# Vulnerability Scanner # Credential Sets ## List Credential Sets **get** `/accounts/{account_id}/vuln_scanner/credential_sets` Returns all credential sets for the account. ### Path Parameters - `account_id: optional string` Identifier. ### Query Parameters - `page: optional number` Page number of paginated results. - `per_page: optional number` Number of results per page. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. - `result_info: optional { count, page, per_page, 2 more }` - `count: optional number` Total number of results for the requested service. - `page: optional number` Current page within paginated list of results. - `per_page: optional number` Number of results per page of results. - `total_count: optional number` Total results available without any search parameters. - `total_pages: optional number` The number of total pages in the entire result set. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create Credential Set **post** `/accounts/{account_id}/vuln_scanner/credential_sets` Creates a new credential set. ### Path Parameters - `account_id: optional string` Identifier. ### Body Parameters - `name: string` Human-readable name. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "name": "Production API credentials" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" }, "result_info": {} } ``` ## Get Credential Set **get** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}` Returns a single credential set by ID. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" }, "result_info": {} } ``` ## Update Credential Set **put** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}` Replaces a credential set. All fields must be provided. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` ### Body Parameters - `name: string` Human-readable name. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID \ -X PUT \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "name": "Production API credentials" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" }, "result_info": {} } ``` ## Edit Credential Set **patch** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}` Updates a credential set with only the provided fields; omitted fields remain unchanged. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` ### Body Parameters - `name: optional string` Human-readable name. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID \ -X PATCH \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "name": "Production API credentials" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production API credentials" }, "result_info": {} } ``` ## Delete Credential Set **delete** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}` Deletes a credential set and all of its credentials. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional unknown` - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID \ -X DELETE \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {}, "result_info": {} } ``` ## Domain Types ### Credential Set List Response - `CredentialSetListResponse { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. ### Credential Set Create Response - `CredentialSetCreateResponse { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. ### Credential Set Get Response - `CredentialSetGetResponse { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. ### Credential Set Update Response - `CredentialSetUpdateResponse { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. ### Credential Set Edit Response - `CredentialSetEditResponse { id, name }` - `id: string` Credential set identifier. - `name: string` Human-readable name. ### Credential Set Delete Response - `CredentialSetDeleteResponse = unknown` # Credentials ## List Credentials **get** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials` Returns all credentials within a credential set. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` ### Query Parameters - `page: optional number` Page number of paginated results. - `per_page: optional number` Number of results per page. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, credential_set_id, location, 2 more }` - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. - `result_info: optional { count, page, per_page, 2 more }` - `count: optional number` Total number of results for the requested service. - `page: optional number` Current page within paginated list of results. - `per_page: optional number` Number of results per page of results. - `total_count: optional number` Total results available without any search parameters. - `total_pages: optional number` The number of total pages in the entire result set. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID/credentials \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create Credential **post** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials` Creates a new credential within a credential set. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` ### Body Parameters - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. - `value: string` The credential value (e.g. API key, session token). Write-only. Never returned in responses. