Skip to content
Cloudflare API
Start here
API Reference

API Gateway

API GatewayConfigurations

Retrieve information about specific configuration properties
GET/zones/{zone_id}/api_gateway/configuration
Update configuration properties
PUT/zones/{zone_id}/api_gateway/configuration
ModelsExpand Collapse
Configuration { auth_id_characteristics }
auth_id_characteristics: array of { name, type } or { name, type }
One of the following:
APIShieldAuthIDCharacteristic { name, type }

Auth ID Characteristic

name: string

The name of the characteristic field, i.e., the header or cookie name.

maxLength128
type: "header" or "cookie"

The type of characteristic.

One of the following:
"header"
"cookie"
APIShieldAuthIDCharacteristicJWTClaim { name, type }

Auth ID Characteristic extracted from JWT Token Claims

name: string

Claim location expressed as $(token_config_id):$(json_path), where token_config_id is the ID of the token configuration used in validating the JWT, and json_path is a RFC 9535 JSONPath (https://goessner.net/articles/JsonPath/, https://www.rfc-editor.org/rfc/rfc9535.html). The JSONPath expression may be in dot or bracket notation, may only specify literal keys or array indexes, and must return a singleton value, which will be interpreted as a string.

maxLength128
type: "jwt"

The type of characteristic.

API GatewayDiscovery

Retrieve discovered operations on a zone rendered as OpenAPI schemas
GET/zones/{zone_id}/api_gateway/discovery
ModelsExpand Collapse
DiscoveryOperation { id, endpoint, host, 5 more }
id: string

UUID.

maxLength36
minLength36
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
origin: array of "ML" or "SessionIdentifier" or "LabelDiscovery"

API discovery engine(s) that discovered this operation

One of the following:
"ML"
"SessionIdentifier"
"LabelDiscovery"
state: "review" or "saved" or "ignored"

State of operation in API Discovery

  • review - Operation is not saved into API Shield Endpoint Management
  • saved - Operation is saved into API Shield Endpoint Management
  • ignored - Operation is marked as ignored
One of the following:
"review"
"saved"
"ignored"
features: optional { traffic_stats }
traffic_stats: optional { last_updated, period_seconds, requests }
last_updated: string
formatdate-time
period_seconds: number

The period in seconds these statistics were computed over

requests: number

The average number of requests seen during this period

formatfloat
DiscoveryGetResponse { schemas, timestamp }
schemas: array of unknown
timestamp: string
formatdate-time

API GatewayDiscoveryOperations

Retrieve discovered operations on a zone
GET/zones/{zone_id}/api_gateway/discovery/operations
Patch discovered operation
PATCH/zones/{zone_id}/api_gateway/discovery/operations/{operation_id}
Patch discovered operations
PATCH/zones/{zone_id}/api_gateway/discovery/operations
ModelsExpand Collapse
OperationEditResponse { state }
state: optional "review" or "saved" or "ignored"

State of operation in API Discovery

  • review - Operation is not saved into API Shield Endpoint Management
  • saved - Operation is saved into API Shield Endpoint Management
  • ignored - Operation is marked as ignored
One of the following:
"review"
"saved"
"ignored"
OperationBulkEditResponse = map[ { state } ]
state: optional "review" or "ignored"

Mark state of operation in API Discovery

  • review - Mark operation as for review
  • ignored - Mark operation as ignored
One of the following:
"review"
"ignored"

API GatewayLabels

Retrieve all labels
GET/zones/{zone_id}/api_gateway/labels
ModelsExpand Collapse
LabelListResponse { created_at, description, last_updated, 4 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
mapped_resources: optional unknown

Provides counts of what resources are linked to this label

API GatewayLabelsUser

Create user labels
POST/zones/{zone_id}/api_gateway/labels/user
Delete user labels
DELETE/zones/{zone_id}/api_gateway/labels/user
Retrieve user label
GET/zones/{zone_id}/api_gateway/labels/user/{name}
Update user label
PUT/zones/{zone_id}/api_gateway/labels/user/{name}
Patch user label
PATCH/zones/{zone_id}/api_gateway/labels/user/{name}
Delete user label
DELETE/zones/{zone_id}/api_gateway/labels/user/{name}
ModelsExpand Collapse
UserBulkCreateResponse { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
UserBulkDeleteResponse { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
UserGetResponse { created_at, description, last_updated, 4 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
mapped_resources: optional unknown

Provides counts of what resources are linked to this label

UserUpdateResponse { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
UserEditResponse { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
UserDeleteResponse { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"

