Skip to content
Cloudflare API
Start here
API Reference
Connectivity
Directory
Services

Create Workers VPC connectivity service

POST/accounts/{account_id}/connectivity/directory/services

Create Workers VPC connectivity service

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Path ParametersExpand Collapse
account_id: string

Account identifier

maxLength32
Body ParametersJSONExpand Collapse
body: object { host, name, type, 6 more } or object { host, name, type, 6 more }
One of the following:
InfraHTTPServiceConfig object { host, name, type, 6 more }
host: object { ipv4, network } or object { ipv6, network } or object { ipv4, ipv6, network } or object { hostname, resolver_network }
One of the following:
InfraIPv4Host object { ipv4, network }
ipv4: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraIPv6Host object { ipv6, network }
ipv6: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraDualStackHost object { ipv4, ipv6, network }
ipv4: string
ipv6: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraHostnameHost object { hostname, resolver_network }
hostname: string
resolver_network: object { tunnel_id, resolver_ips }
tunnel_id: string
formatuuid
resolver_ips: optional array of string
name: string
type: "tcp" or "http"
One of the following:
"tcp"
"http"
created_at: optional string
formatdate-time
http_port: optional number
formatint32
minimum1
https_port: optional number
formatint32
minimum1
service_id: optional string
formatuuid
tls_settings: optional object { cert_verification_mode }

TLS settings for a connectivity service.

If omitted, the default mode (verify_full) is used.

cert_verification_mode: string

TLS certificate verification mode for the connection to the origin.

  • "verify_full" — verify certificate chain and hostname (default)
  • "verify_ca" — verify certificate chain only, skip hostname check
  • "disabled" — do not verify the server certificate at all
updated_at: optional string
formatdate-time
InfraTCPServiceConfig object { host, name, type, 6 more }
host: object { ipv4, network } or object { ipv6, network } or object { ipv4, ipv6, network } or object { hostname, resolver_network }
One of the following:
InfraIPv4Host object { ipv4, network }
ipv4: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraIPv6Host object { ipv6, network }
ipv6: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraDualStackHost object { ipv4, ipv6, network }
ipv4: string
ipv6: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraHostnameHost object { hostname, resolver_network }
hostname: string
resolver_network: object { tunnel_id, resolver_ips }
tunnel_id: string
formatuuid
resolver_ips: optional array of string
name: string
type: "tcp" or "http"
One of the following:
"tcp"
"http"
app_protocol: optional "postgresql" or "mysql"
One of the following:
"postgresql"
"mysql"
created_at: optional string
formatdate-time
service_id: optional string
formatuuid
tcp_port: optional number
formatint32
minimum1
tls_settings: optional object { cert_verification_mode }

TLS settings for a connectivity service.

If omitted, the default mode (verify_full) is used.

cert_verification_mode: string

TLS certificate verification mode for the connection to the origin.

  • "verify_full" — verify certificate chain and hostname (default)
  • "verify_ca" — verify certificate chain only, skip hostname check
  • "disabled" — do not verify the server certificate at all
updated_at: optional string
formatdate-time
ReturnsExpand Collapse
errors: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
messages: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional object { host, name, type, 6 more } or object { host, name, type, 6 more }
One of the following:
InfraHTTPServiceConfig object { host, name, type, 6 more }
host: object { ipv4, network } or object { ipv6, network } or object { ipv4, ipv6, network } or object { hostname, resolver_network }
One of the following:
InfraIPv4Host object { ipv4, network }
ipv4: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraIPv6Host object { ipv6, network }
ipv6: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraDualStackHost object { ipv4, ipv6, network }
ipv4: string
ipv6: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraHostnameHost object { hostname, resolver_network }
hostname: string
resolver_network: object { tunnel_id, resolver_ips }
tunnel_id: string
formatuuid
resolver_ips: optional array of string
name: string
type: "tcp" or "http"
One of the following:
"tcp"
"http"
created_at: optional string
formatdate-time
http_port: optional number
formatint32
minimum1
https_port: optional number
formatint32
minimum1
service_id: optional string
formatuuid
tls_settings: optional object { cert_verification_mode }

TLS settings for a connectivity service.

