Skip to content
Cloudflare API
Start here
API Reference
Resource Tagging
Account Tags

Set tags for an account-level resource

PUT/accounts/{account_id}/tags

Creates or updates tags for a specific account-level resource.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Path ParametersExpand Collapse
account_id: string

Identifier.

maxLength32
minLength32
Header ParametersExpand Collapse
"If-Match": optional string
Body ParametersJSONExpand Collapse
body: object { resource_id, resource_type, worker_id, tags } or object { resource_id, resource_type, tags }

Request body schema for setting tags on account-level resources.

One of the following:
ResourceTaggingSetTagsRequestAccountLevelWorkerVersion object { resource_id, resource_type, worker_id, tags }

Request body schema for deleting tags from account-level resources.

resource_id: string

Identifies the unique resource.

resource_type: "access_application" or "access_group" or "account" or 17 more

Enum for base account-level resource types (those with no extra required fields).

One of the following:
"access_application"
"access_group"
"account"
"ai_gateway"
"alerting_policy"
"alerting_webhook"
"cloudflared_tunnel"
"d1_database"
"durable_object_namespace"
"gateway_list"
"gateway_rule"
"image"
"kv_namespace"
"queue"
"r2_bucket"
"resource_share"
"stream_live_input"
"stream_video"
"worker"
"worker_version"
worker_id: string

Worker ID is required only for worker_version resources

tags: optional map[string]

Contains key-value pairs of tags.

ResourceTaggingSetTagsRequestAccountLevelBase object { resource_id, resource_type, tags }

Request body schema for deleting tags from account-level resources.

resource_id: string

Identifies the unique resource.

resource_type: "access_application" or "access_group" or "account" or 16 more

Enum for base account-level resource types (those with no extra required fields).

One of the following:
"access_application"
"access_group"
"account"
"ai_gateway"
"alerting_policy"
"alerting_webhook"
"cloudflared_tunnel"
"d1_database"
"durable_object_namespace"
"gateway_list"
"gateway_rule"
"image"
"kv_namespace"
"queue"
"r2_bucket"
"resource_share"
"stream_live_input"
"stream_video"
"worker"
tags: optional map[string]

Contains key-value pairs of tags.

ReturnsExpand Collapse
errors: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
messages: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional object { id, etag, name, 2 more } or object { id, access_application_id, etag, 4 more } or object { id, etag, name, 2 more } or 24 more

Response for access_application resources

One of the following:
AccessApplication object { id, etag, name, 2 more }

Response for access_application resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_application"
AccessApplicationPolicy object { id, access_application_id, etag, 4 more }

Response for access_application_policy resources

id: string

Identifies the unique resource.

access_application_id: string

Access application ID is required only for access_application_policy resources

formatuuid
etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_application_policy"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
AccessGroup object { id, etag, name, 2 more }

Response for access_group resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "access_group"
Account object { id, etag, name, 2 more }

Response for account resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "account"
AIGateway object { id, etag, name, 2 more }

Response for ai_gateway resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "ai_gateway"
AlertingPolicy object { id, etag, name, 2 more }

Response for alerting_policy resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "alerting_policy"
AlertingWebhook object { id, etag, name, 2 more }

Response for alerting_webhook resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "alerting_webhook"
APIGatewayOperation object { id, etag, name, 3 more }

Response for api_gateway_operation resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "api_gateway_operation"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
CloudflaredTunnel object { id, etag, name, 2 more }

Response for cloudflared_tunnel resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "cloudflared_tunnel"
CustomCertificate object { id, etag, name, 3 more }

Response for custom_certificate resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "custom_certificate"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
CustomHostname object { id, etag, name, 3 more }

Response for custom_hostname resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "custom_hostname"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
D1Database object { id, etag, name, 2 more }

Response for d1_database resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "d1_database"
DNSRecord object { id, etag, name, 3 more }

Response for dns_record resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "dns_record"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
DurableObjectNamespace object { id, etag, name, 2 more }

Response for durable_object_namespace resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "durable_object_namespace"
GatewayList object { id, etag, name, 2 more }

Response for gateway_list resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "gateway_list"
GatewayRule object { id, etag, name, 2 more }

Response for gateway_rule resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "gateway_rule"
Image object { id, etag, name, 2 more }

Response for image resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "image"
KVNamespace object { id, etag, name, 2 more }

Response for kv_namespace resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "kv_namespace"
ManagedClientCertificate object { id, etag, name, 3 more }

Response for managed_client_certificate resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "managed_client_certificate"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
Queue object { id, etag, name, 2 more }

Response for queue resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "queue"
R2Bucket object { id, etag, name, 2 more }

Response for r2_bucket resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "r2_bucket"
ResourceShare object { id, etag, name, 2 more }

Response for resource_share resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "resource_share"
StreamLiveInput object { id, etag, name, 2 more }

Response for stream_live_input resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "stream_live_input"
StreamVideo object { id, etag, name, 2 more }

Response for stream_video resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "stream_video"
Worker object { id, etag, name, 2 more }

Response for worker resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "worker"
WorkerVersion object { id, etag, name, 3 more }

Response for worker_version resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "worker_version"
worker_id: string

Worker ID is required only for worker_version resources

Zone object { id, etag, name, 3 more }

Response for zone resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: map[string]

Contains key-value pairs of tags.

type: "zone"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32

Set tags for an account-level resource

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags \
    -X PUT \
    -H 'Content-Type: application/json' \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY" \
    -d '{
          "resource_id": "023e105f4ecef8ad9ca31a8372d0c353",
          "resource_type": "worker",
          "worker_id": "3f72a691-44b3-4c11-8642-c18a88ddaa5e",
          "tags": {
            "environment": "production",
            "team": "engineering"
          }
        }'
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "etag": "v1:RBNvo1WzZ4oRRq0W9-hkng",
    "name": "my-worker-script",
    "tags": {
      "environment": "production",
      "team": "engineering"
    },
    "type": "access_application"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "etag": "v1:RBNvo1WzZ4oRRq0W9-hkng",
    "name": "my-worker-script",
    "tags": {
      "environment": "production",
      "team": "engineering"
    },
    "type": "access_application"
  }
}