network details `zero_trust.devices.networks.get(strnetwork_id, NetworkGetParams**kwargs) -> DeviceNetwork` **get** `/accounts/{account_id}/devices/networks/{network_id}` Fetches details for a single managed network. ### Parameters - `account_id: str` - `network_id: str` API UUID. ### Returns - `class DeviceNetwork: …` - `config: Optional[Config]` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: str` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256: Optional[str]` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: Optional[str]` The name of the device managed network. This name must be unique. - `network_id: Optional[str]` API UUID. - `type: Optional[Literal["tls"]]` The type of device managed network. - `"tls"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_network = client.zero_trust.devices.networks.get( network_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(device_network.network_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Create a device managed network `zero_trust.devices.networks.create(NetworkCreateParams**kwargs) -> DeviceNetwork` **post** `/accounts/{account_id}/devices/networks` Creates a new device managed network. ### Parameters - `account_id: str` - `config: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: str` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256: Optional[str]` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: str` The name of the device managed network. This name must be unique. - `type: Literal["tls"]` The type of device managed network. - `"tls"` ### Returns - `class DeviceNetwork: …` - `config: Optional[Config]` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: str` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256: Optional[str]` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: Optional[str]` The name of the device managed network. This name must be unique. - `network_id: Optional[str]` API UUID. - `type: Optional[Literal["tls"]]` The type of device managed network. - `"tls"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_network = client.zero_trust.devices.networks.create( account_id="699d98642c564d2e855e9661899b7252", config={ "tls_sockaddr": "foo.bar:1234" }, name="managed-network-1", type="tls", ) print(device_network.network_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Update a device managed network `zero_trust.devices.networks.update(strnetwork_id, NetworkUpdateParams**kwargs) -> DeviceNetwork` **put** `/accounts/{account_id}/devices/networks/{network_id}` Updates a configured device managed network. ### Parameters - `account_id: str` - `network_id: str` API UUID. - `config: Optional[Config]` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: str` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256: Optional[str]` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: Optional[str]` The name of the device managed network. This name must be unique. - `type: Optional[Literal["tls"]]` The type of device managed network. - `"tls"` ### Returns - `class DeviceNetwork: …` - `config: Optional[Config]` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: str` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256: Optional[str]` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: Optional[str]` The name of the device managed network. This name must be unique. - `network_id: Optional[str]` API UUID. - `type: Optional[Literal["tls"]]` The type of device managed network. - `"tls"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_network = client.zero_trust.devices.networks.update( network_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(device_network.network_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Delete a device managed network `zero_trust.devices.networks.delete(strnetwork_id, NetworkDeleteParams**kwargs) -> SyncSinglePage[DeviceNetwork]` **delete** `/accounts/{account_id}/devices/networks/{network_id}` Deletes a device managed network and fetches a list of the remaining device managed networks for an account. ### Parameters - `account_id: str` - `network_id: str` API UUID. ### Returns - `class DeviceNetwork: …` - `config: Optional[Config]` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: str` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256: Optional[str]` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: Optional[str]` The name of the device managed network. This name must be unique. - `network_id: Optional[str]` API UUID. - `type: Optional[Literal["tls"]]` The type of device managed network. - `"tls"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.networks.delete( network_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.network_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Device Network - `class DeviceNetwork: …` - `config: Optional[Config]` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: str` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256: Optional[str]` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: Optional[str]` The name of the device managed network. This name must be unique. - `network_id: Optional[str]` API UUID. - `type: Optional[Literal["tls"]]` The type of device managed network. - `"tls"` # Fleet Status ## Get the live status of a latest device `zero_trust.devices.fleet_status.get(strdevice_id, FleetStatusGetParams**kwargs) -> FleetStatusGetResponse` **get** `/accounts/{account_id}/dex/devices/{device_id}/fleet-status/live` Get the live status of a latest device given device_id from the device_state table ### Parameters - `account_id: str` - `device_id: str` Device-specific ID, given as UUID v4 - `since_minutes: float` Number of minutes before current time - `colo: Optional[str]` List of data centers to filter results - `time_now: Optional[str]` Number of minutes before current time ### Returns - `class FleetStatusGetResponse: …` - `colo: str` Cloudflare colo - `device_id: str` Device identifier (UUID v4) - `mode: str` The mode under which the WARP client is run - `platform: str` Operating system - `status: str` Network status - `timestamp: str` Timestamp in ISO format - `version: str` WARP client version - `always_on: Optional[bool]` - `battery_charging: Optional[bool]` - `battery_cycles: Optional[int]` - `battery_pct: Optional[float]` - `connection_type: Optional[str]` - `cpu_pct: Optional[float]` - `cpu_pct_by_app: Optional[List[List[CPUPctByApp]]]` - `cpu_pct: Optional[float]` - `name: Optional[str]` - `device_ipv4: Optional[DeviceIPV4]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[DeviceIPV4Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `device_ipv6: Optional[DeviceIPV6]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[DeviceIPV6Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `device_name: Optional[str]` Device identifier (human readable) - `disk_read_bps: Optional[int]` - `disk_usage_pct: Optional[float]` - `disk_write_bps: Optional[int]` - `doh_subdomain: Optional[str]` - `estimated_loss_pct: Optional[float]` - `firewall_enabled: Optional[bool]` - `gateway_ipv4: Optional[GatewayIPV4]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[GatewayIPV4Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `gateway_ipv6: Optional[GatewayIPV6]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[GatewayIPV6Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `handshake_latency_ms: Optional[float]` - `isp_ipv4: Optional[ISPIPV4]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[ISPIPV4Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `isp_ipv6: Optional[ISPIPV6]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[ISPIPV6Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `metal: Optional[str]` - `network_rcvd_bps: Optional[int]` - `network_sent_bps: Optional[int]` - `network_ssid: Optional[str]` - `person_email: Optional[str]` User contact email address - `ram_available_kb: Optional[int]` - `ram_used_pct: Optional[float]` - `ram_used_pct_by_app: Optional[List[List[RamUsedPctByApp]]]` - `name: Optional[str]` - `ram_used_pct: Optional[float]` - `switch_locked: Optional[bool]` - `wifi_strength_dbm: Optional[int]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) fleet_status = client.zero_trust.devices.fleet_status.get( device_id="cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7", account_id="01a7362d577a6c3019a474fd6f485823", since_minutes=10, ) print(fleet_status.network_ssid) ``` #### Response ```json { "colo": "SJC", "deviceId": "deviceId", "mode": "proxy", "platform": "windows", "status": "connected", "timestamp": "2023-10-11T00:00:00Z", "version": "1.0.0", "alwaysOn": true, "batteryCharging": true, "batteryCycles": 0, "batteryPct": 0, "connectionType": "connectionType", "cpuPct": 0, "cpuPctByApp": [ [ { "cpu_pct": 0, "name": "name" } ] ], "deviceIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "deviceIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "deviceName": "deviceName", "diskReadBps": 0, "diskUsagePct": 0, "diskWriteBps": 0, "dohSubdomain": "dohSubdomain", "estimatedLossPct": 0, "firewallEnabled": true, "gatewayIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "gatewayIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "handshakeLatencyMs": 0, "ispIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "ispIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "netmask": "netmask", "version": "version" }, "metal": "metal", "networkRcvdBps": 0, "networkSentBps": 0, "networkSsid": "networkSsid", "personEmail": "personEmail", "ramAvailableKb": 0, "ramUsedPct": 0, "ramUsedPctByApp": [ [ { "name": "name", "ram_used_pct": 0 } ] ], "switchLocked": true, "wifiStrengthDbm": 0 } ``` ## Domain Types ### Fleet Status Get Response - `class FleetStatusGetResponse: …` - `colo: str` Cloudflare colo - `device_id: str` Device identifier (UUID v4) - `mode: str` The