API Reference

Zero Trust

Gateway

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Certificates

List Zero Trust certificates

zero_trust.gateway.certificates.list(CertificateListParams**kwargs) -> SyncSinglePage[CertificateListResponse]

GET/accounts/{account_id}/gateway/certificates

Get Zero Trust certificate details

zero_trust.gateway.certificates.get(strcertificate_id, CertificateGetParams**kwargs) -> CertificateGetResponse

GET/accounts/{account_id}/gateway/certificates/{certificate_id}

Create Zero Trust certificate

zero_trust.gateway.certificates.create(CertificateCreateParams**kwargs) -> CertificateCreateResponse

POST/accounts/{account_id}/gateway/certificates

Delete Zero Trust certificate

zero_trust.gateway.certificates.delete(strcertificate_id, CertificateDeleteParams**kwargs) -> CertificateDeleteResponse

DELETE/accounts/{account_id}/gateway/certificates/{certificate_id}

Activate a Zero Trust certificate

zero_trust.gateway.certificates.activate(strcertificate_id, CertificateActivateParams**kwargs) -> CertificateActivateResponse

POST/accounts/{account_id}/gateway/certificates/{certificate_id}/activate

Deactivate a Zero Trust certificate

zero_trust.gateway.certificates.deactivate(strcertificate_id, CertificateDeactivateParams**kwargs) -> CertificateDeactivateResponse

POST/accounts/{account_id}/gateway/certificates/{certificate_id}/deactivate

ModelsExpand Collapse

class CertificateListResponse: …

id: Optional[str]

Identify the certificate with a UUID.

maxLength36

binding_status: Optional[Literal["pending_deployment", "available", "pending_deletion", "inactive"]]

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:

"pending_deployment"

"available"

"pending_deletion"

"inactive"

certificate: Optional[str]

Provide the CA certificate (read-only).

created_at: Optional[datetime]

formatdate-time

expires_on: Optional[datetime]

formatdate-time

fingerprint: Optional[str]

Provide the SHA256 fingerprint of the certificate (read-only).

in_use: Optional[bool]

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org: Optional[str]

Indicate the organization that issued the certificate (read-only).

issuer_raw: Optional[str]

Provide the entire issuer field of the certificate (read-only).

type: Optional[Literal["custom", "gateway_managed"]]

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:

"custom"

"gateway_managed"

updated_at: Optional[datetime]

formatdate-time

uploaded_on: Optional[datetime]

formatdate-time

class CertificateGetResponse: …

id: Optional[str]

Identify the certificate with a UUID.

maxLength36

binding_status: Optional[Literal["pending_deployment", "available", "pending_deletion", "inactive"]]

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:

"pending_deployment"

"available"

"pending_deletion"

"inactive"

certificate: Optional[str]

Provide the CA certificate (read-only).

created_at: Optional[datetime]

formatdate-time

expires_on: Optional[datetime]

formatdate-time

fingerprint: Optional[str]

Provide the SHA256 fingerprint of the certificate (read-only).

in_use: Optional[bool]

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org: Optional[str]

Indicate the organization that issued the certificate (read-only).

issuer_raw: Optional[str]

Provide the entire issuer field of the certificate (read-only).

type: Optional[Literal["custom", "gateway_managed"]]

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:

"custom"

"gateway_managed"

updated_at: Optional[datetime]

formatdate-time

uploaded_on: Optional[datetime]

formatdate-time

class CertificateCreateResponse: …

id: Optional[str]

Identify the certificate with a UUID.

maxLength36

binding_status: Optional[Literal["pending_deployment", "available", "pending_deletion", "inactive"]]

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:

"pending_deployment"

"available"

"pending_deletion"

"inactive"

certificate: Optional[str]

Provide the CA certificate (read-only).

created_at: Optional[datetime]

formatdate-time

expires_on: Optional[datetime]

formatdate-time

fingerprint: Optional[str]

Provide the SHA256 fingerprint of the certificate (read-only).

in_use: Optional[bool]

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org: Optional[str]

Indicate the organization that issued the certificate (read-only).

issuer_raw: Optional[str]

Provide the entire issuer field of the certificate (read-only).

type: Optional[Literal["custom", "gateway_managed"]]

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:

"custom"

"gateway_managed"

updated_at: Optional[datetime]

formatdate-time

uploaded_on: Optional[datetime]

formatdate-time

class CertificateDeleteResponse: …

id: Optional[str]

Identify the certificate with a UUID.

maxLength36

binding_status: Optional[Literal["pending_deployment", "available", "pending_deletion", "inactive"]]

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:

"pending_deployment"

"available"

"pending_deletion"

"inactive"

certificate: Optional[str]

Provide the CA certificate (read-only).

created_at: Optional[datetime]

formatdate-time

expires_on: Optional[datetime]

formatdate-time

fingerprint: Optional[str]

Provide the SHA256 fingerprint of the certificate (read-only).

in_use: Optional[bool]

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org: Optional[str]

Indicate the organization that issued the certificate (read-only).

issuer_raw: Optional[str]

Provide the entire issuer field of the certificate (read-only).

type: Optional[Literal["custom", "gateway_managed"]]

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:

"custom"

"gateway_managed"

updated_at: Optional[datetime]

formatdate-time

uploaded_on: Optional[datetime]

formatdate-time

class CertificateActivateResponse: …

id: Optional[str]

Identify the certificate with a UUID.

maxLength36

binding_status: Optional[Literal["pending_deployment", "available", "pending_deletion", "inactive"]]

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:

"pending_deployment"

"available"

"pending_deletion"

"inactive"

certificate: Optional[str]

Provide the CA certificate (read-only).

created_at: Optional[datetime]

formatdate-time

expires_on: Optional[datetime]

formatdate-time

fingerprint: Optional[str]

Provide the SHA256 fingerprint of the certificate (read-only).

in_use: Optional[bool]

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org: Optional[str]

Indicate the organization that issued the certificate (read-only).

issuer_raw: Optional[str]

Provide the entire issuer field of the certificate (read-only).

type: Optional[Literal["custom", "gateway_managed"]]

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:

"custom"

"gateway_managed"

updated_at: Optional[datetime]

formatdate-time

uploaded_on: Optional[datetime]

formatdate-time

class CertificateDeactivateResponse: …

id: Optional[str]

Identify the certificate with a UUID.

maxLength36

binding_status: Optional[Literal["pending_deployment", "available", "pending_deletion", "inactive"]]

Indicate the read-only deployment status of the certificate on Cloudflare’s edge. Gateway TLS interception can use certificates in the ‘available’ (previously called ‘active’) state.

One of the following:

"pending_deployment"

"available"

"pending_deletion"

"inactive"

certificate: Optional[str]

Provide the CA certificate (read-only).

created_at: Optional[datetime]

formatdate-time

expires_on: Optional[datetime]

formatdate-time

fingerprint: Optional[str]

Provide the SHA256 fingerprint of the certificate (read-only).

in_use: Optional[bool]

Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named certificate (read-only).

issuer_org: Optional[str]

Indicate the organization that issued the certificate (read-only).

issuer_raw: Optional[str]

Provide the entire issuer field of the certificate (read-only).

type: Optional[Literal["custom", "gateway_managed"]]

Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.

One of the following:

"custom"

"gateway_managed"

updated_at: Optional[datetime]

formatdate-time

uploaded_on: Optional[datetime]

formatdate-time