LogoCloudflare API

Magic Transit

magic_transit

Domain types

HealthCheck = { enabled, rate, target, 1 more... }
HealthCheckRate = "low" | "mid" | "high"

How frequent the health check is run. The default value is mid.

HealthCheckType = "reply" | "request"

The type of healthcheck to run, reply or request. The default value is reply.

Magic Transit

Apps

magic_transit.apps

Methods

List Apps -> SinglePage<{ account_app_id, hostnames, ip_subnets, 2 more... } | { managed_app_id, hostnames, ip_subnets, 2 more... }>
get/accounts/{account_id}/magic/apps

Lists Apps associated with an account.

Create A New App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
post/accounts/{account_id}/magic/apps

Creates a new App for an account

Update An App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
put/accounts/{account_id}/magic/apps/{account_app_id}

Updates an Account App

Update An App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
patch/accounts/{account_id}/magic/apps/{account_app_id}

Updates an Account App

Delete Account App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
delete/accounts/{account_id}/magic/apps/{account_app_id}

Deletes specific Account App.

Magic Transit

Cf Interconnects

magic_transit.cf_interconnects

Methods

List Interconnects -> Envelope<{ interconnects }>
get/accounts/{account_id}/magic/cf_interconnects

Lists interconnects associated with an account.

List Interconnect Details -> Envelope<{ interconnect }>
get/accounts/{account_id}/magic/cf_interconnects/{cf_interconnect_id}

Lists details for a specific interconnect.

Update Interconnect -> Envelope<{ modified, modified_interconnect }>
put/accounts/{account_id}/magic/cf_interconnects/{cf_interconnect_id}

Updates a specific interconnect associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Update Multiple Interconnects -> Envelope<{ modified, modified_interconnects }>
put/accounts/{account_id}/magic/cf_interconnects

Updates multiple interconnects associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Magic Transit

Connectors

magic_transit.connectors

Methods

List Connectors -> SinglePage<{ id, activated, interrupt_window_duration_hours, 8 more... }>
get/accounts/{account_id}/magic/connectors

List Connectors

Fetch Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 8 more... }>
get/accounts/{account_id}/magic/connectors/{connector_id}

Fetch Connector

Add A Connector To Your Account -> Envelope<{ id, activated, interrupt_window_duration_hours, 8 more... }>
post/accounts/{account_id}/magic/connectors

Add a connector to your account

Replace Connector Or Re Provision License Key -> Envelope<{ id, activated, interrupt_window_duration_hours, 8 more... }>
put/accounts/{account_id}/magic/connectors/{connector_id}

Replace Connector or Re-provision License Key

Edit Connector To Update Specific Properties Or Re Provision License Key -> Envelope<{ id, activated, interrupt_window_duration_hours, 8 more... }>
patch/accounts/{account_id}/magic/connectors/{connector_id}

Edit Connector to update specific properties or Re-provision License Key

Remove A Connector From Your Account -> Envelope<{ id, activated, interrupt_window_duration_hours, 8 more... }>
delete/accounts/{account_id}/magic/connectors/{connector_id}

Remove a connector from your account

Magic TransitConnectors

Events

magic_transit.connectors.events

Methods

List Events -> Envelope<{ count, items, cursor }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/events

List Events

Get Event -> Envelope<{ e, n, t }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/events/{event_t}.{event_n}

Get Event

Magic TransitConnectorsEvents

Latest

magic_transit.connectors.events.latest

Methods

Get Latest Events -> Envelope<{ count, items }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/events/latest

Get latest Events

Magic TransitConnectors

Snapshots

magic_transit.connectors.snapshots

Methods

List Snapshots -> Envelope<{ count, items, cursor }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/snapshots

List Snapshots

Get Snapshot -> Envelope<{ count_reclaim_failures, count_reclaimed_paths, count_record_failed, 167 more... }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/snapshots/{snapshot_t}

Get Snapshot

Magic TransitConnectorsSnapshots

Latest

magic_transit.connectors.snapshots.latest

Methods

Get Latest Snapshots -> Envelope<{ count, items }>
get/accounts/{account_id}/magic/connectors/{connector_id}/telemetry/snapshots/latest

Get latest Snapshots

Magic Transit

GRE Tunnels

magic_transit.gre_tunnels

Methods

List GRE Tunnels -> Envelope<{ gre_tunnels }>
get/accounts/{account_id}/magic/gre_tunnels

Lists GRE tunnels associated with an account.