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID/credentials \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "location": "header", "location_name": "Authorization", "name": "Admin API key", "value": "Bearer EXAMPLE_TOKEN" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" }, "result_info": {} } ``` ## Get Credential **get** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials/{credential_id}` Returns a single credential by ID. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` - `credential_id: string` ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID/credentials/$CREDENTIAL_ID \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" }, "result_info": {} } ``` ## Update Credential **put** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials/{credential_id}` Replaces a credential. All fields must be provided. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` - `credential_id: string` ### Body Parameters - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. - `value: string` The credential value. Write-only. Never returned in responses. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID/credentials/$CREDENTIAL_ID \ -X PUT \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "location": "header", "location_name": "Authorization", "name": "Admin API key", "value": "Bearer EXAMPLE_TOKEN" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" }, "result_info": {} } ``` ## Edit Credential **patch** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials/{credential_id}` Updates a credential with only the provided fields; omitted fields remain unchanged. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` - `credential_id: string` ### Body Parameters - `location: optional "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: optional string` Name of the header or cookie where the credential is attached. - `name: optional string` Human-readable name. - `value: optional string` The credential value. Write-only. Never returned in responses. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID/credentials/$CREDENTIAL_ID \ -X PATCH \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "location_name": "Authorization", "name": "Admin API key", "value": "Bearer EXAMPLE_TOKEN" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "credential_set_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "location": "header", "location_name": "Authorization", "name": "Admin API key" }, "result_info": {} } ``` ## Delete Credential **delete** `/accounts/{account_id}/vuln_scanner/credential_sets/{credential_set_id}/credentials/{credential_id}` Deletes a credential. ### Path Parameters - `account_id: optional string` Identifier. - `credential_set_id: string` - `credential_id: string` ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional unknown` - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/credential_sets/$CREDENTIAL_SET_ID/credentials/$CREDENTIAL_ID \ -X DELETE \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {}, "result_info": {} } ``` ## Domain Types ### Credential List Response - `CredentialListResponse { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. ### Credential Create Response - `CredentialCreateResponse { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. ### Credential Get Response - `CredentialGetResponse { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. ### Credential Update Response - `CredentialUpdateResponse { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. ### Credential Edit Response - `CredentialEditResponse { id, credential_set_id, location, 2 more }` A credential attached to API requests during scanning. The credential `value` is write-only and never returned in responses. - `id: string` Credential identifier. - `credential_set_id: string` Parent credential set identifier. - `location: "header" or "cookie"` Where the credential is attached in outgoing requests. - `"header"` - `"cookie"` - `location_name: string` Name of the header or cookie where the credential is attached. - `name: string` Human-readable name. ### Credential Delete Response - `CredentialDeleteResponse = unknown` # Scans ## List Scans **get** `/accounts/{account_id}/vuln_scanner/scans` Returns all scans for the account. ### Path Parameters - `account_id: optional string` Identifier. ### Query Parameters - `page: optional number` Page number of paginated results. - `per_page: optional number` Number of results per page. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, scan_type, status, 2 more }` - `id: string` Scan identifier. - `scan_type: "bola"` The type of vulnerability scan. - `"bola"` - `status: "created" or "scheduled" or "planning" or 3 more` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: string` The target environment this scan runs against. - `report: optional { report, report_schema_version }` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: { summary, tests }` Version 1 of the BOLA vulnerability scan report. - `summary: { verdict }` Summary of all steps and findings. - `verdict: "ok" or "warning" or "inconclusive"` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: array of { steps, verdict, preflight_errors }` List of tests that were run. - `steps: array of { assertions, errors, request, response }` Steps that were executed. - `assertions: array of { description, kind, observed, outcome }` Assertions that were made against the received response. - `description: string` Human-readable description of the assertion, explaining what was checked. - `kind: { parameters, type }` Kind of assertion. - `parameters: { max, min }` Range of HTTP status codes. - `max: number` Maximum (inclusive) status code of the range. - `min: number` Minimum (inclusive) status code of the range. - `type: "http_status_within_range"` - `"http_status_within_range"` - `observed: number` Observed value on which the assertion was made. - `outcome: "ok" or "fail" or "inconclusive"` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: optional array of { description, error_code }` Errors the step encountered that may explain absent or incomplete fields. