Cloudflared

List Cloudflare Tunnels

zero_trust.tunnels.cloudflared.list() -> SyncV4PagePaginationArray[CloudflareTunnel]

GET/accounts/{account_id}/cfd_tunnel

Get a Cloudflare Tunnel

zero_trust.tunnels.cloudflared.get(, ) -> CloudflareTunnel

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}

Create a Cloudflare Tunnel

zero_trust.tunnels.cloudflared.create() -> CloudflareTunnel

POST/accounts/{account_id}/cfd_tunnel

Update a Cloudflare Tunnel

zero_trust.tunnels.cloudflared.edit(, ) -> CloudflareTunnel

PATCH/accounts/{account_id}/cfd_tunnel/{tunnel_id}

Delete a Cloudflare Tunnel

zero_trust.tunnels.cloudflared.delete(, ) -> CloudflareTunnel

DELETE/accounts/{account_id}/cfd_tunnel/{tunnel_id}

CloudflaredConfigurations

Get configuration

zero_trust.tunnels.cloudflared.configurations.get(, ) -> ConfigurationGetResponse

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/configurations

Put configuration

zero_trust.tunnels.cloudflared.configurations.update(, ) -> ConfigurationUpdateResponse

PUT/accounts/{account_id}/cfd_tunnel/{tunnel_id}/configurations

ModelsExpand Collapse

class ConfigurationGetResponse: …

Cloudflare Tunnel configuration

account_id: Optional[str]

Identifier.

maxLength32

config: Optional[Config]

The tunnel configuration and ingress rules.

ingress: Optional[List[ConfigIngress]]

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

hostname: str

Public hostname for this service.

service: str

Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. ‘http_status:404’.

origin_request: Optional[ConfigIngressOriginRequest]

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Optional[ConfigIngressOriginRequestAccess]

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

aud_tag: List[str]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: str

required: Optional[bool]

Deny traffic that has not fulfilled Access authorization.

ca_pool: Optional[str]

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Optional[int]

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Optional[bool]

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Optional[bool]

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: Optional[str]

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Optional[int]

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Optional[int]

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Optional[bool]

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Optional[bool]

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Optional[bool]

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: Optional[str]

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: Optional[str]

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcp_keep_alive: Optional[int]

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Optional[int]

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

path: Optional[str]

Requests with this path route to this public hostname.

origin_request: Optional[ConfigOriginRequest]

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Optional[ConfigOriginRequestAccess]

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

aud_tag: List[str]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: str

required: Optional[bool]

Deny traffic that has not fulfilled Access authorization.

ca_pool: Optional[str]

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Optional[int]

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Optional[bool]

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Optional[bool]

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: Optional[str]

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Optional[int]

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Optional[int]

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Optional[bool]

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Optional[bool]

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Optional[bool]

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: Optional[str]

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: Optional[str]

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcp_keep_alive: Optional[int]

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Optional[int]

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

created_at: Optional[datetime]

formatdate-time

source: Optional[Literal["local", "cloudflare"]]

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel’s configuration on the Zero Trust dashboard.

One of the following:

"local"

"cloudflare"

tunnel_id: Optional[str]

UUID of the tunnel.

formatuuid

maxLength36

version: Optional[int]

The version of the Tunnel Configuration.

class ConfigurationUpdateResponse: …

Cloudflare Tunnel configuration

account_id: Optional[str]

Identifier.

maxLength32

config: Optional[Config]

The tunnel configuration and ingress rules.

ingress: Optional[List[ConfigIngress]]

List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.

hostname: str

Public hostname for this service.

service: str

Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. ‘http_status:404’.

origin_request: Optional[ConfigIngressOriginRequest]

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Optional[ConfigIngressOriginRequestAccess]

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

aud_tag: List[str]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: str

required: Optional[bool]

Deny traffic that has not fulfilled Access authorization.

ca_pool: Optional[str]

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Optional[int]

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Optional[bool]

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Optional[bool]

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: Optional[str]

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Optional[int]

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Optional[int]

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Optional[bool]

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Optional[bool]

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Optional[bool]

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: Optional[str]

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: Optional[str]

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcp_keep_alive: Optional[int]

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Optional[int]

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

path: Optional[str]

Requests with this path route to this public hostname.

origin_request: Optional[ConfigOriginRequest]

Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.

access: Optional[ConfigOriginRequestAccess]