List GRE Tunnel Details -> Envelope<{ gre_tunnel }>
get/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Lists informtion for a specific GRE tunnel.

Create A GRE Tunnel -> Envelope<{ id, cloudflare_gre_endpoint, customer_gre_endpoint, 12 more... }>
post/accounts/{account_id}/magic/gre_tunnels

Creates a new GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Update GRE Tunnel -> Envelope<{ modified, modified_gre_tunnel }>
put/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Updates a specific GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Delete GRE Tunnel -> Envelope<{ deleted, deleted_gre_tunnel }>
delete/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Disables and removes a specific static GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Update Multiple GRE Tunnels -> Envelope<{ modified, modified_gre_tunnels }>
put/accounts/{account_id}/magic/gre_tunnels

Updates multiple GRE tunnels. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Magic Transit

IPSEC Tunnels

magic_transit.ipsec_tunnels

Methods

List I Psec Tunnels -> Envelope<{ ipsec_tunnels }>
get/accounts/{account_id}/magic/ipsec_tunnels

Lists IPsec tunnels associated with an account.

List I Psec Tunnel Details -> Envelope<{ ipsec_tunnel }>
get/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Lists details for a specific IPsec tunnel.

Create An I Psec Tunnel -> Envelope<{ id, cloudflare_endpoint, interface_address, 14 more... }>
post/accounts/{account_id}/magic/ipsec_tunnels

Creates a new IPsec tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Update I Psec Tunnel -> Envelope<{ modified, modified_ipsec_tunnel }>
put/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Updates a specific IPsec tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Delete I Psec Tunnel -> Envelope<{ deleted, deleted_ipsec_tunnel }>
delete/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Disables and removes a specific static IPsec Tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Update Multiple I Psec Tunnels -> Envelope<{ modified, modified_ipsec_tunnels }>
put/accounts/{account_id}/magic/ipsec_tunnels

Update multiple IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Generate Pre Shared Key PSK For I Psec Tunnels -> Envelope<{ ipsec_tunnel_id, psk, psk_metadata }>
post/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}/psk_generate

Generates a Pre Shared Key for a specific IPsec tunnel used in the IKE session. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes. After a PSK is generated, the PSK is immediately persisted to Cloudflare's edge and cannot be retrieved later. Note the PSK in a safe place.

Domain types

PSKMetadata = { last_generated_on }

The PSK metadata that includes when the PSK was generated.

Magic Transit

PCAPs

magic_transit.pcaps

Methods

List Packet Capture Requests -> SinglePage<
PCAP
| { id, byte_limit, colo_name, 10 more... }>
get/accounts/{account_id}/pcaps

Lists all packet capture requests for an account.

Get PCAP Request -> Envelope<
PCAP
| { id, byte_limit, colo_name, 10 more... }>
get/accounts/{account_id}/pcaps/{pcap_id}

Get information for a PCAP request by id.

Create PCAP Request -> Envelope<
PCAP
| { id, byte_limit, colo_name, 10 more... }>
post/accounts/{account_id}/pcaps

Create new PCAP request for account.

Stop Full PCAP ->
put/accounts/{account_id}/pcaps/{pcap_id}/stop

Stop full PCAP.

Domain types

PCAP = { id, filter_v1, offset_time, 5 more... }
PCAPFilter = { destination_address, destination_port, protocol, 2 more... }

The packet capture filter. When this field is empty, all packets are captured.

Magic TransitPCAPs

Download

magic_transit.pcaps.download

Methods

Download Simple PCAP -> unknown
get/accounts/{account_id}/pcaps/{pcap_id}/download

Download PCAP information into a file. Response is a binary PCAP file.

Magic TransitPCAPs

Ownership

magic_transit.pcaps.ownership

Methods

List PCAPs Bucket Ownership -> SinglePage<
Ownership
>
get/accounts/{account_id}/pcaps/ownership

List all buckets configured for use with PCAPs API.