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `request: optional { credential_set, header_names, method, 3 more }` HTTP request that was made, if any. - `credential_set: { id, role }` Credential set that was used. - `id: string` ID of the credential set. - `role: "owner" or "attacker"` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: array of string` Names of headers that were sent. - `method: "GET" or "DELETE" or "PATCH" or 2 more` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: string` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: array of { json_path, name }` Variable captures requested for this step. - `json_path: string` JSONPath expression used for capture, e.g. `"$.id"`. - `name: string` Variable name, e.g. `"resource_id"`. - `body: optional unknown` Request body, if any. - `response: optional { body, header_names, status, status_text }` HTTP response that was received, if any. - `body: { kind } or { contents, kind, truncated } or { contents, kind, truncated } or { contents, kind, truncated }` HTTP response body. - `Kind { kind }` No body was received. - `kind: "not_found"` - `"not_found"` - `{ contents, kind, truncated }` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: string` - `kind: "bytes"` - `"bytes"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid UTF-8 text but not valid JSON. - `contents: string` - `kind: "text"` - `"text"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid JSON. - `contents: string` - `kind: "json"` - `"json"` - `truncated: boolean` - `header_names: array of string` Names of headers that were received. - `status: number` HTTP status code. - `status_text: optional string` HTTP status text, if available for the status code. - `verdict: "ok" or "warning" or "inconclusive"` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: optional array of { description, error_code }` Errors that prevented step execution. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `report_schema_version: "v1"` Version of the report schema. - `"v1"` - `result_info: optional { count, page, per_page, 2 more }` - `count: optional number` Total number of results for the requested service. - `page: optional number` Current page within paginated list of results. - `per_page: optional number` Number of results per page of results. - `total_count: optional number` Total results available without any search parameters. - `total_pages: optional number` The number of total pages in the entire result set. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/scans \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "scan_type": "bola", "status": "created", "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "report": { "report": { "summary": { "verdict": "ok" }, "tests": [ { "steps": [ { "assertions": [ { "description": "description", "kind": { "parameters": { "max": 0, "min": 0 }, "type": "http_status_within_range" }, "observed": 0, "outcome": "ok" } ], "errors": [ { "description": "description", "error_code": 0 } ], "request": { "credential_set": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "owner" }, "header_names": [ "string" ], "method": "GET", "url": "https://example.com", "variable_captures": [ { "json_path": "json_path", "name": "name" } ], "body": {} }, "response": { "body": { "kind": "not_found" }, "header_names": [ "string" ], "status": 0, "status_text": "status_text" } } ], "verdict": "ok", "preflight_errors": [ { "description": "description", "error_code": 0 } ] } ] }, "report_schema_version": "v1" } } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create Scan **post** `/accounts/{account_id}/vuln_scanner/scans` Creates and starts a new vulnerability scan. The response may include non-fatal warnings in the `messages` array. ### Path Parameters - `account_id: optional string` Identifier. ### Body Parameters - `credential_sets: { attacker, owner }` Credential set references for a BOLA scan. The scanner uses the `owner` credentials for legitimate requests and the `attacker` credentials to attempt unauthorized access. - `attacker: string` Credential set ID for the attacker. - `owner: string` Credential set ID for the resource owner. - `open_api: string` OpenAPI schema definition for the API under test. The scanner uses this to discover endpoints and construct requests. - `scan_type: "bola"` - `"bola"` - `target_environment_id: string` The target environment to scan. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, scan_type, status, 2 more }` - `id: string` Scan identifier. - `scan_type: "bola"` The type of vulnerability scan. - `"bola"` - `status: "created" or "scheduled" or "planning" or 3 more` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: string` The target environment this scan runs against. - `report: optional { report, report_schema_version }` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: { summary, tests }` Version 1 of the BOLA vulnerability scan report. - `summary: { verdict }` Summary of all steps and findings. - `verdict: "ok" or "warning" or "inconclusive"` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: array of { steps, verdict, preflight_errors }` List of tests that were run. - `steps: array of { assertions, errors, request, response }` Steps that were executed. - `assertions: array of { description, kind, observed, outcome }` Assertions that were made against the received response. - `description: string` Human-readable description of the assertion, explaining what was checked. - `kind: { parameters, type }` Kind of assertion. - `parameters: { max, min }` Range of HTTP status codes. - `max: number` Maximum (inclusive) status code of the range. - `min: number` Minimum (inclusive) status code of the range. - `type: "http_status_within_range"` - `"http_status_within_range"` - `observed: number` Observed value on which the assertion was made. - `outcome: "ok" or "fail" or "inconclusive"` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: optional array of { description, error_code }` Errors the step encountered that may explain absent or incomplete fields. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `request: optional { credential_set, header_names, method, 3 more }` HTTP request that was made, if any. - `credential_set: { id, role }` Credential set that was used. - `id: string` ID of the credential set. - `role: "owner" or "attacker"` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: array of string` Names of headers that were sent. - `method: "GET" or "DELETE" or "PATCH" or 2 more` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: string` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: array of { json_path, name }` Variable captures requested for this step. - `json_path: string` JSONPath expression used for capture, e.g. `"$.id"`. - `name: string` Variable name, e.g. `"resource_id"`. - `body: optional unknown` Request body, if any. - `response: optional { body, header_names, status, status_text }` HTTP response that was received, if any. - `body: { kind } or { contents, kind, truncated } or { contents, kind, truncated } or { contents, kind, truncated }` HTTP response body. - `Kind { kind }` No body was received. - `kind: "not_found"` - `"not_found"` - `{ contents, kind, truncated }` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: string` - `kind: "bytes"` - `"bytes"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid UTF-8 text but not valid JSON. - `contents: string` - `kind: "text"` - `"text"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid JSON. - `contents: string` - `kind: "json"` - `"json"` - `truncated: boolean` - `header_names: array of string` Names of headers that were received. - `status: number` HTTP status code. - `status_text: optional string` HTTP status text, if available for the status code. - `verdict: "ok" or "warning" or "inconclusive"` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: optional array of { description, error_code }` Errors that prevented step execution. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `report_schema_version: "v1"` Version of the report schema. - `"v1"` - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/scans \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "credential_sets": { "attacker": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "owner": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" }, "open_api": "open_api", "scan_type": "bola", "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "scan_type": "bola", "status": "created", "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "report": { "report": { "summary": { "verdict": "ok" }, "tests": [ { "steps": [ { "assertions": [ { "description": "description", "kind": { "parameters": { "max": 0, "min": 0 }, "type": "http_status_within_range" }, "observed": 0, "outcome": "ok" } ], "errors": [ { "description": "description", "error_code": 0 } ], "request": { "credential_set": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "owner" }, "header_names": [ "string" ], "method": "GET", "url": "https://example.com", "variable_captures": [ { "json_path": "json_path", "name": "name" } ], "body": {} }, "response": { "body": { "kind": "not_found" }, "header_names": [ "string" ], "status": 0, "status_text": "status_text" } } ], "verdict": "ok", "preflight_errors": [ { "description": "description", "error_code": 0 } ] } ] }, "report_schema_version": "v1" } }, "result_info": {} } ``` ## Get Scan **get** `/accounts/{account_id}/vuln_scanner/scans/{scan_id}` Returns a single scan by ID. ### Path Parameters - `account_id: optional string` Identifier. - `scan_id: string` ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, scan_type, status, 2 more }` - `id: string` Scan identifier. - `scan_type: "bola"` The type of vulnerability scan. - `"bola"` - `status: "created" or "scheduled" or "planning" or 3 more` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: string` The target environment this scan runs against. - `report: optional { report, report_schema_version }` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: { summary, tests }` Version 1 