If omitted, the default mode (verify_full) is used.

cert_verification_mode: string

TLS certificate verification mode for the connection to the origin.

  • "verify_full" — verify certificate chain and hostname (default)
  • "verify_ca" — verify certificate chain only, skip hostname check
  • "disabled" — do not verify the server certificate at all
updated_at: optional string
formatdate-time
InfraTCPServiceConfig object { host, name, type, 6 more }
host: object { ipv4, network } or object { ipv6, network } or object { ipv4, ipv6, network } or object { hostname, resolver_network }
One of the following:
InfraIPv4Host object { ipv4, network }
ipv4: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraIPv6Host object { ipv6, network }
ipv6: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraDualStackHost object { ipv4, ipv6, network }
ipv4: string
ipv6: string
network: object { tunnel_id }
tunnel_id: string
formatuuid
InfraHostnameHost object { hostname, resolver_network }
hostname: string
resolver_network: object { tunnel_id, resolver_ips }
tunnel_id: string
formatuuid
resolver_ips: optional array of string
name: string
type: "tcp" or "http"
One of the following:
"tcp"
"http"
app_protocol: optional "postgresql" or "mysql"
One of the following:
"postgresql"
"mysql"
created_at: optional string
formatdate-time
service_id: optional string
formatuuid
tcp_port: optional number
formatint32
minimum1
tls_settings: optional object { cert_verification_mode }

TLS settings for a connectivity service.

If omitted, the default mode (verify_full) is used.

cert_verification_mode: string

TLS certificate verification mode for the connection to the origin.

  • "verify_full" — verify certificate chain and hostname (default)
  • "verify_ca" — verify certificate chain only, skip hostname check
  • "disabled" — do not verify the server certificate at all
updated_at: optional string
formatdate-time

Create Workers VPC connectivity service

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/connectivity/directory/services \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -d '{
          "host": {
            "ipv4": "10.0.0.1",
            "network": {
              "tunnel_id": "0191dce4-9ab4-7fce-b660-8e5dec5172da"
            }
          },
          "name": "web-app",
          "type": "http",
          "http_port": 8080,
          "https_port": 8443
        }'
{
  "errors": [],
  "messages": [],
  "result": {
    "created_at": "2024-01-15T09:30:00Z",
    "host": {
      "hostname": "api.example.com",
      "resolver_network": {
        "tunnel_id": "0191dce4-9ab4-7fce-b660-8e5dec5172da"
      }
    },
    "name": "web-server",
    "service_id": "550e8400-e29b-41d4-a716-446655440000",
    "type": "http",
    "updated_at": "2024-01-15T09:30:00Z"
  },
  "success": true
}
{
  "errors": [],
  "messages": [],
  "result": {
    "created_at": "2024-01-15T09:30:00Z",
    "host": {
      "ipv4": "10.0.0.1",
      "network": {
        "tunnel_id": "0191dce4-9ab4-7fce-b660-8e5dec5172da"
      }
    },
    "name": "postgres-db",
    "service_id": "550e8400-e29b-41d4-a716-446655440001",
    "tcp_port": 5432,
    "type": "tcp",
    "updated_at": "2024-01-15T09:30:00Z"
  },
  "success": true
}
Returns Examples
{
  "errors": [],
  "messages": [],
  "result": {
    "created_at": "2024-01-15T09:30:00Z",
    "host": {
      "hostname": "api.example.com",
      "resolver_network": {
        "tunnel_id": "0191dce4-9ab4-7fce-b660-8e5dec5172da"
      }
    },
    "name": "web-server",
    "service_id": "550e8400-e29b-41d4-a716-446655440000",
    "type": "http",
    "updated_at": "2024-01-15T09:30:00Z"
  },
  "success": true
}
{
  "errors": [],
  "messages": [],
  "result": {
    "created_at": "2024-01-15T09:30:00Z",
    "host": {
      "ipv4": "10.0.0.1",
      "network": {
        "tunnel_id": "0191dce4-9ab4-7fce-b660-8e5dec5172da"
      }
    },
    "name": "postgres-db",
    "service_id": "550e8400-e29b-41d4-a716-446655440001",
    "tcp_port": 5432,
    "type": "tcp",
    "updated_at": "2024-01-15T09:30:00Z"
  },
  "success": true
}