Skip to content
Cloudflare API
Start here
API Reference
Magic Transit
IPSEC Tunnels

Set Pre-Shared Keys (PSK) for IPsec tunnels

POST/accounts/{account_id}/magic/ipsec_tunnels/psk

Sets Pre-Shared Keys for multiple IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes. After PSKs are applied, they are immediately persisted to Cloudflare’s edge and cannot be retrieved later. Store the PSKs in a safe place.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Magic WAN WriteMagic Transit Write
Path ParametersExpand Collapse
account_id: string

Identifier

maxLength32
Query ParametersExpand Collapse
validate_only: optional boolean

If true, only run validation without persisting changes.

Body ParametersJSONExpand Collapse
psks: array of object { id, psk }

List of tunnel ID and PSK pairs.

id: string

The ID of the IPsec tunnel.

maxLength32
psk: string

A randomly generated or provided string for use in the IPsec tunnel.

ReturnsExpand Collapse
errors: array of ResponseInfo { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
messages: array of ResponseInfo { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
result: object { successfully_applied_psks, unapplied_psks }
successfully_applied_psks: optional map[object { ipsec_id, ipsec_tunnel_id, psk, psk_metadata } ]

Map of tunnel IDs to successfully applied PSK details.

ipsec_id: string

The IKE identifier used for this tunnel on the Cloudflare edge.

ipsec_tunnel_id: string

Identifier

maxLength32
psk: string

A randomly generated or provided string for use in the IPsec tunnel.

psk_metadata: PSKMetadata { last_generated_on }

The PSK metadata that includes when the PSK was generated.

last_generated_on: optional string

The date and time the tunnel was last modified.

formatdate-time
unapplied_psks: optional map[string]

Map of tunnel IDs to failure reasons for PSKs that could not be applied.

success: true

Whether the API call was successful

Set Pre-Shared Keys (PSK) for IPsec tunnels

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/magic/ipsec_tunnels/psk \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -d '{
          "psks": [
            {
              "id": "023e105f4ecef8ad9ca31a8372d0c353",
              "psk": "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy"
            }
          ]
        }'
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "successfully_applied_psks": {
      "foo": {
        "ipsec_id": "12345_abc123def4567890abcdef1234567890",
        "ipsec_tunnel_id": "023e105f4ecef8ad9ca31a8372d0c353",
        "psk": "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
        "psk_metadata": {
          "last_generated_on": "2017-06-14T05:20:00Z"
        }
      }
    },
    "unapplied_psks": {
      "foo": "string"
    }
  },
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "successfully_applied_psks": {
      "foo": {
        "ipsec_id": "12345_abc123def4567890abcdef1234567890",
        "ipsec_tunnel_id": "023e105f4ecef8ad9ca31a8372d0c353",
        "psk": "O3bwKSjnaoCxDoUxjcq4Rk8ZKkezQUiy",
        "psk_metadata": {
          "last_generated_on": "2017-06-14T05:20:00Z"
        }
      }
    },
    "unapplied_psks": {
      "foo": "string"
    }
  },
  "success": true
}