mode under which the WARP client is run - `platform: str` Operating system - `status: str` Network status - `timestamp: str` Timestamp in ISO format - `version: str` WARP client version - `always_on: Optional[bool]` - `battery_charging: Optional[bool]` - `battery_cycles: Optional[int]` - `battery_pct: Optional[float]` - `connection_type: Optional[str]` - `cpu_pct: Optional[float]` - `cpu_pct_by_app: Optional[List[List[CPUPctByApp]]]` - `cpu_pct: Optional[float]` - `name: Optional[str]` - `device_ipv4: Optional[DeviceIPV4]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[DeviceIPV4Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `device_ipv6: Optional[DeviceIPV6]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[DeviceIPV6Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `device_name: Optional[str]` Device identifier (human readable) - `disk_read_bps: Optional[int]` - `disk_usage_pct: Optional[float]` - `disk_write_bps: Optional[int]` - `doh_subdomain: Optional[str]` - `estimated_loss_pct: Optional[float]` - `firewall_enabled: Optional[bool]` - `gateway_ipv4: Optional[GatewayIPV4]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[GatewayIPV4Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `gateway_ipv6: Optional[GatewayIPV6]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[GatewayIPV6Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `handshake_latency_ms: Optional[float]` - `isp_ipv4: Optional[ISPIPV4]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[ISPIPV4Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `isp_ipv6: Optional[ISPIPV6]` - `address: Optional[str]` - `asn: Optional[int]` - `aso: Optional[str]` - `location: Optional[ISPIPV6Location]` - `city: Optional[str]` - `country_iso: Optional[str]` - `state_iso: Optional[str]` - `zip: Optional[str]` - `netmask: Optional[str]` - `version: Optional[str]` - `metal: Optional[str]` - `network_rcvd_bps: Optional[int]` - `network_sent_bps: Optional[int]` - `network_ssid: Optional[str]` - `person_email: Optional[str]` User contact email address - `ram_available_kb: Optional[int]` - `ram_used_pct: Optional[float]` - `ram_used_pct_by_app: Optional[List[List[RamUsedPctByApp]]]` - `name: Optional[str]` - `ram_used_pct: Optional[float]` - `switch_locked: Optional[bool]` - `wifi_strength_dbm: Optional[int]` # Policies ## Domain Types ### Device Policy Certificates - `class DevicePolicyCertificates: …` - `enabled: bool` The current status of the device policy certificate provisioning feature for WARP clients. ### Fallback Domain - `class FallbackDomain: …` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. ### Fallback Domain Policy - `Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. ### Settings Policy - `class SettingsPolicy: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy is the default policy for an account. - `description: Optional[str]` A description of the policy. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match: Optional[str]` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: Optional[str]` The name of the device settings profile. - `policy_id: Optional[str]` - `precedence: Optional[float]` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests: Optional[List[TargetTest]]` - `id: Optional[str]` The id of the DEX test targeting this policy. - `name: Optional[str]` The name of the DEX test targeting this policy. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Split Tunnel Exclude - `SplitTunnelExclude` - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Split Tunnel Include - `SplitTunnelInclude` - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. # Default ## Get the default device settings profile `zero_trust.devices.policies.default.get(DefaultGetParams**kwargs) -> DefaultGetResponse` **get** `/accounts/{account_id}/devices/policy` Fetches the default device settings profile for an account. ### Parameters - `account_id: str` ### Returns - `class DefaultGetResponse: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy will be applied to matching devices. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) default = client.zero_trust.devices.policies.default.get( account_id="699d98642c564d2e855e9661899b7252", ) print(default.gateway_unique_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": true, "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "tunnel_protocol": "wireguard" }, "success": true } ``` ## Update the default device settings profile `zero_trust.devices.policies.default.edit(DefaultEditParams**kwargs) -> DefaultEditResponse` **patch** `/accounts/{account_id}/devices/policy` Updates the default device settings profile for an account. ### Parameters - `account_id: str` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `exclude: Optional[Iterable[SplitTunnelExcludeParam]]` List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `include: Optional[Iterable[SplitTunnelIncludeParam]]` List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Returns - `class DefaultEditResponse: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy will be applied to matching devices. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.zero_trust.devices.policies.default.edit( account_id="699d98642c564d2e855e9661899b7252", ) print(response.gateway_unique_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": true, "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "tunnel_protocol": "wireguard" }, "success": true } ``` ## Domain Types ### Default Get Response - `class DefaultGetResponse: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy will be applied to matching devices. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Default Edit Response - `class DefaultEditResponse: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy will be applied to matching devices. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. # Excludes ## Get the Split Tunnel exclude list `zero_trust.devices.policies.default.excludes.get(ExcludeGetParams**kwargs) -> SyncSinglePage[SplitTunnelExclude]` **get** `/accounts/{account_id}/devices/policy/exclude` Fetches the list of routes excluded from the WARP client's tunnel. ### Parameters - `account_id: str` ### Returns - `SplitTunnelExclude` - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.default.excludes.get( account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel exclude list `zero_trust.devices.policies.default.excludes.update(ExcludeUpdateParams**kwargs) -> SyncSinglePage[SplitTunnelExclude]` **put** `/accounts/{account_id}/devices/policy/exclude` Sets the list of routes excluded from the WARP client's tunnel. ### Parameters - `account_id: str` - `body: Iterable[SplitTunnelExcludeParam]` - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelExclude` - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.default.excludes.update( account_id="699d98642c564d2e855e9661899b7252", body=[{ "address": "192.0.2.0/24" }], ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Includes ## Get the Split Tunnel include list `zero_trust.devices.policies.default.includes.get(IncludeGetParams**kwargs) -> SyncSinglePage[SplitTunnelInclude]` **get** `/accounts/{account_id}/devices/policy/include` Fetches the list of routes included in the WARP client's tunnel. ### Parameters - `account_id: str` ### Returns - `SplitTunnelInclude` - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.default.includes.get( account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel include list `zero_trust.devices.policies.default.includes.update(IncludeUpdateParams**kwargs) -> SyncSinglePage[SplitTunnelInclude]` **put** `/accounts/{account_id}/devices/policy/include` Sets the list of routes included in the WARP client's tunnel. ### Parameters - `account_id: str` - `body: Iterable[SplitTunnelIncludeParam]` - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelInclude` - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.default.includes.update( account_id="699d98642c564d2e855e9661899b7252", body=[{ "address": "192.0.2.0/24" }], ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Fallback Domains ## Get your Local Domain Fallback list `zero_trust.devices.policies.default.fallback_domains.get(FallbackDomainGetParams**kwargs) -> SyncSinglePage[FallbackDomain]` **get** `/accounts/{account_id}/devices/policy/fallback_domains` Fetches a list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. ### Parameters - `account_id: str` ### Returns - `class FallbackDomain: …` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.default.fallback_domains.get( account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.suffix) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set your Local Domain Fallback list `zero_trust.devices.policies.default.fallback_domains.update(FallbackDomainUpdateParams**kwargs) -> SyncSinglePage[FallbackDomain]` **put** `/accounts/{account_id}/devices/policy/fallback_domains` Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. ### Parameters - `account_id: str` - `domains: Iterable[FallbackDomainParam]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. ### Returns - `class FallbackDomain: …` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.default.fallback_domains.update( account_id="699d98642c564d2e855e9661899b7252", domains=[{ "suffix": "example.com" }], ) page = page.result[0] print(page.suffix) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Certificates ## Get device certificate provisioning status `zero_trust.devices.policies.default.certificates.get(CertificateGetParams**kwargs) -> DevicePolicyCertificates` **get** `/zones/{zone_id}/devices/policy/certificates` Fetches device certificate provisioning. ### Parameters - `zone_id: str` ### Returns - `class DevicePolicyCertificates: …` - `enabled: bool` The current status of the device policy certificate provisioning feature for WARP clients. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_policy_certificates = client.zero_trust.devices.policies.default.certificates.get( zone_id="699d98642c564d2e855e9661899b7252", ) print(device_policy_certificates.enabled) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "enabled": true }, "success": true } ``` ## Update device certificate provisioning status `zero_trust.devices.policies.default.certificates.edit(CertificateEditParams**kwargs) -> DevicePolicyCertificates` **patch** `/zones/{zone_id}/devices/policy/certificates` Enable Zero Trust Clients to provision a certificate, containing a x509 subject, and referenced by Access device posture policies when the client visits MTLS protected domains. This facilitates device posture without a WARP session. ### Parameters - `zone_id: str` - `enabled: bool` The current status of the device policy certificate provisioning feature for WARP clients. ### Returns - `class DevicePolicyCertificates: …` - `enabled: bool` The current status of the device policy certificate provisioning feature for WARP clients. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_policy_certificates = client.zero_trust.devices.policies.default.certificates.edit( zone_id="699d98642c564d2e855e9661899b7252", enabled=True, ) print(device_policy_certificates.enabled) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "enabled": true }, "success": true } ``` # Custom ## List device settings profiles `zero_trust.devices.policies.custom.list(CustomListParams**kwargs) -> SyncSinglePage[SettingsPolicy]` **get** `/accounts/{account_id}/devices/policies` Fetches a list of the device settings profiles for an account. ### Parameters - `account_id: str` ### Returns - `class SettingsPolicy: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy is the default policy for an account. - `description: Optional[str]` A description of the policy. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match: Optional[str]` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: Optional[str]` The name of the device settings profile. - `policy_id: Optional[str]` - `precedence: Optional[float]` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests: Optional[List[TargetTest]]` - `id: Optional[str]` The id of the DEX test targeting this policy. - `name: Optional[str]` The name of the DEX test targeting this policy. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.custom.list( account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.gateway_unique_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device settings profile by ID `zero_trust.devices.policies.custom.get(strpolicy_id, CustomGetParams**kwargs) -> SettingsPolicy` **get** `/accounts/{account_id}/devices/policy/{policy_id}` Fetches a device settings profile by ID. ### Parameters - `account_id: str` - `policy_id: str` ### Returns - `class SettingsPolicy: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy is the default policy for an account. - `description: Optional[str]` A description of the policy. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match: Optional[str]` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: Optional[str]` The name of the device settings profile. - `policy_id: Optional[str]` - `precedence: Optional[float]` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests: Optional[List[TargetTest]]` - `id: Optional[str]` The id of the DEX test targeting this policy. - `name: Optional[str]` The name of the DEX test targeting this policy. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) settings_policy = client.zero_trust.devices.policies.custom.get( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(settings_policy.gateway_unique_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Create a device settings profile `zero_trust.devices.policies.custom.create(CustomCreateParams**kwargs) -> SettingsPolicy` **post** `/accounts/{account_id}/devices/policy` Creates a device settings profile to be applied to certain devices matching the criteria. ### Parameters - `account_id: str` - `match: str` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: str` The name of the device settings profile. - `precedence: float` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `description: Optional[str]` A description of the policy. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[Iterable[SplitTunnelExcludeParam]]` List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `include: Optional[Iterable[SplitTunnelIncludeParam]]` List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Returns - `class SettingsPolicy: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy is the default policy for an account. - `description: Optional[str]` A description of the policy. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match: Optional[str]` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: Optional[str]` The name of the device settings profile. - `policy_id: Optional[str]` - `precedence: Optional[float]` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests: Optional[List[TargetTest]]` - `id: Optional[str]` The id of the DEX test targeting this policy. - `name: Optional[str]` The name of the DEX test targeting this policy. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) settings_policy = client.zero_trust.devices.policies.custom.create( account_id="699d98642c564d2e855e9661899b7252", match="identity.email == \"test@cloudflare.com\"", name="Allow Developers", precedence=100, ) print(settings_policy.gateway_unique_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Update a device settings profile `zero_trust.devices.policies.custom.edit(strpolicy_id, CustomEditParams**kwargs) -> SettingsPolicy` **patch** `/accounts/{account_id}/devices/policy/{policy_id}` Updates a configured device settings profile. ### Parameters - `account_id: str` - `policy_id: str` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `description: Optional[str]` A description of the policy. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[Iterable[SplitTunnelExcludeParam]]` List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `include: Optional[Iterable[SplitTunnelIncludeParam]]` List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match: Optional[str]` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: Optional[str]` The name of the device settings profile. - `precedence: Optional[float]` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Returns - `class SettingsPolicy: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy is the default policy for an account. - `description: Optional[str]` A description of the policy. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match: Optional[str]` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: Optional[str]` The name of the device settings profile. - `policy_id: Optional[str]` - `precedence: Optional[float]` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests: Optional[List[TargetTest]]` - `id: Optional[str]` The id of the DEX test targeting this policy. - `name: Optional[str]` The name of the DEX test targeting this policy. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) settings_policy = client.zero_trust.devices.policies.custom.edit( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(settings_policy.gateway_unique_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" }, "success": true } ``` ## Delete a device settings profile `zero_trust.devices.policies.custom.delete(strpolicy_id, CustomDeleteParams**kwargs) -> SyncSinglePage[SettingsPolicy]` **delete** `/accounts/{account_id}/devices/policy/{policy_id}` Deletes a device settings profile and fetches a list of the remaining profiles for an account. ### Parameters - `account_id: str` - `policy_id: str` ### Returns - `class SettingsPolicy: …` - `allow_mode_switch: Optional[bool]` Whether to allow the user to switch WARP between modes. - `allow_updates: Optional[bool]` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave: Optional[bool]` Whether to allow devices to leave the organization. - `auto_connect: Optional[float]` The amount of time in seconds to reconnect after having been disabled. - `captive_portal: Optional[float]` Turn on the captive portal after the specified amount of time. - `default: Optional[bool]` Whether the policy is the default policy for an account. - `description: Optional[str]` A description of the policy. - `disable_auto_fallback: Optional[bool]` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `enabled: Optional[bool]` Whether the policy will be applied to matching devices. - `exclude: Optional[List[SplitTunnelExclude]]` List of routes excluded in the WARP client's tunnel. - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips: Optional[bool]` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains: Optional[List[FallbackDomain]]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. - `gateway_unique_id: Optional[str]` - `include: Optional[List[SplitTunnelInclude]]` List of routes included in the WARP client's tunnel. - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes: Optional[float]` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size: Optional[float]` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match: Optional[str]` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: Optional[str]` The name of the device settings profile. - `policy_id: Optional[str]` - `precedence: Optional[float]` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns: Optional[bool]` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support: Optional[bool]` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2: Optional[ServiceModeV2]` - `mode: Optional[str]` The mode to run the WARP client under. - `port: Optional[float]` The port number when used with proxy mode. - `support_url: Optional[str]` The URL to launch when the Send Feedback button is clicked. - `switch_locked: Optional[bool]` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests: Optional[List[TargetTest]]` - `id: Optional[str]` The id of the DEX test targeting this policy. - `name: Optional[str]` The name of the DEX test targeting this policy. - `tunnel_protocol: Optional[str]` Determines which tunnel protocol to use. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.custom.delete( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.gateway_unique_id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Excludes ## Get the Split Tunnel exclude list for a device settings profile `zero_trust.devices.policies.custom.excludes.get(strpolicy_id, ExcludeGetParams**kwargs) -> SyncSinglePage[SplitTunnelExclude]` **get** `/accounts/{account_id}/devices/policy/{policy_id}/exclude` Fetches the list of routes excluded from the WARP client's tunnel for a specific device settings profile. ### Parameters - `account_id: str` - `policy_id: str` ### Returns - `SplitTunnelExclude` - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.custom.excludes.get( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel exclude list for a device settings profile `zero_trust.devices.policies.custom.excludes.update(strpolicy_id, ExcludeUpdateParams**kwargs) -> SyncSinglePage[SplitTunnelExclude]` **put** `/accounts/{account_id}/devices/policy/{policy_id}/exclude` Sets the list of routes excluded from the WARP client's tunnel for a specific device settings profile. ### Parameters - `account_id: str` - `policy_id: str` - `body: Iterable[SplitTunnelExcludeParam]` - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelExclude` - `class TeamsDevicesExcludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesExcludeSplitTunnelWithHost: …` - `host: str` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.custom.excludes.update( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", body=[{ "address": "192.0.2.0/24" }], ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Includes ## Get the Split Tunnel include list for a device settings profile `zero_trust.devices.policies.custom.includes.get(strpolicy_id, IncludeGetParams**kwargs) -> SyncSinglePage[SplitTunnelInclude]` **get** `/accounts/{account_id}/devices/policy/{policy_id}/include` Fetches the list of routes included in the WARP client's tunnel for a specific device settings profile. ### Parameters - `account_id: str` - `policy_id: str` ### Returns - `SplitTunnelInclude` - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.custom.includes.get( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel include list for a device settings profile `zero_trust.devices.policies.custom.includes.update(strpolicy_id, IncludeUpdateParams**kwargs) -> SyncSinglePage[SplitTunnelInclude]` **put** `/accounts/{account_id}/devices/policy/{policy_id}/include` Sets the list of routes included in the WARP client's tunnel for a specific device settings profile. ### Parameters - `account_id: str` - `policy_id: str` - `body: Iterable[SplitTunnelIncludeParam]` - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelInclude` - `class TeamsDevicesIncludeSplitTunnelWithAddress: …` - `address: str` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. - `class TeamsDevicesIncludeSplitTunnelWithHost: …` - `host: str` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description: Optional[str]` A description of the Split Tunnel item, displayed in the client UI. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.custom.includes.update( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", body=[{ "address": "192.0.2.0/24" }], ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Fallback Domains ## Get the Local Domain Fallback list for a device settings profile `zero_trust.devices.policies.custom.fallback_domains.get(strpolicy_id, FallbackDomainGetParams**kwargs) -> SyncSinglePage[FallbackDomain]` **get** `/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains` Fetches the list of domains to bypass Gateway DNS resolution from a specified device settings profile. These domains will use the specified local DNS resolver instead. ### Parameters - `account_id: str` - `policy_id: str` ### Returns - `class FallbackDomain: …` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.custom.fallback_domains.get( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.suffix) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Local Domain Fallback list for a device settings profile `zero_trust.devices.policies.custom.fallback_domains.update(strpolicy_id, FallbackDomainUpdateParams**kwargs) -> SyncSinglePage[FallbackDomain]` **put** `/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains` Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. This will only apply to the specified device settings profile. ### Parameters - `account_id: str` - `policy_id: str` - `domains: Iterable[FallbackDomainParam]` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. ### Returns - `class FallbackDomain: …` - `suffix: str` The domain suffix to match when resolving locally. - `description: Optional[str]` A description of the fallback domain, displayed in the client UI. - `dns_server: Optional[List[str]]` A list of IP addresses to handle domain resolution. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.policies.custom.fallback_domains.update( policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", domains=[{ "suffix": "example.com" }], ) page = page.result[0] print(page.suffix) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Posture ## List device posture rules `zero_trust.devices.posture.list(PostureListParams**kwargs) -> SyncSinglePage[DevicePostureRule]` **get** `/accounts/{account_id}/devices/posture` Fetches device posture rules for a Zero Trust account. ### Parameters - `account_id: str` ### Returns - `class DevicePostureRule: …` - `id: Optional[str]` API UUID. - `description: Optional[str]` The description of the device posture rule. - `expiration: Optional[str]` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input: Optional[DeviceInput]` The value to be checked against. - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesCarbonblackInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesAccessSerialNumberListInputRequest: …` - `id: str` UUID of Access List. - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. - `class TeamsDevicesApplicationInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` Path for the application. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. - `class TeamsDevicesClientCertificateV2InputRequest: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `check_private_key: bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn: Optional[str]` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]` - `paths: Optional[List[str]]` List of paths to check for client certificate on linux. - `trust_stores: Optional[List[Literal["system", "user"]]]` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names: Optional[List[str]]` List of certificate Subject Alternative Names. - `class TeamsDevicesAntivirusInputRequest: …` - `update_window_days: Optional[float]` Number of days that the antivirus should be updated within. - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class TeamsDevicesCustomS2sInputRequest: …` - `connection_id: str` Posture Integration ID. - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: float` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match: Optional[List[DeviceMatch]]` The conditions that the client must match to run the rule. - `platform: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name: Optional[str]` The name of the device posture rule. - `schedule: Optional[str]` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type: Optional[Literal["file", "application", "tanium", 20 more]]` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.posture.list( account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device posture rule details `zero_trust.devices.posture.get(strrule_id, PostureGetParams**kwargs) -> DevicePostureRule` **get** `/accounts/{account_id}/devices/posture/{rule_id}` Fetches a single device posture rule. ### Parameters - `account_id: str` - `rule_id: str` API UUID. ### Returns - `class DevicePostureRule: …` - `id: Optional[str]` API UUID. - `description: Optional[str]` The description of the device posture rule. - `expiration: Optional[str]` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input: Optional[DeviceInput]` The value to be checked against. - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesCarbonblackInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesAccessSerialNumberListInputRequest: …` - `id: str` UUID of Access List. - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. - `class TeamsDevicesApplicationInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` Path for the application. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. - `class TeamsDevicesClientCertificateV2InputRequest: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `check_private_key: bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn: Optional[str]` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]` - `paths: Optional[List[str]]` List of paths to check for client certificate on linux. - `trust_stores: Optional[List[Literal["system", "user"]]]` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names: Optional[List[str]]` List of certificate Subject Alternative Names. - `class TeamsDevicesAntivirusInputRequest: …` - `update_window_days: Optional[float]` Number of days that the antivirus should be updated within. - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class TeamsDevicesCustomS2sInputRequest: …` - `connection_id: str` Posture Integration ID. - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: float` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match: Optional[List[DeviceMatch]]` The conditions that the client must match to run the rule. - `platform: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name: Optional[str]` The name of the device posture rule. - `schedule: Optional[str]` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type: Optional[Literal["file", "application", "tanium", 20 more]]` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_posture_rule = client.zero_trust.devices.posture.get( rule_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(device_posture_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Create a device posture rule `zero_trust.devices.posture.create(PostureCreateParams**kwargs) -> DevicePostureRule` **post** `/accounts/{account_id}/devices/posture` Creates a new device posture rule. ### Parameters - `account_id: str` - `name: str` The name of the device posture rule. - `type: Literal["file", "application", "tanium", 20 more]` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` - `description: Optional[str]` The description of the device posture rule. - `expiration: Optional[str]` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input: Optional[DeviceInputParam]` The value to be checked against. - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesCarbonblackInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesAccessSerialNumberListInputRequest: …` - `id: str` UUID of Access List. - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. - `class TeamsDevicesApplicationInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` Path for the application. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. - `class TeamsDevicesClientCertificateV2InputRequest: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `check_private_key: bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn: Optional[str]` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]` - `paths: Optional[List[str]]` List of paths to check for client certificate on linux. - `trust_stores: Optional[List[Literal["system", "user"]]]` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names: Optional[List[str]]` List of certificate Subject Alternative Names. - `class TeamsDevicesAntivirusInputRequest: …` - `update_window_days: Optional[float]` Number of days that the antivirus should be updated within. - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class TeamsDevicesCustomS2sInputRequest: …` - `connection_id: str` Posture Integration ID. - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: float` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match: Optional[Iterable[DeviceMatchParam]]` The conditions that the client must match to run the rule. - `platform: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `schedule: Optional[str]` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. ### Returns - `class DevicePostureRule: …` - `id: Optional[str]` API UUID. - `description: Optional[str]` The description of the device posture rule. - `expiration: Optional[str]` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input: Optional[DeviceInput]` The value to be checked against. - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesCarbonblackInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesAccessSerialNumberListInputRequest: …` - `id: str` UUID of Access List. - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. - `class TeamsDevicesApplicationInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` Path for the application. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. - `class TeamsDevicesClientCertificateV2InputRequest: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `check_private_key: bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn: Optional[str]` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]` - `paths: Optional[List[str]]` List of paths to check for client certificate on linux. - `trust_stores: Optional[List[Literal["system", "user"]]]` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names: Optional[List[str]]` List of certificate Subject Alternative Names. - `class TeamsDevicesAntivirusInputRequest: …` - `update_window_days: Optional[float]` Number of days that the antivirus should be updated within. - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class TeamsDevicesCustomS2sInputRequest: …` - `connection_id: str` Posture Integration ID. - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: float` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match: Optional[List[DeviceMatch]]` The conditions that the client must match to run the rule. - `platform: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name: Optional[str]` The name of the device posture rule. - `schedule: Optional[str]` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type: Optional[Literal["file", "application", "tanium", 20 more]]` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_posture_rule = client.zero_trust.devices.posture.create( account_id="699d98642c564d2e855e9661899b7252", name="Admin Serial Numbers", type="file", ) print(device_posture_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Update a device posture rule `zero_trust.devices.posture.update(strrule_id, PostureUpdateParams**kwargs) -> DevicePostureRule` **put** `/accounts/{account_id}/devices/posture/{rule_id}` Updates a device posture rule. ### Parameters - `account_id: str` - `rule_id: str` API UUID. - `name: str` The name of the device posture rule. - `type: Literal["file", "application", "tanium", 20 more]` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` - `description: Optional[str]` The description of the device posture rule. - `expiration: Optional[str]` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input: Optional[DeviceInputParam]` The value to be checked against. - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesCarbonblackInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesAccessSerialNumberListInputRequest: …` - `id: str` UUID of Access List. - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. - `class TeamsDevicesApplicationInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` Path for the application. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. - `class TeamsDevicesClientCertificateV2InputRequest: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `check_private_key: bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn: Optional[str]` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]` - `paths: Optional[List[str]]` List of paths to check for client certificate on linux. - `trust_stores: Optional[List[Literal["system", "user"]]]` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names: Optional[List[str]]` List of certificate Subject Alternative Names. - `class TeamsDevicesAntivirusInputRequest: …` - `update_window_days: Optional[float]` Number of days that the antivirus should be updated within. - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class TeamsDevicesCustomS2sInputRequest: …` - `connection_id: str` Posture Integration ID. - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: float` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match: Optional[Iterable[DeviceMatchParam]]` The conditions that the client must match to run the rule. - `platform: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `schedule: Optional[str]` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. ### Returns - `class DevicePostureRule: …` - `id: Optional[str]` API UUID. - `description: Optional[str]` The description of the device posture rule. - `expiration: Optional[str]` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input: Optional[DeviceInput]` The value to be checked against. - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesCarbonblackInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesAccessSerialNumberListInputRequest: …` - `id: str` UUID of Access List. - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. - `class TeamsDevicesApplicationInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` Path for the application. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. - `class TeamsDevicesClientCertificateV2InputRequest: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `check_private_key: bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn: Optional[str]` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]` - `paths: Optional[List[str]]` List of paths to check for client certificate on linux. - `trust_stores: Optional[List[Literal["system", "user"]]]` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names: Optional[List[str]]` List of certificate Subject Alternative Names. - `class TeamsDevicesAntivirusInputRequest: …` - `update_window_days: Optional[float]` Number of days that the antivirus should be updated within. - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class TeamsDevicesCustomS2sInputRequest: …` - `connection_id: str` Posture Integration ID. - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: float` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match: Optional[List[DeviceMatch]]` The conditions that the client must match to run the rule. - `platform: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name: Optional[str]` The name of the device posture rule. - `schedule: Optional[str]` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type: Optional[Literal["file", "application", "tanium", 20 more]]` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_posture_rule = client.zero_trust.devices.posture.update( rule_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", name="Admin Serial Numbers", type="file", ) print(device_posture_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Delete a device posture rule `zero_trust.devices.posture.delete(strrule_id, PostureDeleteParams**kwargs) -> PostureDeleteResponse` **delete** `/accounts/{account_id}/devices/posture/{rule_id}` Deletes a device posture rule. ### Parameters - `account_id: str` - `rule_id: str` API UUID. ### Returns - `class PostureDeleteResponse: …` - `id: Optional[str]` API UUID. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) posture = client.zero_trust.devices.posture.delete( rule_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(posture.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### Carbonblack Input - `str` ### Client Certificate Input - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. ### Crowdstrike Input - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` ### Device Input - `DeviceInput` The value to be checked against. - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesCarbonblackInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesAccessSerialNumberListInputRequest: …` - `id: str` UUID of Access List. - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. - `class TeamsDevicesApplicationInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` Path for the application. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. - `class TeamsDevicesClientCertificateV2InputRequest: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `check_private_key: bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn: Optional[str]` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]` - `paths: Optional[List[str]]` List of paths to check for client certificate on linux. - `trust_stores: Optional[List[Literal["system", "user"]]]` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names: Optional[List[str]]` List of certificate Subject Alternative Names. - `class TeamsDevicesAntivirusInputRequest: …` - `update_window_days: Optional[float]` Number of days that the antivirus should be updated within. - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class TeamsDevicesCustomS2sInputRequest: …` - `connection_id: str` Posture Integration ID. - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: float` A value between 0-100 assigned to devices set by the 3rd party posture provider. ### Device Match - `class DeviceMatch: …` - `platform: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` ### Device Posture Rule - `class DevicePostureRule: …` - `id: Optional[str]` API UUID. - `description: Optional[str]` The description of the device posture rule. - `expiration: Optional[str]` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input: Optional[DeviceInput]` The value to be checked against. - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesCarbonblackInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class TeamsDevicesAccessSerialNumberListInputRequest: …` - `id: str` UUID of Access List. - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. - `class TeamsDevicesApplicationInputRequest: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` Path for the application. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. - `class ClientCertificateInput: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `cn: str` Common Name that is protected by the certificate. - `class TeamsDevicesClientCertificateV2InputRequest: …` - `certificate_id: str` UUID of Cloudflare managed certificate. - `check_private_key: bool` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn: Optional[str]` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage: Optional[List[Literal["clientAuth", "emailProtection"]]]` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations: Optional[TeamsDevicesClientCertificateV2InputRequestLocations]` - `paths: Optional[List[str]]` List of paths to check for client certificate on linux. - `trust_stores: Optional[List[Literal["system", "user"]]]` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names: Optional[List[str]]` List of certificate Subject Alternative Names. - `class TeamsDevicesAntivirusInputRequest: …` - `update_window_days: Optional[float]` Number of days that the antivirus should be updated within. - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. - `class CrowdstrikeInput: …` - `connection_id: str` Posture Integration ID. - `last_seen: Optional[str]` For more details on last seen, please refer to the Crowdstrike documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os: Optional[str]` Os Version. - `overall: Optional[str]` Overall. - `sensor_config: Optional[str]` SensorConfig. - `state: Optional[Literal["online", "offline", "unknown"]]` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version: Optional[str]` Version. - `version_operator: Optional[Literal["<", "<=", ">", 2 more]]` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `class TeamsDevicesCustomS2sInputRequest: …` - `connection_id: str` Posture Integration ID. - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: float` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match: Optional[List[DeviceMatch]]` The conditions that the client must match to run the rule. - `platform: Optional[Literal["windows", "mac", "linux", 3 more]]` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name: Optional[str]` The name of the device posture rule. - `schedule: Optional[str]` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type: Optional[Literal["file", "application", "tanium", 20 more]]` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Disk Encryption Input - `class DiskEncryptionInput: …` - `check_disks: Optional[List[CarbonblackInput]]` List of volume names to be checked for encryption. - `require_all: Optional[bool]` Whether to check all disks for encryption. ### Domain Joined Input - `class DomainJoinedInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `domain: Optional[str]` Domain. ### File Input - `class FileInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `exists: Optional[bool]` Whether or not file exists. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. ### Firewall Input - `class FirewallInput: …` - `enabled: bool` Enabled. - `operating_system: Literal["windows", "mac"]` Operating System. - `"windows"` - `"mac"` ### Intune Input - `class IntuneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown", 3 more]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: str` Posture Integration ID. ### Kolide Input - `class KolideInput: …` - `connection_id: str` Posture Integration ID. - `count_operator: Literal["<", "<=", ">", 2 more]` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count: str` The Number of Issues. ### OS Version Input - `class OSVersionInput: …` - `operating_system: Literal["windows"]` Operating System. - `"windows"` - `operator: Literal["<", "<=", ">", 2 more]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: str` Version of OS. - `os_distro_name: Optional[str]` Operating System Distribution Name (linux only). - `os_distro_revision: Optional[str]` Version of OS Distribution (linux only). - `os_version_extra: Optional[str]` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. ### Sentinelone Input - `class SentineloneInput: …` - `operating_system: Literal["windows", "linux", "mac"]` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: str` File path. - `sha256: Optional[str]` SHA-256. - `thumbprint: Optional[str]` Signing certificate thumbprint. ### Sentinelone S2s Input - `class SentineloneS2sInput: …` - `connection_id: str` Posture Integration ID. - `active_threats: Optional[float]` The Number of active threats. - `infected: Optional[bool]` Whether device is infected. - `is_active: Optional[bool]` Whether device is active. - `network_status: Optional[Literal["connected", "disconnected", "disconnecting", "connecting"]]` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state: Optional[Literal["na", "partially_disabled", "auto_fully_disabled", 4 more]]` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` ### Tanium Input - `class TaniumInput: …` - `connection_id: str` Posture Integration ID. - `eid_last_seen: Optional[str]` For more details on eid last seen, refer to the Tanium documentation. - `operator: Optional[Literal["<", "<=", ">", 2 more]]` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level: Optional[Literal["low", "medium", "high", "critical"]]` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `score_operator: Optional[Literal["<", "<=", ">", 2 more]]` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score: Optional[float]` For more details on total score, refer to the Tanium documentation. ### Unique Client ID Input - `class UniqueClientIDInput: …` - `id: str` List ID. - `operating_system: Literal["android", "ios", "chromeos"]` Operating System. - `"android"` - `"ios"` - `"chromeos"` ### Workspace One Input - `class WorkspaceOneInput: …` - `compliance_status: Literal["compliant", "noncompliant", "unknown"]` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: str` Posture Integration ID. ### Posture Delete Response - `class PostureDeleteResponse: …` - `id: Optional[str]` API UUID. # Integrations ## List your device posture integrations `zero_trust.devices.posture.integrations.list(IntegrationListParams**kwargs) -> SyncSinglePage[Integration]` **get** `/accounts/{account_id}/devices/posture/integration` Fetches the list of device posture integrations for an account. ### Parameters - `account_id: str` ### Returns - `class Integration: …` - `id: Optional[str]` API UUID. - `config: Optional[Config]` The configuration object containing third-party integration information. - `api_url: str` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: str` The Workspace One Authorization URL depending on your region. - `client_id: str` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval: Optional[str]` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: Optional[str]` The name of the device posture integration. - `type: Optional[Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]]` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.posture.integrations.list( account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device posture integration details `zero_trust.devices.posture.integrations.get(strintegration_id, IntegrationGetParams**kwargs) -> Integration` **get** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Fetches details for a single device posture integration. ### Parameters - `account_id: str` - `integration_id: str` API UUID. ### Returns - `class Integration: …` - `id: Optional[str]` API UUID. - `config: Optional[Config]` The configuration object containing third-party integration information. - `api_url: str` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: str` The Workspace One Authorization URL depending on your region. - `client_id: str` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval: Optional[str]` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: Optional[str]` The name of the device posture integration. - `type: Optional[Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]]` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) integration = client.zero_trust.devices.posture.integrations.get( integration_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(integration.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Create a device posture integration `zero_trust.devices.posture.integrations.create(IntegrationCreateParams**kwargs) -> Integration` **post** `/accounts/{account_id}/devices/posture/integration` Create a new device posture integration. ### Parameters - `account_id: str` - `config: Config` The configuration object containing third-party integration information. - `class ConfigTeamsDevicesWorkspaceOneConfigRequest: …` - `api_url: str` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: str` The Workspace One Authorization URL depending on your region. - `client_id: str` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `client_secret: str` The Workspace One client secret provided in the Workspace One Admin Dashboard. - `class ConfigTeamsDevicesCrowdstrikeConfigRequest: …` - `api_url: str` The Crowdstrike API URL. - `client_id: str` The Crowdstrike client ID. - `client_secret: str` The Crowdstrike client secret. - `customer_id: str` The Crowdstrike customer ID. - `class ConfigTeamsDevicesUptycsConfigRequest: …` - `api_url: str` The Uptycs API URL. - `client_key: str` The Uptycs client secret. - `client_secret: str` The Uptycs client secret. - `customer_id: str` The Uptycs customer ID. - `class ConfigTeamsDevicesIntuneConfigRequest: …` - `client_id: str` The Intune client ID. - `client_secret: str` The Intune client secret. - `customer_id: str` The Intune customer ID. - `class ConfigTeamsDevicesKolideConfigRequest: …` - `client_id: str` The Kolide client ID. - `client_secret: str` The Kolide client secret. - `class ConfigTeamsDevicesTaniumConfigRequest: …` - `api_url: str` The Tanium API URL. - `client_secret: str` The Tanium client secret. - `access_client_id: Optional[str]` If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret: Optional[str]` If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `class ConfigTeamsDevicesSentineloneS2sConfigRequest: …` - `api_url: str` The SentinelOne S2S API URL. - `client_secret: str` The SentinelOne S2S client secret. - `class ConfigTeamsDevicesCustomS2sConfigRequest: …` - `access_client_id: str` This id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret: str` This secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `api_url: str` The Custom Device Posture Integration API URL. - `interval: str` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: str` The name of the device posture integration. - `type: Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Returns - `class Integration: …` - `id: Optional[str]` API UUID. - `config: Optional[Config]` The configuration object containing third-party integration information. - `api_url: str` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: str` The Workspace One Authorization URL depending on your region. - `client_id: str` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval: Optional[str]` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: Optional[str]` The name of the device posture integration. - `type: Optional[Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]]` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) integration = client.zero_trust.devices.posture.integrations.create( account_id="699d98642c564d2e855e9661899b7252", config={ "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id", "client_secret": "example client secret", }, interval="10m", name="My Workspace One Integration", type="workspace_one", ) print(integration.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Update a device posture integration `zero_trust.devices.posture.integrations.edit(strintegration_id, IntegrationEditParams**kwargs) -> Integration` **patch** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Updates a configured device posture integration. ### Parameters - `account_id: str` - `integration_id: str` API UUID. - `config: Optional[Config]` The configuration object containing third-party integration information. - `class ConfigTeamsDevicesWorkspaceOneConfigRequest: …` - `api_url: str` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: str` The Workspace One Authorization URL depending on your region. - `client_id: str` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `client_secret: str` The Workspace One client secret provided in the Workspace One Admin Dashboard. - `class ConfigTeamsDevicesCrowdstrikeConfigRequest: …` - `api_url: str` The Crowdstrike API URL. - `client_id: str` The Crowdstrike client ID. - `client_secret: str` The Crowdstrike client secret. - `customer_id: str` The Crowdstrike customer ID. - `class ConfigTeamsDevicesUptycsConfigRequest: …` - `api_url: str` The Uptycs API URL. - `client_key: str` The Uptycs client secret. - `client_secret: str` The Uptycs client secret. - `customer_id: str` The Uptycs customer ID. - `class ConfigTeamsDevicesIntuneConfigRequest: …` - `client_id: str` The Intune client ID. - `client_secret: str` The Intune client secret. - `customer_id: str` The Intune customer ID. - `class ConfigTeamsDevicesKolideConfigRequest: …` - `client_id: str` The Kolide client ID. - `client_secret: str` The Kolide client secret. - `class ConfigTeamsDevicesTaniumConfigRequest: …` - `api_url: str` The Tanium API URL. - `client_secret: str` The Tanium client secret. - `access_client_id: Optional[str]` If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret: Optional[str]` If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `class ConfigTeamsDevicesSentineloneS2sConfigRequest: …` - `api_url: str` The SentinelOne S2S API URL. - `client_secret: str` The SentinelOne S2S client secret. - `class ConfigTeamsDevicesCustomS2sConfigRequest: …` - `access_client_id: str` This id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret: str` This secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `api_url: str` The Custom Device Posture Integration API URL. - `interval: Optional[str]` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: Optional[str]` The name of the device posture integration. - `type: Optional[Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]]` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Returns - `class Integration: …` - `id: Optional[str]` API UUID. - `config: Optional[Config]` The configuration object containing third-party integration information. - `api_url: str` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: str` The Workspace One Authorization URL depending on your region. - `client_id: str` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval: Optional[str]` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: Optional[str]` The name of the device posture integration. - `type: Optional[Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]]` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) integration = client.zero_trust.devices.posture.integrations.edit( integration_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(integration.