of the BOLA vulnerability scan report. - `summary: { verdict }` Summary of all steps and findings. - `verdict: "ok" or "warning" or "inconclusive"` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: array of { steps, verdict, preflight_errors }` List of tests that were run. - `steps: array of { assertions, errors, request, response }` Steps that were executed. - `assertions: array of { description, kind, observed, outcome }` Assertions that were made against the received response. - `description: string` Human-readable description of the assertion, explaining what was checked. - `kind: { parameters, type }` Kind of assertion. - `parameters: { max, min }` Range of HTTP status codes. - `max: number` Maximum (inclusive) status code of the range. - `min: number` Minimum (inclusive) status code of the range. - `type: "http_status_within_range"` - `"http_status_within_range"` - `observed: number` Observed value on which the assertion was made. - `outcome: "ok" or "fail" or "inconclusive"` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: optional array of { description, error_code }` Errors the step encountered that may explain absent or incomplete fields. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `request: optional { credential_set, header_names, method, 3 more }` HTTP request that was made, if any. - `credential_set: { id, role }` Credential set that was used. - `id: string` ID of the credential set. - `role: "owner" or "attacker"` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: array of string` Names of headers that were sent. - `method: "GET" or "DELETE" or "PATCH" or 2 more` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: string` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: array of { json_path, name }` Variable captures requested for this step. - `json_path: string` JSONPath expression used for capture, e.g. `"$.id"`. - `name: string` Variable name, e.g. `"resource_id"`. - `body: optional unknown` Request body, if any. - `response: optional { body, header_names, status, status_text }` HTTP response that was received, if any. - `body: { kind } or { contents, kind, truncated } or { contents, kind, truncated } or { contents, kind, truncated }` HTTP response body. - `Kind { kind }` No body was received. - `kind: "not_found"` - `"not_found"` - `{ contents, kind, truncated }` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: string` - `kind: "bytes"` - `"bytes"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid UTF-8 text but not valid JSON. - `contents: string` - `kind: "text"` - `"text"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid JSON. - `contents: string` - `kind: "json"` - `"json"` - `truncated: boolean` - `header_names: array of string` Names of headers that were received. - `status: number` HTTP status code. - `status_text: optional string` HTTP status text, if available for the status code. - `verdict: "ok" or "warning" or "inconclusive"` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: optional array of { description, error_code }` Errors that prevented step execution. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `report_schema_version: "v1"` Version of the report schema. - `"v1"` - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/scans/$SCAN_ID \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "scan_type": "bola", "status": "created", "target_environment_id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "report": { "report": { "summary": { "verdict": "ok" }, "tests": [ { "steps": [ { "assertions": [ { "description": "description", "kind": { "parameters": { "max": 0, "min": 0 }, "type": "http_status_within_range" }, "observed": 0, "outcome": "ok" } ], "errors": [ { "description": "description", "error_code": 0 } ], "request": { "credential_set": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "owner" }, "header_names": [ "string" ], "method": "GET", "url": "https://example.com", "variable_captures": [ { "json_path": "json_path", "name": "name" } ], "body": {} }, "response": { "body": { "kind": "not_found" }, "header_names": [ "string" ], "status": 0, "status_text": "status_text" } } ], "verdict": "ok", "preflight_errors": [ { "description": "description", "error_code": 0 } ] } ] }, "report_schema_version": "v1" } }, "result_info": {} } ``` ## Domain Types ### Scan List Response - `ScanListResponse { id, scan_type, status, 2 more }` - `id: string` Scan identifier. - `scan_type: "bola"` The type of vulnerability scan. - `"bola"` - `status: "created" or "scheduled" or "planning" or 3 more` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: string` The target environment this scan runs against. - `report: optional { report, report_schema_version }` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: { summary, tests }` Version 1 of the BOLA vulnerability scan report. - `summary: { verdict }` Summary of all steps and findings. - `verdict: "ok" or "warning" or "inconclusive"` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: array of { steps, verdict, preflight_errors }` List of tests that were run. - `steps: array of { assertions, errors, request, response }` Steps that were executed. - `assertions: array of { description, kind, observed, outcome }` Assertions that were made against the received response. - `description: string` Human-readable description of the assertion, explaining what was checked. - `kind: { parameters, type }` Kind of assertion. - `parameters: { max, min }` Range of HTTP status codes. - `max: number` Maximum (inclusive) status code of the range. - `min: number` Minimum (inclusive) status code of the range. - `type: "http_status_within_range"` - `"http_status_within_range"` - `observed: number` Observed value on which the assertion was made. - `outcome: "ok" or "fail" or "inconclusive"` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: optional array of { description, error_code }` Errors the step encountered that may explain absent or incomplete fields. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `request: optional { credential_set, header_names, method, 3 more }` HTTP request that was made, if any. - `credential_set: { id, role }` Credential set that was used. - `id: string` ID of the credential set. - `role: "owner" or "attacker"` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: array of string` Names of headers that were sent. - `method: "GET" or "DELETE" or "PATCH" or 2 more` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: string` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: array of { json_path, name }` Variable captures requested for this step. - `json_path: string` JSONPath expression used for capture, e.g. `"$.id"`. - `name: string` Variable name, e.g. `"resource_id"`. - `body: optional unknown` Request body, if any. - `response: optional { body, header_names, status, status_text }` HTTP response that was received, if any. - `body: { kind } or { contents, kind, truncated } or { contents, kind, truncated } or { contents, kind, truncated }` HTTP response body. - `Kind { kind }` No body was received. - `kind: "not_found"` - `"not_found"` - `{ contents, kind, truncated }` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: string` - `kind: "bytes"` - `"bytes"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid UTF-8 text but not valid JSON. - `contents: string` - `kind: "text"` - `"text"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid JSON. - `contents: string` - `kind: "json"` - `"json"` - `truncated: boolean` - `header_names: array of string` Names of headers that were received. - `status: number` HTTP status code. - `status_text: optional string` HTTP status text, if available for the status code. - `verdict: "ok" or "warning" or "inconclusive"` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: optional array of { description, error_code }` Errors that prevented step execution. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `report_schema_version: "v1"` Version of the report schema. - `"v1"` ### Scan Create Response - `ScanCreateResponse { id, scan_type, status, 2 more }` - `id: string` Scan identifier. - `scan_type: "bola"` The type of vulnerability scan. - `"bola"` - `status: "created" or "scheduled" or "planning" or 3 more` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: string` The target environment this scan runs against. - `report: optional { report, report_schema_version }` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: { summary, tests }` Version 1 of the BOLA vulnerability scan report. - `summary: { verdict }` Summary of all steps and findings. - `verdict: "ok" or "warning" or "inconclusive"` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: array of { steps, verdict, preflight_errors }` List of tests that were run. - `steps: array of { assertions, errors, request, response }` Steps that were executed. - `assertions: array of { description, kind, observed, outcome }` Assertions that were made against the received response. - `description: string` Human-readable description of the assertion, explaining what was checked. - `kind: { parameters, type }` Kind of assertion. - `parameters: { max, min }` Range of HTTP status codes. - `max: number` Maximum (inclusive) status code of the range. - `min: number` Minimum (inclusive) status code of the range. - `type: "http_status_within_range"` - `"http_status_within_range"` - `observed: number` Observed value on which the assertion was made. - `outcome: "ok" or "fail" or "inconclusive"` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: optional array of { description, error_code }` Errors the step encountered that may explain absent or incomplete fields. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `request: optional { credential_set, header_names, method, 3 more }` HTTP request that was made, if any. - `credential_set: { id, role }` Credential set that was used. - `id: string` ID of the credential set. - `role: "owner" or "attacker"` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: array of string` Names of headers that were sent. - `method: "GET" or "DELETE" or "PATCH" or 2 more` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: string` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: array of { json_path, name }` Variable captures requested for this step. - `json_path: string` JSONPath expression used for capture, e.g. `"$.id"`. - `name: string` Variable name, e.g. `"resource_id"`. - `body: optional unknown` Request body, if any. - `response: optional { body, header_names, status, status_text }` HTTP response that was received, if any. - `body: { kind } or { contents, kind, truncated } or { contents, kind, truncated } or { contents, kind, truncated }` HTTP response body. - `Kind { kind }` No body was received. - `kind: "not_found"` - `"not_found"` - `{ contents, kind, truncated }` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: string` - `kind: "bytes"` - `"bytes"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid UTF-8 text but not valid JSON. - `contents: string` - `kind: "text"` - `"text"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid JSON. - `contents: string` - `kind: "json"` - `"json"` - `truncated: boolean` - `header_names: array of string` Names of headers that were received. - `status: number` HTTP status code. - `status_text: optional string` HTTP status text, if available for the status code. - `verdict: "ok" or "warning" or "inconclusive"` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: optional array of { description, error_code }` Errors that prevented step execution. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `report_schema_version: "v1"` Version of the report schema. - `"v1"` ### Scan Get Response - `ScanGetResponse { id, scan_type, status, 2 more }` - `id: string` Scan identifier. - `scan_type: "bola"` The type of vulnerability scan. - `"bola"` - `status: "created" or "scheduled" or "planning" or 3 more` Current lifecycle status of the scan. - `"created"` - `"scheduled"` - `"planning"` - `"running"` - `"finished"` - `"failed"` - `target_environment_id: string` The target environment this scan runs against. - `report: optional { report, report_schema_version }` Vulnerability report produced after the scan completes. The shape depends on the scan type. Present only for finished scans. - `report: { summary, tests }` Version 1 of the BOLA vulnerability scan report. - `summary: { verdict }` Summary of all steps and findings. - `verdict: "ok" or "warning" or "inconclusive"` Overall verdict of the vulnerability scan. - `"ok"` - `"warning"` - `"inconclusive"` - `tests: array of { steps, verdict, preflight_errors }` List of tests that were run. - `steps: array of { assertions, errors, request, response }` Steps that were executed. - `assertions: array of { description, kind, observed, outcome }` Assertions that were made against the received response. - `description: string` Human-readable description of the assertion, explaining what was checked. - `kind: { parameters, type }` Kind of assertion. - `parameters: { max, min }` Range of HTTP status codes. - `max: number` Maximum (inclusive) status code of the range. - `min: number` Minimum (inclusive) status code of the range. - `type: "http_status_within_range"` - `"http_status_within_range"` - `observed: number` Observed value on which the assertion was made. - `outcome: "ok" or "fail" or "inconclusive"` Outcome of the assertion. - `"ok"` - `"fail"` - `"inconclusive"` - `errors: optional array of { description, error_code }` Errors the step encountered that may explain absent or incomplete fields. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `request: optional { credential_set, header_names, method, 3 more }` HTTP request that was made, if any. - `credential_set: { id, role }` Credential set that was used. - `id: string` ID of the credential set. - `role: "owner" or "attacker"` Role of the credential set. - `"owner"` - `"attacker"` - `header_names: array of string` Names of headers that were sent. - `method: "GET" or "DELETE" or "PATCH" or 2 more` HTTP method. - `"GET"` - `"DELETE"` - `"PATCH"` - `"POST"` - `"PUT"` - `url: string` Exact and full URL (including host, query parameters) that was requested. - `variable_captures: array of { json_path, name }` Variable captures requested for this step. - `json_path: string` JSONPath expression used for capture, e.g. `"$.id"`. - `name: string` Variable name, e.g. `"resource_id"`. - `body: optional unknown` Request body, if any. - `response: optional { body, header_names, status, status_text }` HTTP response that was received, if any. - `body: { kind } or { contents, kind, truncated } or { contents, kind, truncated } or { contents, kind, truncated }` HTTP response body. - `Kind { kind }` No body was received. - `kind: "not_found"` - `"not_found"` - `{ contents, kind, truncated }` Body received but unable to read as UTF-8. Raw bytes, base64-encoded. - `contents: string` - `kind: "bytes"` - `"bytes"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid UTF-8 text but not valid JSON. - `contents: string` - `kind: "text"` - `"text"` - `truncated: boolean` - `{ contents, kind, truncated }` Body received as valid JSON. - `contents: string` - `kind: "json"` - `"json"` - `truncated: boolean` - `header_names: array of string` Names of headers that were received. - `status: number` HTTP status code. - `status_text: optional string` HTTP status text, if available for the status code. - `verdict: "ok" or "warning" or "inconclusive"` Verdict of this single test. - `"ok"` - `"warning"` - `"inconclusive"` - `preflight_errors: optional array of { description, error_code }` Errors that prevented step execution. - `description: string` Human-readable error description. - `error_code: optional number` Numeric error code identifying the class of error, if available. - `report_schema_version: "v1"` Version of the report schema. - `"v1"` # Target Environments ## List Target Environments **get** `/accounts/{account_id}/vuln_scanner/target_environments` Returns all target environments for the account. ### Path Parameters - `account_id: optional string` Identifier. ### Query Parameters - `page: optional number` Page number of paginated results. - `per_page: optional number` Number of results per page. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional array of { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. - `result_info: optional { count, page, per_page, 2 more }` - `count: optional number` Total number of results for the requested service. - `page: optional number` Current page within paginated list of results. - `per_page: optional number` Number of results per page of results. - `total_count: optional number` Total results available without any search parameters. - `total_pages: optional number` The number of total pages in the entire result set. ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/target_environments \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 } } ``` ## Create Target Environment **post** `/accounts/{account_id}/vuln_scanner/target_environments` Creates a new target environment for the account. ### Path Parameters - `account_id: optional string` Identifier. ### Body Parameters - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/target_environments \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }, "result_info": {} } ``` ## Get Target Environment **get** `/accounts/{account_id}/vuln_scanner/target_environments/{target_environment_id}` Returns a single target environment by ID. ### Path Parameters - `account_id: optional string` Identifier. - `target_environment_id: string` ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/target_environments/$TARGET_ENVIRONMENT_ID \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }, "result_info": {} } ``` ## Update Target Environment **put** `/accounts/{account_id}/vuln_scanner/target_environments/{target_environment_id}` Replaces a target environment. All fields must be provided. ### Path Parameters - `account_id: optional string` Identifier. - `target_environment_id: string` ### Body Parameters - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/target_environments/$TARGET_ENVIRONMENT_ID \ -X PUT \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }, "result_info": {} } ``` ## Edit Target Environment **patch** `/accounts/{account_id}/vuln_scanner/target_environments/{target_environment_id}` Updates a target environment with only the provided fields; omitted fields remain unchanged. ### Path Parameters - `account_id: optional string` Identifier. - `target_environment_id: string` ### Body Parameters - `description: optional string` Optional description. Omit to leave unchanged, set to `null` to clear, or provide a string to update. - `name: optional string` Human-readable name. - `target: optional { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/target_environments/$TARGET_ENVIRONMENT_ID \ -X PATCH \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -d '{ "description": "Main production environment", "name": "Production Zone" }' ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "name": "Production Zone", "target": { "type": "zone", "zone_tag": "d8e8fca2dc0f896fd7cb4cb0031ba249" }, "description": "Main production environment" }, "result_info": {} } ``` ## Delete Target Environment **delete** `/accounts/{account_id}/vuln_scanner/target_environments/{target_environment_id}` Removes a target environment. ### Path Parameters - `account_id: optional string` Identifier. - `target_environment_id: string` ### Returns - `errors: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `messages: array of { code, message, documentation_url, source }` - `code: number` - `message: string` - `documentation_url: optional string` - `source: optional { pointer }` - `pointer: optional string` - `success: true` Whether the API call was successful. - `true` - `result: optional unknown` - `result_info: optional unknown` ### Example ```http curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/vuln_scanner/target_environments/$TARGET_ENVIRONMENT_ID \ -X DELETE \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": {}, "result_info": {} } ``` ## Domain Types ### Target Environment List Response - `TargetEnvironmentListResponse { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. ### Target Environment Create Response - `TargetEnvironmentCreateResponse { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. ### Target Environment Get Response - `TargetEnvironmentGetResponse { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. ### Target Environment Update Response - `TargetEnvironmentUpdateResponse { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. ### Target Environment Edit Response - `TargetEnvironmentEditResponse { id, name, target, description }` - `id: string` Target environment identifier. - `name: string` Human-readable name. - `target: { type, zone_tag }` Identifies the Cloudflare asset to scan. Uses a `type` discriminator. Currently the service supports only `zone` targets. - `type: "zone"` - `"zone"` - `zone_tag: string` Cloudflare zone tag. The zone must belong to the account. - `description: optional string` Optional description providing additional context. ### Target Environment Delete Response - `TargetEnvironmentDeleteResponse = unknown`