Add Buckets For Full Packet Captures -> Envelope<
Ownership
>
post/accounts/{account_id}/pcaps/ownership

Adds an AWS or GCP bucket to use with full packet captures.

Delete Buckets For Full Packet Captures ->
delete/accounts/{account_id}/pcaps/ownership/{ownership_id}

Deletes buckets added to the packet captures API.

Validate Buckets For Full Packet Captures -> Envelope<
Ownership
>
post/accounts/{account_id}/pcaps/ownership/validate

Validates buckets added to the packet captures API.

Domain types

Ownership = { id, destination_conf, filename, 3 more... }
Magic Transit

Routes

magic_transit.routes

Methods

List Routes -> Envelope<{ routes }>
get/accounts/{account_id}/magic/routes

List all Magic static routes.

Route Details -> Envelope<{ route }>
get/accounts/{account_id}/magic/routes/{route_id}

Get a specific Magic static route.

Create A Route -> Envelope<{ id, nexthop, prefix, 6 more... }>
post/accounts/{account_id}/magic/routes

Creates a new Magic static route. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes.

Update Route -> Envelope<{ modified, modified_route }>
put/accounts/{account_id}/magic/routes/{route_id}

Update a specific Magic static route. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes.

Delete Route -> Envelope<{ deleted, deleted_route }>
delete/accounts/{account_id}/magic/routes/{route_id}

Disable and remove a specific Magic static route.

Update Many Routes -> Envelope<{ modified, modified_routes }>
put/accounts/{account_id}/magic/routes

Update multiple Magic static routes. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes. Only fields for a route that need to be changed need be provided.

Delete Many Routes -> Envelope<{ deleted, deleted_routes }>
delete/accounts/{account_id}/magic/routes

Delete multiple Magic static routes.

Domain types

Scope = { colo_names, colo_regions }

Used only for ECMP routes.

Magic Transit

Sites

magic_transit.sites

Methods

List Sites -> SinglePage<
Site
>
get/accounts/{account_id}/magic/sites

Lists Sites associated with an account. Use connectorid query param to return sites where connectorid matches either site.ConnectorID or site.SecondaryConnectorID.

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Magic WAN Write Magic WAN Read Magic Transit Read Magic Transit Write

path Parameters
account_id: string
(maxLength: 32)

Identifier

query Parameters
connectorid: string
Optional
(maxLength: 32)

Identifier

Response fields
errors: Array<
ResponseInfo
>
messages: Array<
ResponseInfo
>
result: Array<
Site
>
success: true

Whether the API call was successful

Request example
200Example
Site Details -> Envelope<
Site
>
get/accounts/{account_id}/magic/sites/{site_id}

Get a specific Site.

Create A New Site -> Envelope<
Site
>
post/accounts/{account_id}/magic/sites

Creates a new Site

Update Site -> Envelope<
Site
>
put/accounts/{account_id}/magic/sites/{site_id}

Update a specific Site.

Patch Site -> Envelope<
Site
>
patch/accounts/{account_id}/magic/sites/{site_id}

Patch a specific Site.

Delete Site -> Envelope<
Site
>
delete/accounts/{account_id}/magic/sites/{site_id}

Remove a specific Site.

Domain types

Site = { id, connector_id, description, 4 more... }
SiteLocation = { lat, lon }

Location of site in latitude and longitude.

Magic TransitSites

ACLs

magic_transit.sites.acls

Methods

List Site ACLs -> SinglePage<
ACL
>
get/accounts/{account_id}/magic/sites/{site_id}/acls

Lists Site ACLs associated with an account.

Site ACL Details -> Envelope<
ACL
>
get/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Get a specific Site ACL.

Create A New Site ACL -> Envelope<
ACL
>
post/accounts/{account_id}/magic/sites/{site_id}/acls

Creates a new Site ACL.

Update Site ACL -> Envelope<
ACL
>
put/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Update a specific Site ACL.

Patch Site ACL -> Envelope<
ACL
>
patch/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Patch a specific Site ACL.

Delete Site ACL -> Envelope<
ACL
>
delete/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Remove a specific Site ACL.

