Operations

Retrieve information about all operations on a zone

GET/zones/{zone_id}/api_gateway/operations

Retrieve information about an operation

GET/zones/{zone_id}/api_gateway/operations/{operation_id}

Add one operation to a zone

POST/zones/{zone_id}/api_gateway/operations/item

Delete an operation

DELETE/zones/{zone_id}/api_gateway/operations/{operation_id}

Add operations to a zone

POST/zones/{zone_id}/api_gateway/operations

Delete multiple operations

DELETE/zones/{zone_id}/api_gateway/operations

ModelsExpand Collapse

APIShield { endpoint, host, last_updated, 2 more }

endpoint: string

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

OperationListResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more

One of the following:

APIShieldOperationFeatureThresholds { thresholds }

thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }

auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string

formatdate-time

p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }

parameter_schemas: { last_updated, parameter_schemas }

last_updated: optional string

formatdate-time

parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }

api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string

formatdate-time

route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }

confidence_intervals: optional { last_updated, suggested_threshold }

last_updated: optional string

formatdate-time

suggested_threshold: optional { confidence_intervals, mean }

confidence_intervals: optional { p90, p95, p99 }

p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }

schema_info: optional { active_schema, learned_available, mitigation_action }

active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36

minLength36

created_at: optional string

formatdate-time

is_learned: optional boolean

True if schema is Cloudflare-provided.

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:

"none"

"log"

"block"

OperationGetResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more

One of the following:

APIShieldOperationFeatureThresholds { thresholds }

thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }

auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string

formatdate-time

p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }

parameter_schemas: { last_updated, parameter_schemas }

last_updated: optional string

formatdate-time

parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }

api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string

formatdate-time

route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }

confidence_intervals: optional { last_updated, suggested_threshold }

last_updated: optional string

formatdate-time

suggested_threshold: optional { confidence_intervals, mean }

confidence_intervals: optional { p90, p95, p99 }

p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }

schema_info: optional { active_schema, learned_available, mitigation_action }

active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36

minLength36

created_at: optional string

formatdate-time

is_learned: optional boolean

True if schema is Cloudflare-provided.

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:

"none"

"log"

"block"

OperationCreateResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more

One of the following:

APIShieldOperationFeatureThresholds { thresholds }

thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }

auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string

formatdate-time

p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }

parameter_schemas: { last_updated, parameter_schemas }

last_updated: optional string

formatdate-time

parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }

api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string

formatdate-time

route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }

confidence_intervals: optional { last_updated, suggested_threshold }

last_updated: optional string

formatdate-time

suggested_threshold: optional { confidence_intervals, mean }

confidence_intervals: optional { p90, p95, p99 }

p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }

schema_info: optional { active_schema, learned_available, mitigation_action }

active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36

minLength36

created_at: optional string

formatdate-time

is_learned: optional boolean

True if schema is Cloudflare-provided.

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:

"none"

"log"

"block"

OperationDeleteResponse { errors, messages, success }

errors: Message { code, message, documentation_url, source }

messages: Message { code, message, documentation_url, source }

success: true

Whether the API call was successful.

OperationBulkCreateResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

features: optional { thresholds } or { parameter_schemas } or { api_routing } or 2 more

One of the following:

APIShieldOperationFeatureThresholds { thresholds }

thresholds: optional { auth_id_tokens, data_points, last_updated, 6 more }

auth_id_tokens: optional number

The total number of auth-ids seen across this calculation.

data_points: optional number

The number of data points used for the threshold suggestion calculation.

last_updated: optional string

formatdate-time

p50: optional number

The p50 quantile of requests (in period_seconds).

p90: optional number

The p90 quantile of requests (in period_seconds).

p99: optional number

The p99 quantile of requests (in period_seconds).

period_seconds: optional number

The period over which this threshold is suggested.

requests: optional number

The estimated number of requests covered by these calculations.

suggested_threshold: optional number

The suggested threshold in requests done by the same auth_id or period_seconds.

APIShieldOperationFeatureParameterSchemas { parameter_schemas }

parameter_schemas: { last_updated, parameter_schemas }

last_updated: optional string

formatdate-time

parameter_schemas: optional { parameters, responses }

An operation schema object containing a response.

parameters: optional array of unknown

An array containing the learned parameter schemas.

responses: optional unknown

An empty response object. This field is required to yield a valid operation schema.

APIShieldOperationFeatureAPIRouting { api_routing }

api_routing: optional { last_updated, route }

API Routing settings on endpoint.

last_updated: optional string

formatdate-time

route: optional string

Target route.

APIShieldOperationFeatureConfidenceIntervals { confidence_intervals }

confidence_intervals: optional { last_updated, suggested_threshold }

last_updated: optional string

formatdate-time

suggested_threshold: optional { confidence_intervals, mean }

confidence_intervals: optional { p90, p95, p99 }

p90: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p95: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

p99: optional { lower, upper }

Upper and lower bound for percentile estimate

lower: optional number

Lower bound for percentile estimate

upper: optional number

Upper bound for percentile estimate

mean: optional number

Suggested threshold.

APIShieldOperationFeatureSchemaInfo { schema_info }

schema_info: optional { active_schema, learned_available, mitigation_action }

active_schema: optional { id, created_at, is_learned, name }

Schema active on endpoint.

id: optional string

UUID.

maxLength36

minLength36

created_at: optional string

formatdate-time

is_learned: optional boolean

True if schema is Cloudflare-provided.

