# IAM # Permission Groups ## List Account Permission Groups **get** `/accounts/{account_id}/iam/permission_groups` List all the permissions groups for an account. ### Path Parameters - `account_id: string` Account identifier tag. ### Query Parameters - `id: optional string` ID of the permission group to be fetched. - `label: optional string` Label of the permission group to be fetched. - `name: optional string` Name of the permission group to be fetched. - `page: optional number` Page number of paginated results. - `per_page: optional number` Maximum number of results per page. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `result_info: optional { count, page, per_page, total_count }` - `count: optional number` Total number of results for the requested service - `page: optional number` Current page within paginated list of results - `per_page: optional number` Number of results per page of results - `total_count: optional number` Total results available without any search parameters ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/permission_groups \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Permission Group Details **get** `/accounts/{account_id}/iam/permission_groups/{permission_group_id}` Get information about a specific permission group in an account. ### Path Parameters - `account_id: string` Account identifier tag. - `permission_group_id: string` Permission Group identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, meta, name }` A named group of permissions that map to a group of operations against resources. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/permission_groups/$PERMISSION_GROUP_ID \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "meta": { "key": "key", "value": "value" }, "name": "Load Balancer" } } ``` ## Domain Types ### Permission Group List Response - `PermissionGroupListResponse { id, meta, name }` A named group of permissions that map to a group of operations against resources. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. ### Permission Group Get Response - `PermissionGroupGetResponse { id, meta, name }` A named group of permissions that map to a group of operations against resources. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. # Resource Groups ## List Resource Groups **get** `/accounts/{account_id}/iam/resource_groups` List all the resource groups for an account. ### Path Parameters - `account_id: string` Account identifier tag. ### Query Parameters - `id: optional string` ID of the resource group to be fetched. - `name: optional string` Name of the resource group to be fetched. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, scope, meta, name }` - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/resource_groups \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ``` ## Resource Group Details **get** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Get information about a specific resource group in an account. ### Path Parameters - `account_id: string` Account identifier tag. - `resource_group_id: string` Resource Group identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, scope, meta, name }` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/resource_groups/$RESOURCE_GROUP_ID \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Create Resource Group **post** `/accounts/{account_id}/iam/resource_groups` Create a new Resource Group under the specified account. ### Path Parameters - `account_id: string` Account identifier tag. ### Body Parameters - `name: string` Name of the resource group - `scope: { key, objects }` A scope is a combination of scope objects which provides additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. The number of Scope objects should not be zero. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, scope, meta, name }` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/resource_groups \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "name": "NewResourceGroup", "scope": { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Update Resource Group **put** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Modify an existing resource group. ### Path Parameters - `account_id: string` Account identifier tag. - `resource_group_id: string` Resource Group identifier tag. ### Body Parameters - `name: optional string` Name of the resource group - `scope: optional { key, objects }` A scope is a combination of scope objects which provides additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. The number of Scope objects should not be zero. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, scope, meta, name }` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/resource_groups/$RESOURCE_GROUP_ID \ -X PUT \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "name": "UpdatedResourceGroup" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } } ``` ## Remove Resource Group **delete** `/accounts/{account_id}/iam/resource_groups/{resource_group_id}` Remove a resource group from an account. ### Path Parameters - `account_id: string` Account identifier tag. - `resource_group_id: string` Resource Group identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id }` - `id: string` Identifier ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/resource_groups/$RESOURCE_GROUP_ID \ -X DELETE \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### Resource Group List Response - `ResourceGroupListResponse { id, scope, meta, name }` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Resource Group Get Response - `ResourceGroupGetResponse { id, scope, meta, name }` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Resource Group Create Response - `ResourceGroupCreateResponse { id, scope, meta, name }` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Resource Group Update Response - `ResourceGroupUpdateResponse { id, scope, meta, name }` A group of scoped resources. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Resource Group Delete Response - `ResourceGroupDeleteResponse { id }` - `id: string` Identifier # User Groups ## List User Groups **get** `/accounts/{account_id}/iam/user_groups` List all the user groups for an account. ### Path Parameters - `account_id: string` Account identifier tag. ### Query Parameters - `id: optional string` ID of the user group to be fetched. - `direction: optional string` The sort order of returned user groups by name. Default sort order is ascending. To switch to descending, set this parameter to "desc" - `fuzzyName: optional string` A string used for searching for user groups containing that substring. - `name: optional string` Name of the user group to be fetched. - `page: optional number` Page number of paginated results. - `per_page: optional number` Maximum number of results per page. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, created_on, modified_on, 2 more }` A list of user groups for the account. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: optional string` Policy identifier. - `access: optional "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `resource_groups: optional array of { id, scope, meta, name }` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. - `result_info: optional { count, page, per_page, total_count }` - `count: optional number` Total number of results for the requested service - `page: optional number` Current page within paginated list of results - `per_page: optional number` Number of results per page of results - `total_count: optional number` Total results available without any search parameters ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## User Group Details **get** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Get information about a specific user group in an account. ### Path Parameters - `account_id: string` Account identifier tag. - `user_group_id: string` User Group identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, created_on, modified_on, 2 more }` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: optional string` Policy identifier. - `access: optional "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `resource_groups: optional array of { id, scope, meta, name }` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups/$USER_GROUP_ID \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Create User Group **post** `/accounts/{account_id}/iam/user_groups` Create a new user group under the specified account. ### Path Parameters - `account_id: string` Account identifier tag. ### Body Parameters - `name: string` Name of the User group. - `policies: array of { access, permission_groups, resource_groups }` Policies attached to the User group - `access: "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: array of { id }` A set of permission groups that are specified to the policy. - `id: string` Permission Group identifier tag. - `resource_groups: array of { id }` A set of resource groups that are specified to the policy. - `id: string` Resource Group identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, created_on, modified_on, 2 more }` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: optional string` Policy identifier. - `access: optional "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `resource_groups: optional array of { id, scope, meta, name }` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups \ -H 'Content-Type: application/json' \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" \ -d '{ "name": "My New User Group", "policies": [ { "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f" }, { "id": "82e64a83756745bbbb1c9c2701bf816b" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1" } ] } ] }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Update User Group **put** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Modify an existing user group. ### Path Parameters - `account_id: string` Account identifier tag. - `user_group_id: string` User Group identifier tag. ### Body Parameters - `name: optional string` Name of the User group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: string` Policy identifier. - `access: "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: array of { id }` A set of permission groups that are specified to the policy. - `id: string` Permission Group identifier tag. - `resource_groups: array of { id }` A set of resource groups that are specified to the policy. - `id: string` Resource Group identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, created_on, modified_on, 2 more }` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: optional string` Policy identifier. - `access: optional "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `resource_groups: optional array of { id, scope, meta, name }` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups/$USER_GROUP_ID \ -X PUT \ -H 'Content-Type: application/json' \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" \ -d '{ "name": "My New User Group" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2024-03-01T12:21:02.0000Z", "modified_on": "2024-03-01T12:21:02.0000Z", "name": "My New User Group", "policies": [ { "id": "f267e341f3dd4697bd3b9f71dd96247f", "access": "allow", "permission_groups": [ { "id": "c8fed203ed3043cba015a93ad1616f1f", "meta": { "key": "key", "value": "value" }, "name": "Zone Read" }, { "id": "82e64a83756745bbbb1c9c2701bf816b", "meta": { "key": "key", "value": "value" }, "name": "Magic Network Monitoring" } ], "resource_groups": [ { "id": "6d7f2f5f5b1d4a0e9081fdc98d432fd1", "scope": [ { "key": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4", "objects": [ { "key": "com.cloudflare.api.account.zone.23f8d65290b24279ba6f44721b3eaad5" } ] } ], "meta": { "key": "key", "value": "value" }, "name": "com.cloudflare.api.account.eb78d65290b24279ba6f44721b3ea3c4" } ] } ] } } ``` ## Remove User Group **delete** `/accounts/{account_id}/iam/user_groups/{user_group_id}` Remove a user group from an account. ### Path Parameters - `account_id: string` Account identifier tag. - `user_group_id: string` User Group identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id }` - `id: string` Identifier ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups/$USER_GROUP_ID \ -X DELETE \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Domain Types ### User Group List Response - `UserGroupListResponse { id, created_on, modified_on, 2 more }` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: optional string` Policy identifier. - `access: optional "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `resource_groups: optional array of { id, scope, meta, name }` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### User Group Get Response - `UserGroupGetResponse { id, created_on, modified_on, 2 more }` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: optional string` Policy identifier. - `access: optional "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `resource_groups: optional array of { id, scope, meta, name }` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### User Group Create Response - `UserGroupCreateResponse { id, created_on, modified_on, 2 more }` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: optional string` Policy identifier. - `access: optional "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `resource_groups: optional array of { id, scope, meta, name }` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### User Group Update Response - `UserGroupUpdateResponse { id, created_on, modified_on, 2 more }` A group of policies resources. - `id: string` User Group identifier tag. - `created_on: string` Timestamp for the creation of the user group - `modified_on: string` Last time the user group was modified. - `name: string` Name of the user group. - `policies: optional array of { id, access, permission_groups, resource_groups }` Policies attached to the User group - `id: optional string` Policy identifier. - `access: optional "allow" or "deny"` Allow or deny operations against the resources. - `"allow"` - `"deny"` - `permission_groups: optional array of { id, meta, name }` A set of permission groups that are specified to the policy. - `id: string` Identifier of the permission group. - `meta: optional { key, value }` Attributes associated to the permission group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the permission group. - `resource_groups: optional array of { id, scope, meta, name }` A list of resource groups that the policy applies to. - `id: string` Identifier of the resource group. - `scope: array of { key, objects }` The scope associated to the resource group - `key: string` This is a combination of pre-defined resource name and identifier (like Account ID etc.) - `objects: array of { key }` A list of scope objects for additional context. - `key: string` This is a combination of pre-defined resource name and identifier (like Zone ID etc.) - `meta: optional { key, value }` Attributes associated to the resource group. - `key: optional string` - `value: optional string` - `name: optional string` Name of the resource group. ### User Group Delete Response - `UserGroupDeleteResponse { id }` - `id: string` Identifier # Members ## List User Group Members **get** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` List all the members attached to a user group. ### Path Parameters - `account_id: string` Account identifier tag. - `user_group_id: string` User Group identifier tag. ### Query Parameters - `page: optional number` Page number of paginated results. - `per_page: optional number` Maximum number of results per page. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, email, status }` - `id: string` Account member identifier. - `email: optional string` The contact email address of the user. - `status: optional "accepted" or "pending"` The member's status in the account. - `"accepted"` - `"pending"` - `result_info: optional { count, page, per_page, total_count }` - `count: optional number` Total number of results for the requested service - `page: optional number` Current page within paginated list of results - `per_page: optional number` Number of results per page of results - `total_count: optional number` Total results available without any search parameters ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups/$USER_GROUP_ID/members \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Add User Group Members **post** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` Add members to a User Group. ### Path Parameters - `account_id: string` Account identifier tag. - `user_group_id: string` User Group identifier tag. ### Body Parameters - `body: array of { id }` - `id: string` The identifier of an existing account Member. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, email, status }` Member attached to a User Group. - `id: string` Account member identifier. - `email: optional string` The contact email address of the user. - `status: optional "accepted" or "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups/$USER_GROUP_ID/members \ -H 'Content-Type: application/json' \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" \ -d '[ { "id": "023e105f4ecef8ad9ca31a8372d0c353" } ]' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } } ``` ## Update User Group Members **put** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members` Replace the set of members attached to a User Group. ### Path Parameters - `account_id: string` Account identifier tag. - `user_group_id: string` User Group identifier tag. ### Body Parameters - `body: array of { id }` Set/Replace members to a user group. - `id: string` The identifier of an existing account Member. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, email, status }` - `id: string` Account member identifier. - `email: optional string` The contact email address of the user. - `status: optional "accepted" or "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups/$USER_GROUP_ID/members \ -X PUT \ -H 'Content-Type: application/json' \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" \ -d '[ { "id": "023e105f4ecef8ad9ca31a8372d0c353" } ]' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } ] } ``` ## Remove User Group Member **delete** `/accounts/{account_id}/iam/user_groups/{user_group_id}/members/{member_id}` Remove a member from User Group ### Path Parameters - `account_id: string` Account identifier tag. - `user_group_id: string` User Group identifier tag. - `member_id: string` The identifier of an existing account Member. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, email, status }` Member attached to a User Group. - `id: string` Account member identifier. - `email: optional string` The contact email address of the user. - `status: optional "accepted" or "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/iam/user_groups/$USER_GROUP_ID/members/$MEMBER_ID \ -X DELETE \ -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \ -H "X-Auth-Key: $CLOUDFLARE_API_KEY" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "4f5f0c14a2a41d5063dd301b2f829f04", "email": "user@example.com", "status": "accepted" } } ``` ## Domain Types ### Member List Response - `MemberListResponse { id, email, status }` Member attached to a User Group. - `id: string` Account member identifier. - `email: optional string` The contact email address of the user. - `status: optional "accepted" or "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Member Create Response - `MemberCreateResponse { id, email, status }` Member attached to a User Group. - `id: string` Account member identifier. - `email: optional string` The contact email address of the user. - `status: optional "accepted" or "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Member Update Response - `MemberUpdateResponse { id, email, status }` Member attached to a User Group. - `id: string` Account member identifier. - `email: optional string` The contact email address of the user. - `status: optional "accepted" or "pending"` The member's status in the account. - `"accepted"` - `"pending"` ### Member Delete Response - `MemberDeleteResponse { id, email, status }` Member attached to a User Group. - `id: string` Account member identifier. - `email: optional string` The contact email address of the user. - `status: optional "accepted" or "pending"` The member's status in the account. - `"accepted"` - `"pending"` # SSO ## Get all SSO connectors **get** `/accounts/{account_id}/sso_connectors` Get all SSO connectors ### Path Parameters - `account_id: string` Account identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, created_on, email_domain, 4 more }` - `id: optional string` SSO Connector identifier tag. - `created_on: optional string` Timestamp for the creation of the SSO connector - `email_domain: optional string` - `enabled: optional boolean` - `updated_on: optional string` Timestamp for the last update of the SSO connector - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login - `verification: optional { code, status }` - `code: optional string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: optional "awaiting" or "pending" or "failed" or "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` - `result_info: optional { count, page, per_page, total_count }` - `count: optional number` Total number of results for the requested service - `page: optional number` Current page within paginated list of results - `per_page: optional number` Number of results per page of results - `total_count: optional number` Total results available without any search parameters ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/sso_connectors \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get single SSO connector **get** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Get single SSO connector ### Path Parameters - `account_id: string` Account identifier tag. - `sso_connector_id: string` SSO Connector identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, created_on, email_domain, 4 more }` - `id: optional string` SSO Connector identifier tag. - `created_on: optional string` Timestamp for the creation of the SSO connector - `email_domain: optional string` - `enabled: optional boolean` - `updated_on: optional string` Timestamp for the last update of the SSO connector - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login - `verification: optional { code, status }` - `code: optional string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: optional "awaiting" or "pending" or "failed" or "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/sso_connectors/$SSO_CONNECTOR_ID \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Initialize new SSO connector **post** `/accounts/{account_id}/sso_connectors` Initialize new SSO connector ### Path Parameters - `account_id: string` Account identifier tag. ### Body Parameters - `email_domain: string` Email domain of the new SSO connector - `begin_verification: optional boolean` Begin the verification process after creation - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, created_on, email_domain, 4 more }` - `id: optional string` SSO Connector identifier tag. - `created_on: optional string` Timestamp for the creation of the SSO connector - `email_domain: optional string` - `enabled: optional boolean` - `updated_on: optional string` Timestamp for the last update of the SSO connector - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login - `verification: optional { code, status }` - `code: optional string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: optional "awaiting" or "pending" or "failed" or "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/sso_connectors \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "email_domain": "example.com", "begin_verification": true }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Update SSO connector state **patch** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Update SSO connector state ### Path Parameters - `account_id: string` Account identifier tag. - `sso_connector_id: string` SSO Connector identifier tag. ### Body Parameters - `enabled: optional boolean` SSO Connector enabled state - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, created_on, email_domain, 4 more }` - `id: optional string` SSO Connector identifier tag. - `created_on: optional string` Timestamp for the creation of the SSO connector - `email_domain: optional string` - `enabled: optional boolean` - `updated_on: optional string` Timestamp for the last update of the SSO connector - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login - `verification: optional { code, status }` - `code: optional string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: optional "awaiting" or "pending" or "failed" or "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/sso_connectors/$SSO_CONNECTOR_ID \ -X PATCH \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "created_on": "2025-01-01T12:21:02.0000Z", "email_domain": "example.com", "enabled": false, "updated_on": "2025-01-01T12:21:02.0000Z", "use_fedramp_language": false, "verification": { "code": "cloudflare_dashboard_sso=023e105f4ecef8ad9ca31a8372d0c353", "status": "pending" } } } ``` ## Delete SSO connector **delete** `/accounts/{account_id}/sso_connectors/{sso_connector_id}` Delete SSO connector ### Path Parameters - `account_id: string` Account identifier tag. - `sso_connector_id: string` SSO Connector identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id }` - `id: string` Identifier ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/sso_connectors/$SSO_CONNECTOR_ID \ -X DELETE \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" } } ``` ## Begin SSO connector verification **post** `/accounts/{account_id}/sso_connectors/{sso_connector_id}/begin_verification` Begin SSO connector verification ### Path Parameters - `account_id: string` Account identifier tag. - `sso_connector_id: string` SSO Connector identifier tag. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/sso_connectors/$SSO_CONNECTOR_ID/begin_verification \ -X POST \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true } ``` ## Domain Types ### SSO List Response - `SSOListResponse { id, created_on, email_domain, 4 more }` - `id: optional string` SSO Connector identifier tag. - `created_on: optional string` Timestamp for the creation of the SSO connector - `email_domain: optional string` - `enabled: optional boolean` - `updated_on: optional string` Timestamp for the last update of the SSO connector - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login - `verification: optional { code, status }` - `code: optional string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: optional "awaiting" or "pending" or "failed" or "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Get Response - `SSOGetResponse { id, created_on, email_domain, 4 more }` - `id: optional string` SSO Connector identifier tag. - `created_on: optional string` Timestamp for the creation of the SSO connector - `email_domain: optional string` - `enabled: optional boolean` - `updated_on: optional string` Timestamp for the last update of the SSO connector - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login - `verification: optional { code, status }` - `code: optional string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: optional "awaiting" or "pending" or "failed" or "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Create Response - `SSOCreateResponse { id, created_on, email_domain, 4 more }` - `id: optional string` SSO Connector identifier tag. - `created_on: optional string` Timestamp for the creation of the SSO connector - `email_domain: optional string` - `enabled: optional boolean` - `updated_on: optional string` Timestamp for the last update of the SSO connector - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login - `verification: optional { code, status }` - `code: optional string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: optional "awaiting" or "pending" or "failed" or "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Update Response - `SSOUpdateResponse { id, created_on, email_domain, 4 more }` - `id: optional string` SSO Connector identifier tag. - `created_on: optional string` Timestamp for the creation of the SSO connector - `email_domain: optional string` - `enabled: optional boolean` - `updated_on: optional string` Timestamp for the last update of the SSO connector - `use_fedramp_language: optional boolean` Controls the display of FedRAMP language to the user during SSO login - `verification: optional { code, status }` - `code: optional string` DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership. - `status: optional "awaiting" or "pending" or "failed" or "verified"` The status of the verification code from the verification process. - `"awaiting"` - `"pending"` - `"failed"` - `"verified"` ### SSO Delete Response - `SSODeleteResponse { id }` - `id: string` Identifier ### SSO Begin Verification Response - `SSOBeginVerificationResponse { errors, messages, success }` - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true`