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Delete a device posture integration `zero_trust.devices.posture.integrations.delete(strintegration_id, IntegrationDeleteParams**kwargs) -> IntegrationDeleteResponse` **delete** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Delete a configured device posture integration. ### Parameters - `account_id: str` - `integration_id: str` API UUID. ### Returns - `Union[str, object, null]` - `str` - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) integration = client.zero_trust.devices.posture.integrations.delete( integration_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) print(integration) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Integration - `class Integration: …` - `id: Optional[str]` API UUID. - `config: Optional[Config]` The configuration object containing third-party integration information. - `api_url: str` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: str` The Workspace One Authorization URL depending on your region. - `client_id: str` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval: Optional[str]` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: Optional[str]` The name of the device posture integration. - `type: Optional[Literal["workspace_one", "crowdstrike_s2s", "uptycs", 5 more]]` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Integration Delete Response - `Union[str, object, null]` - `str` - `object` # Revoke ## Revoke devices (deprecated) `zero_trust.devices.revoke.create(RevokeCreateParams**kwargs) -> RevokeCreateResponse` **post** `/accounts/{account_id}/devices/revoke` Revokes a list of devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled. **Deprecated**: please use POST /accounts/{account_id}/devices/registrations/revoke instead. ### Parameters - `account_id: str` - `body: SequenceNotStr[str]` A list of Registration IDs to revoke. ### Returns - `Union[str, object, null]` - `str` - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) revoke = client.zero_trust.devices.revoke.create( account_id="699d98642c564d2e855e9661899b7252", body=["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"], ) print(revoke) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Revoke Create Response - `Union[str, object, null]` - `str` - `object` # Settings ## Get device settings for a Zero Trust account `zero_trust.devices.settings.get(SettingGetParams**kwargs) -> DeviceSettings` **get** `/accounts/{account_id}/devices/settings` Describes the current device settings for a Zero Trust account. ### Parameters - `account_id: str` ### Returns - `class DeviceSettings: …` - `disable_for_time: Optional[float]` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled: Optional[bool]` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint: Optional[str]` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval: Optional[str]` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url: Optional[str]` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled: Optional[bool]` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip: Optional[bool]` Enable using CGNAT virtual IPv4. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_settings = client.zero_trust.devices.settings.get( account_id="699d98642c564d2e855e9661899b7252", ) print(device_settings.disable_for_time) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Update device settings for a Zero Trust account `zero_trust.devices.settings.update(SettingUpdateParams**kwargs) -> DeviceSettings` **put** `/accounts/{account_id}/devices/settings` Updates the current device settings for a Zero Trust account. ### Parameters - `account_id: str` - `disable_for_time: Optional[float]` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled: Optional[bool]` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint: Optional[str]` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval: Optional[str]` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url: Optional[str]` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled: Optional[bool]` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip: Optional[bool]` Enable using CGNAT virtual IPv4. ### Returns - `class DeviceSettings: …` - `disable_for_time: Optional[float]` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled: Optional[bool]` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint: Optional[str]` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval: Optional[str]` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url: Optional[str]` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled: Optional[bool]` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip: Optional[bool]` Enable using CGNAT virtual IPv4. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_settings = client.zero_trust.devices.settings.update( account_id="699d98642c564d2e855e9661899b7252", ) print(device_settings.disable_for_time) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Patch device settings for a Zero Trust account `zero_trust.devices.settings.edit(SettingEditParams**kwargs) -> DeviceSettings` **patch** `/accounts/{account_id}/devices/settings` Patches the current device settings for a Zero Trust account. ### Parameters - `account_id: str` - `disable_for_time: Optional[float]` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled: Optional[bool]` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint: Optional[str]` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval: Optional[str]` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url: Optional[str]` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled: Optional[bool]` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip: Optional[bool]` Enable using CGNAT virtual IPv4. ### Returns - `class DeviceSettings: …` - `disable_for_time: Optional[float]` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled: Optional[bool]` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint: Optional[str]` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval: Optional[str]` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url: Optional[str]` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled: Optional[bool]` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip: Optional[bool]` Enable using CGNAT virtual IPv4. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_settings = client.zero_trust.devices.settings.edit( account_id="699d98642c564d2e855e9661899b7252", ) print(device_settings.disable_for_time) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Reset device settings for a Zero Trust account with defaults. This turns off all proxying. `zero_trust.devices.settings.delete(SettingDeleteParams**kwargs) -> DeviceSettings` **delete** `/accounts/{account_id}/devices/settings` Resets the current device settings for a Zero Trust account. ### Parameters - `account_id: str` ### Returns - `class DeviceSettings: …` - `disable_for_time: Optional[float]` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled: Optional[bool]` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint: Optional[str]` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval: Optional[str]` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url: Optional[str]` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled: Optional[bool]` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip: Optional[bool]` Enable using CGNAT virtual IPv4. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) device_settings = client.zero_trust.devices.settings.delete( account_id="699d98642c564d2e855e9661899b7252", ) print(device_settings.disable_for_time) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Domain Types ### Device Settings - `class DeviceSettings: …` - `disable_for_time: Optional[float]` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled: Optional[bool]` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint: Optional[str]` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval: Optional[str]` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url: Optional[str]` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled: Optional[bool]` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled: Optional[bool]` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip: Optional[bool]` Enable using CGNAT virtual IPv4. # Unrevoke ## Unrevoke devices (deprecated) `zero_trust.devices.unrevoke.create(UnrevokeCreateParams**kwargs) -> UnrevokeCreateResponse` **post** `/accounts/{account_id}/devices/unrevoke` Unrevokes a list of devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled. **Deprecated**: please use POST /accounts/{account_id}/devices/registrations/unrevoke instead. ### Parameters - `account_id: str` - `body: SequenceNotStr[str]` A list of Registration IDs to unrevoke. ### Returns - `Union[str, object, null]` - `str` - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) unrevoke = client.zero_trust.devices.unrevoke.create( account_id="699d98642c564d2e855e9661899b7252", body=["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"], ) print(unrevoke) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Unrevoke Create Response - `Union[str, object, null]` - `str` - `object` # Override Codes ## Get override codes (deprecated) `zero_trust.devices.override_codes.list(strdevice_id, OverrideCodeListParams**kwargs) -> SyncSinglePage[object]` **get** `/accounts/{account_id}/devices/{device_id}/override_codes` Fetches a one-time use admin override code for a device. This relies on the **Admin Override** setting being enabled in your device configuration. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated:** please use GET /accounts/{account_id}/devices/registrations/{registration_id}/override_codes instead. ### Parameters - `account_id: str` - `device_id: str` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). ### Returns - `object` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.zero_trust.devices.override_codes.list( device_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415", account_id="699d98642c564d2e855e9661899b7252", ) page = page.result[0] print(page) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ {} ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get override codes `zero_trust.devices.override_codes.get(strregistration_id, OverrideCodeGetParams**kwargs) -> OverrideCodeGetResponse` **get** `/accounts/{account_id}/devices/registrations/{registration_id}/override_codes` Fetches one-time use admin override codes for a registration. This relies on the **Admin Override** setting being enabled in your device configuration. ### Parameters - `account_id: str` - `registration_id: str` ### Returns - `class OverrideCodeGetResponse: …` - `disable_for_time: Optional[Dict[str, str]]` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) override_code = client.zero_trust.devices.override_codes.get( registration_id="registration_id", account_id="account_id", ) print(override_code.disable_for_time) ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "disable_for_time": { "foo": "string" } }, "success": true } ``` ## Domain Types ### Override Code Get Response - `class OverrideCodeGetResponse: …` - `disable_for_time: Optional[Dict[str, str]]`