API Reference

Resource Tagging

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

List tagged resources

GET/accounts/{account_id}/tags/resources

Lists all tagged resources for an account.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Path ParametersExpand Collapse

account_id: string

Identifier.

maxLength32

minLength32

Query ParametersExpand Collapse

cursor: optional string

Cursor for pagination.

tag: optional array of string

Filter resources by tag criteria. This parameter can be repeated multiple times, with AND logic between parameters.

Supported syntax:

• Key-only: tag=<key> - Resource must have the tag key (e.g., tag=production)
• Key-value: tag=<key>=<value> - Resource must have the tag with specific value (e.g., tag=env=prod)
• Multiple values (OR): tag=<key>=<v1>,<v2> - Resource must have tag with any of the values (e.g., tag=env=prod,staging)
• Negate key-only: tag=!<key> - Resource must not have the tag key (e.g., tag=!archived)
• Negate key-value: tag=<key>!=<value> - Resource must not have the tag with specific value (e.g., tag=region!=us-west-1)

Multiple tag parameters are combined with AND logic.

type: optional array of "access_application" or "access_application_policy" or "access_group" or 24 more

Filter by resource type. Can be repeated to filter by multiple types (OR logic). Example: ?type=zone&type=worker

One of the following:

"access_application"

"access_application_policy"

"access_group"

"account"

"ai_gateway"

"alerting_policy"

"alerting_webhook"

"api_gateway_operation"

"cloudflared_tunnel"

"custom_certificate"

"custom_hostname"

"d1_database"

"dns_record"

"durable_object_namespace"

"gateway_list"

"gateway_rule"

"image"

"kv_namespace"

"managed_client_certificate"

"queue"

"r2_bucket"

"resource_share"

"stream_live_input"

"stream_video"

"worker"

"worker_version"

"zone"

ReturnsExpand Collapse

errors: array of object { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

messages: array of object { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

success: true

Whether the API call was successful.

result: optional array of object { id, etag, name, 2 more } or object { id, access_application_id, etag, 4 more } or object { id, etag, name, 2 more } or 24 more

One of the following:

AccessApplication = object { id, etag, name, 2 more }

Response for access_application resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_application"

AccessApplicationPolicy = object { id, access_application_id, etag, 4 more }

Response for access_application_policy resources

id: string

Identifies the unique resource.

access_application_id: string

Access application ID is required only for access_application_policy resources

formatuuid

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_application_policy"

zone_id: string

Zone ID is required only for zone-level resources

maxLength32

minLength32

AccessGroup = object { id, etag, name, 2 more }

Response for access_group resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_group"

Account = object { id, etag, name, 2 more }

Response for account resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "account"

AIGateway = object { id, etag, name, 2 more }

Response for ai_gateway resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "ai_gateway"

AlertingPolicy = object { id, etag, name, 2 more }

Response for alerting_policy resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "alerting_policy"

AlertingWebhook = object { id, etag, name, 2 more }

Response for alerting_webhook resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "alerting_webhook"

APIGatewayOperation = object { id, etag, name, 3 more }

Response for api_gateway_operation resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "api_gateway_operation"

zone_id: string

Zone ID is required only for zone-level resources

maxLength32

minLength32

CloudflaredTunnel = object { id, etag, name, 2 more }

Response for cloudflared_tunnel resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "cloudflared_tunnel"

CustomCertificate = object { id, etag, name, 3 more }

Response for custom_certificate resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "custom_certificate"

zone_id: string

Zone ID is required only for zone-level resources

maxLength32

minLength32

CustomHostname = object { id, etag, name, 3 more }

Response for custom_hostname resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "custom_hostname"

zone_id: string

Zone ID is required only for zone-level resources

maxLength32

minLength32

D1Database = object { id, etag, name, 2 more }

Response for d1_database resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "d1_database"

DNSRecord = object { id, etag, name, 3 more }

Response for dns_record resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "dns_record"

zone_id: string

Zone ID is required only for zone-level resources

maxLength32

minLength32

DurableObjectNamespace = object { id, etag, name, 2 more }

Response for durable_object_namespace resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "durable_object_namespace"

GatewayList = object { id, etag, name, 2 more }

Response for gateway_list resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "gateway_list"

GatewayRule = object { id, etag, name, 2 more }

Response for gateway_rule resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "gateway_rule"

Image = object { id, etag, name, 2 more }

Response for image resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "image"

KVNamespace = object { id, etag, name, 2 more }

Response for kv_namespace resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "kv_namespace"

ManagedClientCertificate = object { id, etag, name, 3 more }

Response for managed_client_certificate resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "managed_client_certificate"

zone_id: string

Zone ID is required only for zone-level resources

maxLength32

minLength32

Queue = object { id, etag, name, 2 more }

Response for queue resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "queue"

R2Bucket = object { id, etag, name, 2 more }

Response for r2_bucket resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "r2_bucket"

ResourceShare = object { id, etag, name, 2 more }

Response for resource_share resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "resource_share"

StreamLiveInput = object { id, etag, name, 2 more }

Response for stream_live_input resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "stream_live_input"

StreamVideo = object { id, etag, name, 2 more }

Response for stream_video resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "stream_video"

Worker = object { id, etag, name, 2 more }

Response for worker resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "worker"

WorkerVersion = object { id, etag, name, 3 more }

Response for worker_version resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "worker_version"

worker_id: string

Worker ID is required only for worker_version resources

Zone = object { id, etag, name, 3 more }

Response for zone resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as "v1:" where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "zone"

zone_id: string

Zone ID is required only for zone-level resources

maxLength32

minLength32

result_info: optional object { count, cursor }

count: optional number

Indicates the number of results returned in the current page.

cursor: optional string

Provides a cursor for the next page of results. Include this value in the next request to continue pagination.

List tagged resources

HTTP

HTTP

TypeScript

Python

Go

Terraform

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY"

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "etag": "v1:RBNvo1WzZ4oRRq0W9-hkng",
      "name": "my-worker-script",
      "tags": {
        "environment": "production",
        "team": "engineering"
      },
      "type": "access_application"
    }
  ],
  "result_info": {
    "count": 20,
    "cursor": "eyJhY2NvdW50X2lkIjoxMjM0NTY3ODkwfQ"
  }
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "etag": "v1:RBNvo1WzZ4oRRq0W9-hkng",
      "name": "my-worker-script",
      "tags": {
        "environment": "production",
        "team": "engineering"
      },
      "type": "access_application"
    }
  ],
  "result_info": {
    "count": 20,
    "cursor": "eyJhY2NvdW50X2lkIjoxMjM0NTY3ODkwfQ"
  }
}