Magic Transit

magic_transit

Domain types

HealthCheck = { enabled, rate, target, 1 more... }
HealthCheckRate = "low" | "mid" | "high"

How frequent the health check is run. The default value is mid.

HealthCheckType = "reply" | "request"

The type of healthcheck to run, reply or request. The default value is reply.

magic_transit.apps

Methods

Create A New App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
post/accounts/{account_id}/magic/apps

Creates a new App for an account

Delete Account App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
delete/accounts/{account_id}/magic/apps/{account_app_id}

Deletes specific Account App.

Update An App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
patch/accounts/{account_id}/magic/apps/{account_app_id}

Updates an Account App

List Apps -> SinglePage<{ account_app_id, hostnames, ip_subnets, 2 more... } | { managed_app_id, hostnames, ip_subnets, 2 more... }>
get/accounts/{account_id}/magic/apps

Lists Apps associated with an account.

Update An App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
put/accounts/{account_id}/magic/apps/{account_app_id}

Updates an Account App

Magic Transit

Cf Interconnects

magic_transit.cf_interconnects

Methods

Update Multiple Interconnects -> Envelope<{ modified, modified_interconnects }>
put/accounts/{account_id}/magic/cf_interconnects

Updates multiple interconnects associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List Interconnect Details -> Envelope<{ interconnect }>
get/accounts/{account_id}/magic/cf_interconnects/{cf_interconnect_id}

Lists details for a specific interconnect.

List Interconnects -> Envelope<{ interconnects }>
get/accounts/{account_id}/magic/cf_interconnects

Lists interconnects associated with an account.

Update Interconnect -> Envelope<{ modified, modified_interconnect }>
put/accounts/{account_id}/magic/cf_interconnects/{cf_interconnect_id}

Updates a specific interconnect associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Magic Transit

Connectors

magic_transit.connectors

Methods

Add A Connector To Your Account -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
post/accounts/{account_id}/magic/connectors

Add a connector to your account

Remove A Connector From Your Account -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
delete/accounts/{account_id}/magic/connectors/{connector_id}

Remove a connector from your account

Edit Connector To Update Specific Properties -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
patch/accounts/{account_id}/magic/connectors/{connector_id}

Edit Connector to update specific properties

Fetch Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
get/accounts/{account_id}/magic/connectors/{connector_id}

Fetch Connector

List Connectors -> SinglePage<{ id, activated, interrupt_window_duration_hours, 7 more... }>
get/accounts/{account_id}/magic/connectors

List Connectors

Replace Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
put/accounts/{account_id}/magic/connectors/{connector_id}

Replace Connector

magic_transit.connectors.events

Methods

Get Event -> Envelope<{ e, n, t }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/events/{event_t}.{event_n}

Get Event

List Events -> Envelope<{ count, items, cursor }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/events

List Events

magic_transit.connectors.events.latest

Methods

Get Latest Events -> Envelope<{ count, items }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/events/latest

Get latest Events

magic_transit.connectors.snapshots

Methods

Get Snapshot -> Envelope<{ count_reclaim_failures, count_reclaimed_paths, count_record_failed, 166 more... }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/snapshots/{snapshot_t}

Get Snapshot

List Snapshots -> Envelope<{ count, items, cursor }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/snapshots

List Snapshots

magic_transit.connectors.snapshots.latest

Methods

Get Latest Snapshots -> Envelope<{ count, items }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/snapshots/latest

Get latest Snapshots

Magic Transit

GRE Tunnels

magic_transit.gre_tunnels

Methods

Update Multiple GRE Tunnels -> Envelope<{ modified, modified_gre_tunnels }>
put/accounts/{account_id}/magic/gre_tunnels

Updates multiple GRE tunnels. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Create A GRE Tunnel -> Envelope<{ id, cloudflare_gre_endpoint, customer_gre_endpoint, 8 more... }>
post/accounts/{account_id}/magic/gre_tunnels

Creates a new GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Delete GRE Tunnel -> Envelope<{ deleted, deleted_gre_tunnel }>
delete/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Disables and removes a specific static GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List GRE Tunnel Details -> Envelope<{ gre_tunnel }>
get/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Lists informtion for a specific GRE tunnel.

List GRE Tunnels -> Envelope<{ gre_tunnels }>
get/accounts/{account_id}/magic/gre_tunnels

Lists GRE tunnels associated with an account.

