Skip to content
Cloudflare API
Start here
API Reference
Resource Tagging

List tagged resources

GET/accounts/{account_id}/tags/resources

Lists all tagged resources for an account.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Path ParametersExpand Collapse
account_id: string

Identifier.

maxLength32
minLength32
Query ParametersExpand Collapse
cursor: optional string

Cursor for pagination.

tag: optional array of string

Filter resources by tag criteria. This parameter can be repeated multiple times, with AND logic between parameters.

Supported syntax:

  • Key-only: tag=<key> - Resource must have the tag key (e.g., tag=production)
  • Key-value: tag=<key>=<value> - Resource must have the tag with specific value (e.g., tag=env=prod)
  • Multiple values (OR): tag=<key>=<v1>,<v2> - Resource must have tag with any of the values (e.g., tag=env=prod,staging)
  • Negate key-only: tag=!<key> - Resource must not have the tag key (e.g., tag=!archived)
  • Negate key-value: tag=<key>!=<value> - Resource must not have the tag with specific value (e.g., tag=region!=us-west-1)

Multiple tag parameters are combined with AND logic.

type: optional array of "access_application" or "access_application_policy" or "access_group" or 24 more

Filter by resource type. Can be repeated to filter by multiple types (OR logic). Example: ?type=zone&type=worker

One of the following:
"access_application"
"access_application_policy"
"access_group"
"account"
"ai_gateway"
"alerting_policy"
"alerting_webhook"
"api_gateway_operation"
"cloudflared_tunnel"
"custom_certificate"
"custom_hostname"
"d1_database"
"dns_record"
"durable_object_namespace"
"gateway_list"
"gateway_rule"
"image"
"kv_namespace"
"managed_client_certificate"
"queue"
"r2_bucket"
"resource_share"
"stream_live_input"
"stream_video"
"worker"
"worker_version"
"zone"
ReturnsExpand Collapse
errors: array of { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional { pointer }
pointer: optional string
messages: array of { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional array of { id, etag, name, 2 more } or { id, access_application_id, etag, 4 more } or { id, etag, name, 2 more } or 24 more
One of the following:
AccessApplication { id, etag, name, 2 more }

Response for access_application resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_application"
AccessApplicationPolicy { id, access_application_id, etag, 4 more }

Response for access_application_policy resources

id: string

Identifies the unique resource.

access_application_id: string

Access application ID is required only for access_application_policy resources

formatuuid
etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_application_policy"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
AccessGroup { id, etag, name, 2 more }

Response for access_group resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_group"
Account { id, etag, name, 2 more }

Response for account resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "account"
AIGateway { id, etag, name, 2 more }

Response for ai_gateway resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "ai_gateway"
AlertingPolicy { id, etag, name, 2 more }

Response for alerting_policy resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "alerting_policy"
AlertingWebhook { id, etag, name, 2 more }

Response for alerting_webhook resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "alerting_webhook"
APIGatewayOperation { id, etag, name, 3 more }

Response for api_gateway_operation resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "api_gateway_operation"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
CloudflaredTunnel { id, etag, name, 2 more }

Response for cloudflared_tunnel resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "cloudflared_tunnel"
CustomCertificate { id, etag, name, 3 more }

Response for custom_certificate resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "custom_certificate"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
CustomHostname { id, etag, name, 3 more }

Response for custom_hostname resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "custom_hostname"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
D1Database { id, etag, name, 2 more }

Response for d1_database resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "d1_database"
DNSRecord { id, etag, name, 3 more }

Response for dns_record resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "dns_record"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
DurableObjectNamespace { id, etag, name, 2 more }

Response for durable_object_namespace resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "durable_object_namespace"
GatewayList { id, etag, name, 2 more }

Response for gateway_list resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "gateway_list"
GatewayRule { id, etag, name, 2 more }

Response for gateway_rule resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "gateway_rule"
Image { id, etag, name, 2 more }

Response for image resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "image"
KVNamespace { id, etag, name, 2 more }

Response for kv_namespace resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "kv_namespace"
ManagedClientCertificate { id, etag, name, 3 more }

Response for managed_client_certificate resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "managed_client_certificate"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
Queue { id, etag, name, 2 more }

Response for queue resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "queue"
R2Bucket { id, etag, name, 2 more }

Response for r2_bucket resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "r2_bucket"
ResourceShare { id, etag, name, 2 more }

Response for resource_share resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "resource_share"
StreamLiveInput { id, etag, name, 2 more }

Response for stream_live_input resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "stream_live_input"
StreamVideo { id, etag, name, 2 more }

Response for stream_video resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "stream_video"
Worker { id, etag, name, 2 more }

Response for worker resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "worker"
WorkerVersion { id, etag, name, 3 more }

Response for worker_version resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "worker_version"
worker_id: string

Worker ID is required only for worker_version resources

Zone { id, etag, name, 3 more }

Response for zone resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "zone"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
result_info: optional { count, cursor }
count: optional number

Indicates the number of results returned in the current page.

cursor: optional string

Provides a cursor for the next page of results. Include this value in the next request to continue pagination.

List tagged resources

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "etag": "v1:RBNvo1WzZ4oRRq0W9-hkng",
      "name": "my-worker-script",
      "tags": {
        "environment": "production",
        "team": "engineering"
      },
      "type": "access_application"
    }
  ],
  "result_info": {
    "count": 20,
    "cursor": "eyJhY2NvdW50X2lkIjoxMjM0NTY3ODkwfQ"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "etag": "v1:RBNvo1WzZ4oRRq0W9-hkng",
      "name": "my-worker-script",
      "tags": {
        "environment": "production",
        "team": "engineering"
      },
      "type": "access_application"
    }
  ],
  "result_info": {
    "count": 20,
    "cursor": "eyJhY2NvdW50X2lkIjoxMjM0NTY3ODkwfQ"
  }
}