API GatewayLabelsUserResources

API GatewayLabelsUserResourcesOperation

Replace operation(s) attached to a user label
PUT/zones/{zone_id}/api_gateway/labels/user/{name}/resources/operation
ModelsExpand Collapse
OperationUpdateResponse { created_at, description, last_updated, 4 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
mapped_resources: optional unknown

Provides counts of what resources are linked to this label

API GatewayLabelsManaged

Retrieve managed label
GET/zones/{zone_id}/api_gateway/labels/managed/{name}
ModelsExpand Collapse
ManagedGetResponse { created_at, description, last_updated, 4 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
mapped_resources: optional unknown

Provides counts of what resources are linked to this label

API GatewayLabelsManagedResources

API GatewayLabelsManagedResourcesOperation

Replace operation(s) attached to a managed label
PUT/zones/{zone_id}/api_gateway/labels/managed/{name}/resources/operation
ModelsExpand Collapse
OperationUpdateResponse { created_at, description, last_updated, 4 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
mapped_resources: optional unknown

Provides counts of what resources are linked to this label

API GatewayOperations

Retrieve information about all operations on a zone
GET/zones/{zone_id}/api_gateway/operations
Retrieve information about an operation
GET/zones/{zone_id}/api_gateway/operations/{operation_id}
Add one operation to a zone
POST/zones/{zone_id}/api_gateway/operations/item
Delete an operation
DELETE/zones/{zone_id}/api_gateway/operations/{operation_id}
Add operations to a zone
POST/zones/{zone_id}/api_gateway/operations
Delete multiple operations
DELETE/zones/{zone_id}/api_gateway/operations
ModelsExpand Collapse
APIShield { endpoint, host, last_updated, 2 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
OperationListResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more
One of the following:
APIShieldOperationFeatureThresholds { thresholds }
thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }
auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string
formatdate-time
p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }
parameter_schemas: { last_updated, parameter_schemas }
last_updated: optional string
formatdate-time
parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }
api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string
formatdate-time
route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }
confidence_intervals: optional { last_updated, suggested_threshold }
last_updated: optional string
formatdate-time
suggested_threshold: optional { confidence_intervals, mean }
confidence_intervals: optional { p90, p95, p99 }
p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }
schema_info: optional { active_schema, learned_available, mitigation_action }
active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36
minLength36
created_at: optional string
formatdate-time
is_learned: optional boolean

True if schema is Cloudflare-provided.

name: optional string

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:
"none"
"log"
"block"
OperationGetResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more
One of the following:
APIShieldOperationFeatureThresholds { thresholds }
thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }
auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string
formatdate-time
p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }
parameter_schemas: { last_updated, parameter_schemas }
last_updated: optional string
formatdate-time
parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }
api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string
formatdate-time
route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }
confidence_intervals: optional { last_updated, suggested_threshold }
last_updated: optional string
formatdate-time
suggested_threshold: optional { confidence_intervals, mean }
confidence_intervals: optional { p90, p95, p99 }
p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }
schema_info: optional { active_schema, learned_available, mitigation_action }
active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36
minLength36
created_at: optional string
formatdate-time
is_learned: optional boolean

True if schema is Cloudflare-provided.

name: optional string

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:
"none"
"log"
"block"
OperationCreateResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more
One of the following:
APIShieldOperationFeatureThresholds { thresholds }
thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }
auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string
formatdate-time
p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }
parameter_schemas: { last_updated, parameter_schemas }
last_updated: optional string
formatdate-time
parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }
api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string
formatdate-time
route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }
confidence_intervals: optional { last_updated, suggested_threshold }
last_updated: optional string
formatdate-time
suggested_threshold: optional { confidence_intervals, mean }
confidence_intervals: optional { p90, p95, p99 }
p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }
schema_info: optional { active_schema, learned_available, mitigation_action }
active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36
minLength36
created_at: optional string
formatdate-time
is_learned: optional boolean

True if schema is Cloudflare-provided.

name: optional string

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:
"none"
"log"
"block"
OperationDeleteResponse { errors, messages, success }
errors: Message { code, message, documentation_url, source }
messages: Message { code, message, documentation_url, source }
success: true

Whether the API call was successful.

OperationBulkCreateResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more
One of the following:
APIShieldOperationFeatureThresholds { thresholds }
thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }
auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string
formatdate-time
p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }
parameter_schemas: { last_updated, parameter_schemas }
last_updated: optional string
formatdate-time
parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }
api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string
formatdate-time
route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }
confidence_intervals: optional { last_updated, suggested_threshold }
last_updated: optional string
formatdate-time
suggested_threshold: optional { confidence_intervals, mean }
confidence_intervals: optional { p90, p95, p99 }
p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }
schema_info: optional { active_schema, learned_available, mitigation_action }
active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36
minLength36
created_at: optional string
formatdate-time
is_learned: optional boolean

True if schema is Cloudflare-provided.

name: optional string

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:
"none"
"log"
"block"
OperationBulkDeleteResponse { errors, messages, success }
errors: Message { code, message, documentation_url, source }
messages: Message { code, message, documentation_url, source }
success: true

Whether the API call was successful.

API GatewayOperationsLabels

Replace label(s) on an operation in endpoint management
PUT/zones/{zone_id}/api_gateway/operations/{operation_id}/labels
Attach label(s) on an operation in endpoint management
POST/zones/{zone_id}/api_gateway/operations/{operation_id}/labels
Remove label(s) on an operation in endpoint management
DELETE/zones/{zone_id}/api_gateway/operations/{operation_id}/labels
Bulk replace label(s) on operation(s) in endpoint management
PUT/zones/{zone_id}/api_gateway/operations/labels
Bulk attach label(s) on operation(s) in endpoint management
POST/zones/{zone_id}/api_gateway/operations/labels
Bulk remove label(s) on operation(s) in endpoint management
DELETE/zones/{zone_id}/api_gateway/operations/labels
ModelsExpand Collapse
LabelUpdateResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
labels: optional array of { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
LabelCreateResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
labels: optional array of { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
LabelDeleteResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
labels: optional array of { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
LabelBulkUpdateResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
labels: optional array of { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
LabelBulkCreateResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
labels: optional array of { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"
LabelBulkDeleteResponse { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
labels: optional array of { created_at, description, last_updated, 3 more }
created_at: string
formatdate-time
description: string

The description of the label

last_updated: string
formatdate-time
metadata: unknown

Metadata for the label

name: string

The name of the label

source: "user" or "managed"
  • user - label is owned by the user
  • managed - label is owned by cloudflare
One of the following:
"user"
"managed"

API GatewayOperationsSchema Validation

Retrieve operation-level schema validation settings
Deprecated
GET/zones/{zone_id}/api_gateway/operations/{operation_id}/schema_validation
Update operation-level schema validation settings
Deprecated
PUT/zones/{zone_id}/api_gateway/operations/{operation_id}/schema_validation
Update multiple operation-level schema validation settings
Deprecated
PATCH/zones/{zone_id}/api_gateway/operations/schema_validation
ModelsExpand Collapse
SettingsMultipleRequest = map[ { mitigation_action } ]
mitigation_action: optional "log" or "block" or "none"

When set, this applies a mitigation action to this operation

  • log log request when request does not conform to schema for this operation
  • block deny access to the site when request does not conform to schema for this operation
  • none will skip mitigation for this operation
  • null indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied
One of the following:
"log"
"block"
"none"
SchemaValidationGetResponse { mitigation_action, operation_id }
mitigation_action: optional "log" or "block" or "none"

When set, this applies a mitigation action to this operation

  • log log request when request does not conform to schema for this operation
  • block deny access to the site when request does not conform to schema for this operation
  • none will skip mitigation for this operation
  • null indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied
One of the following:
"log"
"block"
"none"
operation_id: optional string

UUID.

maxLength36
minLength36
SchemaValidationUpdateResponse { mitigation_action, operation_id }
mitigation_action: optional "log" or "block" or "none"

When set, this applies a mitigation action to this operation

  • log log request when request does not conform to schema for this operation
  • block deny access to the site when request does not conform to schema for this operation
  • none will skip mitigation for this operation
  • null indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied
One of the following:
"log"
"block"
"none"
operation_id: optional string

UUID.

maxLength36
minLength36

API GatewaySchemas

Retrieve operations and features as OpenAPI schemas
GET/zones/{zone_id}/api_gateway/schemas
ModelsExpand Collapse
SchemaListResponse { schemas, timestamp }
schemas: optional array of unknown
timestamp: optional string

API GatewaySettings

ModelsExpand Collapse
Settings { validation_default_mitigation_action, validation_override_mitigation_action }
validation_default_mitigation_action: optional "none" or "log" or "block"

The default mitigation action used when there is no mitigation action defined on the operation

Mitigation actions are as follows:

  • log - log request when request does not conform to schema
  • block - deny access to the site when request does not conform to schema

A special value of of none will skip running schema validation entirely for the request when there is no mitigation action defined on the operation

One of the following:
"none"
"log"
"block"
validation_override_mitigation_action: optional "none"

When set, this overrides both zone level and operation level mitigation actions.