For all L7 requests to this hostname, cloudflared will validate each request’s Cf-Access-Jwt-Assertion request header.

aud_tag: List[str]

Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.

team_name: str

required: Optional[bool]

Deny traffic that has not fulfilled Access authorization.

ca_pool: Optional[str]

Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.

connect_timeout: Optional[int]

Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.

disable_chunked_encoding: Optional[bool]

Disables chunked transfer encoding. Useful if you are running a WSGI server.

http2_origin: Optional[bool]

Attempt to connect to origin using HTTP2. Origin must be configured as https.

http_host_header: Optional[str]

Sets the HTTP Host header on requests sent to the local service.

keep_alive_connections: Optional[int]

Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.

keep_alive_timeout: Optional[int]

Timeout after which an idle keepalive connection can be discarded.

match_sn_ito_host: Optional[bool]

Auto configure the Hostname on the origin server certificate.

no_happy_eyeballs: Optional[bool]

Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.

no_tls_verify: Optional[bool]

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.

origin_server_name: Optional[str]

Hostname that cloudflared should expect from your origin server certificate.

proxy_type: Optional[str]

cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and “socks” for a SOCKS5 proxy.

tcp_keep_alive: Optional[int]

The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.

tls_timeout: Optional[int]

Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.

created_at: Optional[datetime]

formatdate-time

source: Optional[Literal["local", "cloudflare"]]

Indicates if this is a locally or remotely configured tunnel. If local, manage the tunnel using a YAML file on the origin machine. If cloudflare, manage the tunnel’s configuration on the Zero Trust dashboard.

One of the following:

"local"

"cloudflare"

tunnel_id: Optional[str]

UUID of the tunnel.

formatuuid

maxLength36

version: Optional[int]

The version of the Tunnel Configuration.

CloudflaredConnections

List Cloudflare Tunnel connections

zero_trust.tunnels.cloudflared.connections.get(, ) -> SyncSinglePage[Client]

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/connections

Clean up Cloudflare Tunnel connections

zero_trust.tunnels.cloudflared.connections.delete(, ) -> object

DELETE/accounts/{account_id}/cfd_tunnel/{tunnel_id}/connections

ModelsExpand Collapse

class Client: …

A client (typically cloudflared) that maintains connections to a Cloudflare data center.

id: Optional[str]

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

arch: Optional[str]

The cloudflared OS architecture used to establish this connection.

config_version: Optional[int]

The version of the remote tunnel configuration. Used internally to sync cloudflared with the Zero Trust dashboard.

conns: Optional[List[Conn]]

The Cloudflare Tunnel connections between your origin and Cloudflare’s edge.

id: Optional[str]

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

client_id: Optional[str]

UUID of the Cloudflare Tunnel connector.

formatuuid

maxLength36

client_version: Optional[str]

The cloudflared version used to establish this connection.

colo_name: Optional[str]

The Cloudflare data center used for this connection.

is_pending_reconnect: Optional[bool]

Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting. If true, the connection has disconnected but is still being tracked. If false, the connection is actively serving traffic.

opened_at: Optional[datetime]

Timestamp of when the connection was established.

formatdate-time

origin_ip: Optional[str]

The public IP address of the host running cloudflared.

uuid: Optional[str]

UUID of the Cloudflare Tunnel connection.

formatuuid

maxLength36

features: Optional[List[str]]

Features enabled for the Cloudflare Tunnel.

run_at: Optional[datetime]

Timestamp of when the tunnel connection was started.

formatdate-time

version: Optional[str]

The cloudflared version used to establish this connection.

CloudflaredToken

Get a Cloudflare Tunnel token

zero_trust.tunnels.cloudflared.token.get(, ) -> TokenGetResponse

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/token

ModelsExpand Collapse

str

The Tunnel Token is used as a mechanism to authenticate the operation of a tunnel.

CloudflaredConnectors

Get Cloudflare Tunnel connector

zero_trust.tunnels.cloudflared.connectors.get(, ) -> Client

GET/accounts/{account_id}/cfd_tunnel/{tunnel_id}/connectors/{connector_id}

CloudflaredManagement

Get a Cloudflare Tunnel management token

zero_trust.tunnels.cloudflared.management.create(, ) -> ManagementCreateResponse

POST/accounts/{account_id}/cfd_tunnel/{tunnel_id}/management

ModelsExpand Collapse

str

The Tunnel Token is used as a mechanism to authenticate the operation of a tunnel.