Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Devices
Policies
Custom

Get device settings profile by ID

zero_trust.devices.policies.custom.get(strpolicy_id, CustomGetParams**kwargs) -> SettingsPolicy
GET/accounts/{account_id}/devices/policy/{policy_id}

Fetches a device settings profile by ID.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
account_id: str
policy_id: str
maxLength36
ReturnsExpand Collapse
class SettingsPolicy:
allow_mode_switch: Optional[bool]

Whether to allow the user to switch WARP between modes.

allow_updates: Optional[bool]

Whether to receive update notifications when a new version of the client is available.

allowed_to_leave: Optional[bool]

Whether to allow devices to leave the organization.

auto_connect: Optional[float]

The amount of time in seconds to reconnect after having been disabled.

captive_portal: Optional[float]

Turn on the captive portal after the specified amount of time.

default: Optional[bool]

Whether the policy is the default policy for an account.

description: Optional[str]

A description of the policy.

maxLength500
disable_auto_fallback: Optional[bool]

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

enabled: Optional[bool]

Whether the policy will be applied to matching devices.

exclude: Optional[List[SplitTunnelExclude]]

List of routes excluded in the WARP client’s tunnel.

One of the following:
class TeamsDevicesExcludeSplitTunnelWithAddress:
address: str

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesExcludeSplitTunnelWithHost:
host: str

The domain name to exclude from the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
exclude_office_ips: Optional[bool]

Whether to add Microsoft IPs to Split Tunnel exclusions.

fallback_domains: Optional[List[FallbackDomain]]
suffix: str

The domain suffix to match when resolving locally.

description: Optional[str]

A description of the fallback domain, displayed in the client UI.

maxLength100
dns_server: Optional[List[str]]

A list of IP addresses to handle domain resolution.

gateway_unique_id: Optional[str]
include: Optional[List[SplitTunnelInclude]]

List of routes included in the WARP client’s tunnel.

One of the following:
class TeamsDevicesIncludeSplitTunnelWithAddress:
address: str

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
class TeamsDevicesIncludeSplitTunnelWithHost:
host: str

The domain name to include in the tunnel. If host is present, address must not be present.

description: Optional[str]

A description of the Split Tunnel item, displayed in the client UI.

maxLength100
lan_allow_minutes: Optional[float]

The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset.

lan_allow_subnet_size: Optional[float]

The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset.

match: Optional[str]

The wirefilter expression to match devices. Available values: “identity.email”, “identity.groups.id”, “identity.groups.name”, “identity.groups.email”, “identity.service_token_uuid”, “identity.saml_attributes”, “network”, “os.name”, “os.version”.

maxLength500
name: Optional[str]

The name of the device settings profile.

maxLength100
policy_id: Optional[str]
maxLength36
precedence: Optional[float]

The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field.

register_interface_ip_with_dns: Optional[bool]

Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

sccm_vpn_boundary_support: Optional[bool]

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

service_mode_v2: Optional[ServiceModeV2]
mode: Optional[str]

The mode to run the WARP client under.

port: Optional[float]

The port number when used with proxy mode.

support_url: Optional[str]

The URL to launch when the Send Feedback button is clicked.

switch_locked: Optional[bool]

Whether to allow the user to turn off the WARP switch and disconnect the client.

target_tests: Optional[List[TargetTest]]
id: Optional[str]

The id of the DEX test targeting this policy.

name: Optional[str]

The name of the DEX test targeting this policy.

tunnel_protocol: Optional[str]

Determines which tunnel protocol to use.

Get device settings profile by ID

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
settings_policy = client.zero_trust.devices.policies.custom.get(
    policy_id="f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    account_id="699d98642c564d2e855e9661899b7252",
)
print(settings_policy.gateway_unique_id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "allow_mode_switch": true,
    "allow_updates": true,
    "allowed_to_leave": true,
    "auto_connect": 0,
    "captive_portal": 180,
    "default": false,
    "description": "Policy for test teams.",
    "disable_auto_fallback": true,
    "enabled": true,
    "exclude": [
      {
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel"
      }
    ],
    "exclude_office_ips": true,
    "fallback_domains": [
      {
        "suffix": "example.com",
        "description": "Domain bypass for local development",
        "dns_server": [
          "1.1.1.1"
        ]
      }
    ],
    "gateway_unique_id": "699d98642c564d2e855e9661899b7252",
    "include": [
      {
        "address": "192.0.2.0/24",
        "description": "Include testing domains in the tunnel"
      }
    ],
    "lan_allow_minutes": 30,
    "lan_allow_subnet_size": 24,
    "match": "identity.email == \"test@cloudflare.com\"",
    "name": "Allow Developers",
    "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "precedence": 100,
    "register_interface_ip_with_dns": true,
    "sccm_vpn_boundary_support": false,
    "service_mode_v2": {
      "mode": "proxy",
      "port": 3000
    },
    "support_url": "https://1.1.1.1/help",
    "switch_locked": true,
    "target_tests": [
      {
        "id": "id",
        "name": "name"
      }
    ],
    "tunnel_protocol": "wireguard"
  },
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "allow_mode_switch": true,
    "allow_updates": true,
    "allowed_to_leave": true,
    "auto_connect": 0,
    "captive_portal": 180,
    "default": false,
    "description": "Policy for test teams.",
    "disable_auto_fallback": true,
    "enabled": true,
    "exclude": [
      {
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel"
      }
    ],
    "exclude_office_ips": true,
    "fallback_domains": [
      {
        "suffix": "example.com",
        "description": "Domain bypass for local development",
        "dns_server": [
          "1.1.1.1"
        ]
      }
    ],
    "gateway_unique_id": "699d98642c564d2e855e9661899b7252",
    "include": [
      {
        "address": "192.0.2.0/24",
        "description": "Include testing domains in the tunnel"
      }
    ],
    "lan_allow_minutes": 30,
    "lan_allow_subnet_size": 24,
    "match": "identity.email == \"test@cloudflare.com\"",
    "name": "Allow Developers",
    "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "precedence": 100,
    "register_interface_ip_with_dns": true,
    "sccm_vpn_boundary_support": false,
    "service_mode_v2": {
      "mode": "proxy",
      "port": 3000
    },
    "support_url": "https://1.1.1.1/help",
    "switch_locked": true,
    "target_tests": [
      {
        "id": "id",
        "name": "name"
      }
    ],
    "tunnel_protocol": "wireguard"
  },
  "success": true
}