  • none will skip running schema validation entirely for the request
  • null indicates that no override is in place

API GatewaySettingsSchema Validation

Retrieve zone level schema validation settings
Deprecated
GET/zones/{zone_id}/api_gateway/settings/schema_validation
Update zone level schema validation settings
Deprecated
PUT/zones/{zone_id}/api_gateway/settings/schema_validation
Update zone level schema validation settings
Deprecated
PATCH/zones/{zone_id}/api_gateway/settings/schema_validation

API GatewayUser Schemas

Retrieve information about all schemas on a zone
Deprecated
GET/zones/{zone_id}/api_gateway/user_schemas
Retrieve information about a specific schema on a zone
Deprecated
GET/zones/{zone_id}/api_gateway/user_schemas/{schema_id}
Upload a schema to a zone
Deprecated
POST/zones/{zone_id}/api_gateway/user_schemas
Enable validation for a schema
Deprecated
PATCH/zones/{zone_id}/api_gateway/user_schemas/{schema_id}
Delete a schema
Deprecated
DELETE/zones/{zone_id}/api_gateway/user_schemas/{schema_id}
ModelsExpand Collapse
Message = array of { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional { pointer }
pointer: optional string
OldPublicSchema { created_at, kind, name, 3 more }
created_at: string
formatdate-time
kind: "openapi_v3"

Kind of schema

name: string

Name of the schema

schema_id: string

UUID.

maxLength36
minLength36
source: optional string

Source of the schema

validation_enabled: optional boolean

Flag whether schema is enabled for validation.

UserSchemaCreateResponse { schema, upload_details }
schema: OldPublicSchema { created_at, kind, name, 3 more }
upload_details: optional { warnings }
warnings: optional array of { code, locations, message }

Diagnostic warning events that occurred during processing. These events are non-critical errors found within the schema.

code: number

Code that identifies the event that occurred.

locations: optional array of string

JSONPath location(s) in the schema where these events were encountered. See https://goessner.net/articles/JsonPath/ for JSONPath specification.

message: optional string

Diagnostic message that describes the event.

UserSchemaDeleteResponse { errors, messages, success }
errors: Message { code, message, documentation_url, source }
messages: Message { code, message, documentation_url, source }
success: true

Whether the API call was successful.

API GatewayUser SchemasOperations

Retrieve all operations from a schema.
Deprecated
GET/zones/{zone_id}/api_gateway/user_schemas/{schema_id}/operations
ModelsExpand Collapse
OperationListResponse = { endpoint, host, last_updated, 3 more } or { endpoint, host, method }
One of the following:
APIShieldOperation { endpoint, host, last_updated, 3 more }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
last_updated: string
formatdate-time
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"
operation_id: string

UUID.

maxLength36
minLength36
features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more
One of the following:
APIShieldOperationFeatureThresholds { thresholds }
thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }
auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string
formatdate-time
p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }
parameter_schemas: { last_updated, parameter_schemas }
last_updated: optional string
formatdate-time
parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }
api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string
formatdate-time
route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }
confidence_intervals: optional { last_updated, suggested_threshold }
last_updated: optional string
formatdate-time
suggested_threshold: optional { confidence_intervals, mean }
confidence_intervals: optional { p90, p95, p99 }
p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }
schema_info: optional { active_schema, learned_available, mitigation_action }
active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36
minLength36
created_at: optional string
formatdate-time
is_learned: optional boolean

True if schema is Cloudflare-provided.

name: optional string

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:
"none"
"log"
"block"
APIShieldBasicOperation { endpoint, host, method }
endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template
maxLength4096
host: string

RFC3986-compliant host.

formathostname
maxLength255
method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:
"GET"
"POST"
"HEAD"
"OPTIONS"
"PUT"
"DELETE"
"CONNECT"
"PATCH"
"TRACE"

API GatewayUser SchemasHosts

Retrieve schema hosts in a zone
Deprecated
GET/zones/{zone_id}/api_gateway/user_schemas/hosts
ModelsExpand Collapse
HostListResponse { created_at, hosts, name, schema_id }
created_at: string
formatdate-time
hosts: array of string

Hosts serving the schema, e.g zone.host.com

name: string

Name of the schema

schema_id: string

UUID.

maxLength36
minLength36

API GatewayExpression Template

API GatewayExpression TemplateFallthrough

Generate fallthrough WAF expression template from a set of API hosts
POST/zones/{zone_id}/api_gateway/expression-template/fallthrough
ModelsExpand Collapse
FallthroughCreateResponse { expression, title }
expression: string

WAF Expression for fallthrough

title: string

Title for the expression