Update GRE Tunnel -> Envelope<{ modified, modified_gre_tunnel }>
put/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Updates a specific GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Magic Transit

IPSEC Tunnels

magic_transit.ipsec_tunnels

Methods

Update Multiple I Psec Tunnels -> Envelope<{ modified, modified_ipsec_tunnels }>
put/accounts/{account_id}/magic/ipsec_tunnels

Update multiple IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Create An I Psec Tunnel -> Envelope<{ id, cloudflare_endpoint, interface_address, 9 more... }>
post/accounts/{account_id}/magic/ipsec_tunnels

Creates a new IPsec tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Delete I Psec Tunnel -> Envelope<{ deleted, deleted_ipsec_tunnel }>
delete/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Disables and removes a specific static IPsec Tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List I Psec Tunnel Details -> Envelope<{ ipsec_tunnel }>
get/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Lists details for a specific IPsec tunnel.

List I Psec Tunnels -> Envelope<{ ipsec_tunnels }>
get/accounts/{account_id}/magic/ipsec_tunnels

Lists IPsec tunnels associated with an account.

Generate Pre Shared Key PSK For I Psec Tunnels -> Envelope<{ ipsec_tunnel_id, psk, psk_metadata }>
post/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}/psk_generate

Generates a Pre Shared Key for a specific IPsec tunnel used in the IKE session. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes. After a PSK is generated, the PSK is immediately persisted to Cloudflare's edge and cannot be retrieved later. Note the PSK in a safe place.

Update I Psec Tunnel -> Envelope<{ modified, modified_ipsec_tunnel }>
put/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Updates a specific IPsec tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Domain types

PSKMetadata = { last_generated_on }

The PSK metadata that includes when the PSK was generated.

magic_transit.pcaps

Methods

Create PCAP Request -> Envelope< | { id, byte_limit, colo_name, 10 more... }>
post/accounts/{account_id}/pcaps

Create new PCAP request for account.

Get PCAP Request -> Envelope< | { id, byte_limit, colo_name, 10 more... }>
get/accounts/{account_id}/pcaps/{pcap_id}

Get information for a PCAP request by id.

List Packet Capture Requests -> SinglePage< | { id, byte_limit, colo_name, 10 more... }>
get/accounts/{account_id}/pcaps

Lists all packet capture requests for an account.

Stop Full PCAP ->
put/accounts/{account_id}/pcaps/{pcap_id}/stop

Stop full PCAP

Domain types

PCAP = { id, filter_v1, offset_time, 5 more... }
PCAPFilter = { destination_address, destination_port, protocol, 2 more... }

The packet capture filter. When this field is empty, all packets are captured.

magic_transit.pcaps.download

Methods

Download Simple PCAP -> unknown
get/accounts/{account_id}/pcaps/{pcap_id}/download

Download PCAP information into a file. Response is a binary PCAP file.

magic_transit.pcaps.ownership

Methods

Add Buckets For Full Packet Captures -> Envelope<>
post/accounts/{account_id}/pcaps/ownership

Adds an AWS or GCP bucket to use with full packet captures.

Delete Buckets For Full Packet Captures ->
delete/accounts/{account_id}/pcaps/ownership/{ownership_id}

Deletes buckets added to the packet captures API.

List PCAPs Bucket Ownership -> SinglePage<>
get/accounts/{account_id}/pcaps/ownership

List all buckets configured for use with PCAPs API.

Validate Buckets For Full Packet Captures -> Envelope<>
post/accounts/{account_id}/pcaps/ownership/validate

Validates buckets added to the packet captures API.

Domain types

Ownership = { id, destination_conf, filename, 3 more... }

magic_transit.routes

Methods

Update Many Routes -> Envelope<{ modified, modified_routes }>
put/accounts/{account_id}/magic/routes

Update multiple Magic static routes. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes. Only fields for a route that need to be changed need be provided.

Create A Route -> Envelope<{ id, nexthop, prefix, 6 more... }>
post/accounts/{account_id}/magic/routes

Creates a new Magic static route. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes.

Delete Route -> Envelope<{ deleted, deleted_route }>
delete/accounts/{account_id}/magic/routes/{route_id}

Disable and remove a specific Magic static route.

Delete Many Routes -> Envelope<{ deleted, deleted_routes }>
delete/accounts/{account_id}/magic/routes

Delete multiple Magic static routes.

Route Details -> Envelope<{ route }>
get/accounts/{account_id}/magic/routes/{route_id}

Get a specific Magic static route.

List Routes -> Envelope<{ routes }>
get/accounts/{account_id}/magic/routes

List all Magic static routes.

Update Route -> Envelope<{ modified, modified_route }>
put/accounts/{account_id}/magic/routes/{route_id}

Update a specific Magic static route. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes.

Domain types

Scope = { colo_names, colo_regions }

Used only for ECMP routes.

magic_transit.sites

Methods

Create A New Site -> Envelope<>
post/accounts/{account_id}/magic/sites

Creates a new Site

Delete Site -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}

Remove a specific Site.

Patch Site -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}

Patch a specific Site.

Site Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}

Get a specific Site.

