Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Access
Certificates

Add an mTLS certificate

POST/{accounts_or_zones}/{account_or_zone_id}/access/certificates

Adds a new mTLS root certificate to Access.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Access: Mutual TLS Certificates Write
Path ParametersExpand Collapse
account_id: optional string

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: optional string

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Body ParametersJSONExpand Collapse
certificate: string

The certificate content.

name: string

The name of the certificate.

associated_hostnames: optional array of AssociatedHostnames

The hostnames of the applications that will use this certificate.

ReturnsExpand Collapse
errors: array of { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional { pointer }
pointer: optional string
messages: array of { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional Certificate { id, associated_hostnames, expires_on, 2 more }
id: optional string

The ID of the application that will use this certificate.

associated_hostnames: optional array of AssociatedHostnames

The hostnames of the applications that will use this certificate.

expires_on: optional string
formatdate-time
fingerprint: optional string

The MD5 fingerprint of the certificate.

name: optional string

The name of the certificate.

Add an mTLS certificate

curl https://api.cloudflare.com/client/v4/$ACCOUNTS_OR_ZONES/$ACCOUNT_OR_ZONE_ID/access/certificates \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    -d '{
          "certificate": "-----BEGIN CERTIFICATE-----\\nMIIGAjCCA+qgAwIBAgIJAI7kymlF7CWT...N4RI7KKB7nikiuUf8vhULKy5IX10\\nDrUtmu/B\\n-----END CERTIFICATE-----",
          "name": "Allow devs"
        }'
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "id",
    "associated_hostnames": [
      "admin.example.com"
    ],
    "created_at": "2014-01-01T05:20:00.12345Z",
    "expires_on": "2014-01-01T05:20:00.12345Z",
    "fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
    "name": "Allow devs",
    "updated_at": "2014-01-01T05:20:00.12345Z"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "id",
    "associated_hostnames": [
      "admin.example.com"
    ],
    "created_at": "2014-01-01T05:20:00.12345Z",
    "expires_on": "2014-01-01T05:20:00.12345Z",
    "fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
    "name": "Allow devs",
    "updated_at": "2014-01-01T05:20:00.12345Z"
  }
}