Domain types

ACL = { id, description, forward_locally, 5 more... }

Bidirectional ACL policy for network traffic within a site.

ACLConfiguration = { lan_id, lan_name, port_ranges, 2 more... }
AllowedProtocol = "tcp" | "udp" | "icmp"

Array of allowed communication protocols between configured LANs. If no protocols are provided, all protocols are allowed.

Subnet = string

A valid IPv4 address.

Magic TransitSites

App Configuration

magic_transit.sites.app_configuration

Methods

List App Configs -> SinglePage<{ account_app_id, id, breakout, 3 more... } | { managed_app_id, id, breakout, 3 more... }>
get/accounts/{account_id}/magic/sites/{site_id}/app_configs

Lists App Configs associated with a site.

Create A New App Config -> Envelope<{ account_app_id, id, breakout, 3 more... } | { managed_app_id, id, breakout, 3 more... }>
post/accounts/{account_id}/magic/sites/{site_id}/app_configs

Creates a new App Config for a site

Update An App Config -> Envelope<{ account_app_id, id, breakout, 3 more... } | { managed_app_id, id, breakout, 3 more... }>
put/accounts/{account_id}/magic/sites/{site_id}/app_configs/{app_config_id}

Updates an App Config for a site

Update An App Config -> Envelope<{ account_app_id, id, breakout, 3 more... } | { managed_app_id, id, breakout, 3 more... }>
patch/accounts/{account_id}/magic/sites/{site_id}/app_configs/{app_config_id}

Updates an App Config for a site

Delete App Config -> Envelope<{ account_app_id, id, breakout, 3 more... } | { managed_app_id, id, breakout, 3 more... }>
delete/accounts/{account_id}/magic/sites/{site_id}/app_configs/{app_config_id}

Deletes specific App Config associated with a site.

Magic TransitSites

LANs

magic_transit.sites.lans

Methods

List Site LANs -> SinglePage<
LAN
>
get/accounts/{account_id}/magic/sites/{site_id}/lans

Lists Site LANs associated with an account.

Site LAN Details -> Envelope<
LAN
>
get/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Get a specific Site LAN.

Create A New Site LAN -> SinglePage<
LAN
>
post/accounts/{account_id}/magic/sites/{site_id}/lans

Creates a new Site LAN. If the site is in high availability mode, static_addressing is required along with secondary and virtual address.

Update Site LAN -> Envelope<
LAN
>
put/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Update a specific Site LAN.

Patch Site LAN -> Envelope<
LAN
>
patch/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Patch a specific Site LAN.

Delete Site LAN -> Envelope<
LAN
>
delete/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Remove a specific Site LAN.

Domain types

DHCPRelay = { server_addresses }
DHCPServer = { dhcp_pool_end, dhcp_pool_start, dns_server, 2 more... }
LAN = { id, ha_link, name, 6 more... }
LANStaticAddressing = { address, dhcp_relay, dhcp_server, 2 more... }

If the site is not configured in high availability mode, this configuration is optional (if omitted, use DHCP). However, if in high availability mode, static_address is required along with secondary and virtual address.

Nat = { static_prefix }
RoutedSubnet = { next_hop, prefix, nat }
Magic TransitSites

WANs

magic_transit.sites.wans

Methods

List Site WANs -> SinglePage<
WAN
>
get/accounts/{account_id}/magic/sites/{site_id}/wans

Lists Site WANs associated with an account.

Site WAN Details -> Envelope<
WAN
>
get/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Get a specific Site WAN.

Create A New Site WAN -> SinglePage<
WAN
>
post/accounts/{account_id}/magic/sites/{site_id}/wans

Creates a new Site WAN.

Update Site WAN -> Envelope<
WAN
>
put/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Update a specific Site WAN.

Patch Site WAN -> Envelope<
WAN
>
patch/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Patch a specific Site WAN.

Delete Site WAN -> Envelope<
WAN
>
delete/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Remove a specific Site WAN.

Domain types

WAN = { id, health_check_rate, name, 5 more... }
WANStaticAddressing = { address, gateway_address, secondary_address }

(optional) if omitted, use DHCP. Submit secondary_address when site is in high availability mode.