List Sites -> SinglePage<>
get/accounts/{account_id}/magic/sites

Lists Sites associated with an account. Use connectorid query param to return sites where connectorid matches either site.ConnectorID or site.SecondaryConnectorID.

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Magic WAN Write Magic WAN Read Magic Transit Read Magic Transit Write

path Parameters
account_id: string
(maxLength: 32)

Identifier

query Parameters
connectorid: string
Optional
(maxLength: 32)

Identifier

Response fields
errors: Array<>
messages: Array<>
result: Array<>
success: true

Whether the API call was successful

Request example
200Example
Update Site -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}

Update a specific Site.

Domain types

Site = { id, connector_id, description, 4 more... }
SiteLocation = { lat, lon }

Location of site in latitude and longitude.

magic_transit.sites.acls

Methods

Create A New Site ACL -> Envelope<>
post/accounts/{account_id}/magic/sites/{site_id}/acls

Creates a new Site ACL.

Delete Site ACL -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Remove a specific Site ACL.

Patch Site ACL -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Patch a specific Site ACL.

Site ACL Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Get a specific Site ACL.

List Site ACLs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/acls

Lists Site ACLs associated with an account.

Update Site ACL -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Update a specific Site ACL.

Domain types

ACL = { id, description, forward_locally, 5 more... }

Bidirectional ACL policy for network traffic within a site.

ACLConfiguration = { lan_id, lan_name, port_ranges, 2 more... }
AllowedProtocol = "tcp" | "udp" | "icmp"

Array of allowed communication protocols between configured LANs. If no protocols are provided, all protocols are allowed.

Subnet = string

A valid IPv4 address.

Magic TransitSites

App Configuration

magic_transit.sites.app_configuration

Methods

Create A New App Config -> Envelope<{ account_app_id, id, breakout, 2 more... } | { managed_app_id, id, breakout, 2 more... }>
post/accounts/{account_id}/magic/sites/{site_id}/app_configs

Creates a new App Config for a site

Delete App Config -> Envelope<{ account_app_id, id, breakout, 2 more... } | { managed_app_id, id, breakout, 2 more... }>
delete/accounts/{account_id}/magic/sites/{site_id}/app_configs/{app_config_id}

Deletes specific App Config associated with a site.

Update An App Config -> Envelope<{ account_app_id, id, breakout, 2 more... } | { managed_app_id, id, breakout, 2 more... }>
patch/accounts/{account_id}/magic/sites/{site_id}/app_configs/{app_config_id}

Updates an App Config for a site

List App Configs -> SinglePage<{ account_app_id, id, breakout, 2 more... } | { managed_app_id, id, breakout, 2 more... }>
get/accounts/{account_id}/magic/sites/{site_id}/app_configs

Lists App Configs associated with a site.

Update An App Config -> Envelope<{ account_app_id, id, breakout, 2 more... } | { managed_app_id, id, breakout, 2 more... }>
put/accounts/{account_id}/magic/sites/{site_id}/app_configs/{app_config_id}

Updates an App Config for a site

magic_transit.sites.lans

Methods

Create A New Site LAN -> SinglePage<>
post/accounts/{account_id}/magic/sites/{site_id}/lans

Creates a new Site LAN. If the site is in high availability mode, static_addressing is required along with secondary and virtual address.

Delete Site LAN -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Remove a specific Site LAN.

Patch Site LAN -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Patch a specific Site LAN.

Site LAN Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Get a specific Site LAN.

List Site LANs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/lans

Lists Site LANs associated with an account.

Update Site LAN -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Update a specific Site LAN.

Domain types

DHCPRelay = { server_addresses }
DHCPServer = { dhcp_pool_end, dhcp_pool_start, dns_server, 2 more... }
LAN = { id, ha_link, name, 6 more... }
LANStaticAddressing = { address, dhcp_relay, dhcp_server, 2 more... }

If the site is not configured in high availability mode, this configuration is optional (if omitted, use DHCP). However, if in high availability mode, static_address is required along with secondary and virtual address.

Nat = { static_prefix }
RoutedSubnet = { next_hop, prefix, nat }

magic_transit.sites.wans

Methods

Create A New Site WAN -> SinglePage<>
post/accounts/{account_id}/magic/sites/{site_id}/wans

Creates a new Site WAN.

Delete Site WAN -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Remove a specific Site WAN.

Patch Site WAN -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Patch a specific Site WAN.

Site WAN Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Get a specific Site WAN.

List Site WANs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/wans

Lists Site WANs associated with an account.

Update Site WAN -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Update a specific Site WAN.

Domain types

WAN = { id, health_check_rate, name, 5 more... }
WANStaticAddressing = { address, gateway_address, secondary_address }

(optional) if omitted, use DHCP. Submit secondary_address when site is in high availability mode.