Schema file name.

learned_available: optional boolean

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: optional "none" or "log" or "block"

Action taken on requests failing validation.

One of the following:

"none"

"log"

"block"

OperationBulkDeleteResponse { errors, messages, success }

errors: Message { code, message, documentation_url, source }

messages: Message { code, message, documentation_url, source }

success: true

Whether the API call was successful.

OperationsLabels

Replace label(s) on an operation in endpoint management

PUT/zones/{zone_id}/api_gateway/operations/{operation_id}/labels

Attach label(s) on an operation in endpoint management

POST/zones/{zone_id}/api_gateway/operations/{operation_id}/labels

Remove label(s) on an operation in endpoint management

DELETE/zones/{zone_id}/api_gateway/operations/{operation_id}/labels

Bulk replace label(s) on operation(s) in endpoint management

PUT/zones/{zone_id}/api_gateway/operations/labels

Bulk attach label(s) on operation(s) in endpoint management

POST/zones/{zone_id}/api_gateway/operations/labels

Bulk remove label(s) on operation(s) in endpoint management

DELETE/zones/{zone_id}/api_gateway/operations/labels

ModelsExpand Collapse

LabelUpdateResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

labels: optional array of { created_at, description, last_updated, 3 more }

created_at: string

formatdate-time

description: string

The description of the label

last_updated: string

formatdate-time

metadata: unknown

Metadata for the label

The name of the label

source: "user" or "managed"

user - label is owned by the user
managed - label is owned by cloudflare

One of the following:

"user"

"managed"

LabelCreateResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

labels: optional array of { created_at, description, last_updated, 3 more }

created_at: string

formatdate-time

description: string

The description of the label

last_updated: string

formatdate-time

metadata: unknown

Metadata for the label

The name of the label

source: "user" or "managed"

user - label is owned by the user
managed - label is owned by cloudflare

One of the following:

"user"

"managed"

LabelDeleteResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

labels: optional array of { created_at, description, last_updated, 3 more }

created_at: string

formatdate-time

description: string

The description of the label

last_updated: string

formatdate-time

metadata: unknown

Metadata for the label

The name of the label

source: "user" or "managed"

user - label is owned by the user
managed - label is owned by cloudflare

One of the following:

"user"

"managed"

LabelBulkUpdateResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

labels: optional array of { created_at, description, last_updated, 3 more }

created_at: string

formatdate-time

description: string

The description of the label

last_updated: string

formatdate-time

metadata: unknown

Metadata for the label

The name of the label

source: "user" or "managed"

user - label is owned by the user
managed - label is owned by cloudflare

One of the following:

"user"

"managed"

LabelBulkCreateResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

labels: optional array of { created_at, description, last_updated, 3 more }

created_at: string

formatdate-time

description: string

The description of the label

last_updated: string

formatdate-time

metadata: unknown

Metadata for the label

The name of the label

source: "user" or "managed"

user - label is owned by the user
managed - label is owned by cloudflare

One of the following:

"user"

"managed"

LabelBulkDeleteResponse { endpoint, host, last_updated, 3 more }

endpoint: string

formaturi-template

maxLength4096

host: string

RFC3986-compliant host.

formathostname

maxLength255

last_updated: string

formatdate-time

method: "GET" or "POST" or "HEAD" or 6 more

The HTTP method used to access the endpoint.

One of the following:

"GET"

"POST"

"HEAD"

"OPTIONS"

"PUT"

"DELETE"

"CONNECT"

"PATCH"

"TRACE"

operation_id: string

UUID.

maxLength36

minLength36

labels: optional array of { created_at, description, last_updated, 3 more }

created_at: string

formatdate-time

description: string

The description of the label

last_updated: string

formatdate-time

metadata: unknown

Metadata for the label

The name of the label

source: "user" or "managed"

user - label is owned by the user
managed - label is owned by cloudflare

One of the following:

"user"

"managed"

OperationsSchema Validation

Retrieve operation-level schema validation settings

Deprecated

GET/zones/{zone_id}/api_gateway/operations/{operation_id}/schema_validation

Update operation-level schema validation settings

Deprecated

PUT/zones/{zone_id}/api_gateway/operations/{operation_id}/schema_validation

Update multiple operation-level schema validation settings

Deprecated

PATCH/zones/{zone_id}/api_gateway/operations/schema_validation

ModelsExpand Collapse

SettingsMultipleRequest = map[ { mitigation_action } ]

mitigation_action: optional "log" or "block" or "none"

When set, this applies a mitigation action to this operation

log log request when request does not conform to schema for this operation
block deny access to the site when request does not conform to schema for this operation
none will skip mitigation for this operation
null indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

One of the following:

"log"

"block"

"none"

SchemaValidationGetResponse { mitigation_action, operation_id }

mitigation_action: optional "log" or "block" or "none"

When set, this applies a mitigation action to this operation

log log request when request does not conform to schema for this operation
block deny access to the site when request does not conform to schema for this operation
none will skip mitigation for this operation
null indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

One of the following:

"log"

"block"

"none"

operation_id: optional string

UUID.

maxLength36

minLength36

SchemaValidationUpdateResponse { mitigation_action, operation_id }

mitigation_action: optional "log" or "block" or "none"

When set, this applies a mitigation action to this operation

log log request when request does not conform to schema for this operation
block deny access to the site when request does not conform to schema for this operation
none will skip mitigation for this operation
null indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

One of the following:

"log"

"block"

"none"

operation_id: optional string

UUID.

maxLength36

minLength36