Users

Get users

GET/accounts/{account_id}/access/users

Get a user

GET/accounts/{account_id}/access/users/{user_id}

Create a user

POST/accounts/{account_id}/access/users

Update a user

PUT/accounts/{account_id}/access/users/{user_id}

Delete a user

DELETE/accounts/{account_id}/access/users/{user_id}

ModelsExpand Collapse

AccessUser { id, active, displayName, 4 more }

id: optional string

The unique Cloudflare-generated Id of the SCIM resource.

active: optional boolean

Determines the status of the SCIM User resource.

displayName: optional string

The name of the SCIM User resource.

emails: optional array of { primary, type, value }

primary: optional boolean

Indicates if the email address is the primary email belonging to the SCIM User resource.

type: optional string

Indicates the type of the email address.

value: optional string

The email address of the SCIM User resource.

formatemail

externalId: optional string

The IdP-generated Id of the SCIM resource.

meta: optional { created, lastModified }

The metadata of the SCIM resource.

created: optional string

The timestamp of when the SCIM resource was created.

formatdate-time

lastModified: optional string

The timestamp of when the SCIM resource was last modified.

formatdate-time

schemas: optional array of string

The list of URIs which indicate the attributes contained within a SCIM resource.

UserListResponse { id, access_seat, active_device_count, 8 more }

id: optional string

UUID.

maxLength36

access_seat: optional boolean

True if the user has authenticated with Cloudflare Access.

active_device_count: optional number

The number of active devices registered to the user.

created_at: optional string

formatdate-time

email: optional string

The email of the user.

formatemail

gateway_seat: optional boolean

True if the user has logged into the WARP client.

last_successful_login: optional string

The time at which the user last successfully logged in.

formatdate-time

The name of the user.

seat_uid: optional string

The unique API identifier for the Zero Trust seat.

uid: optional string

The unique API identifier for the user.

updated_at: optional string

formatdate-time

UserGetResponse { id, access_seat, active_device_count, 8 more }

id: optional string

UUID.

maxLength36

access_seat: optional boolean

True if the user has authenticated with Cloudflare Access.

active_device_count: optional number

The number of active devices registered to the user.

created_at: optional string

formatdate-time

email: optional string

The email of the user.

formatemail

gateway_seat: optional boolean

True if the user has logged into the WARP client.

last_successful_login: optional string

The time at which the user last successfully logged in.

formatdate-time

The name of the user.

seat_uid: optional string

The unique API identifier for the Zero Trust seat.

uid: optional string

The unique API identifier for the user.

updated_at: optional string

formatdate-time

UserCreateResponse { id, access_seat, active_device_count, 8 more }

id: optional string

UUID.

maxLength36

access_seat: optional boolean

True if the user has authenticated with Cloudflare Access.

active_device_count: optional number

The number of active devices registered to the user.

created_at: optional string

formatdate-time

email: optional string

The email of the user.

formatemail

gateway_seat: optional boolean

True if the user has logged into the WARP client.

last_successful_login: optional string

The time at which the user last successfully logged in.

formatdate-time

The name of the user.

seat_uid: optional string

The unique API identifier for the Zero Trust seat.

uid: optional string

The unique API identifier for the user.

updated_at: optional string

formatdate-time

UserUpdateResponse { id, access_seat, active_device_count, 8 more }

id: optional string

UUID.

maxLength36

access_seat: optional boolean

True if the user has authenticated with Cloudflare Access.

active_device_count: optional number

The number of active devices registered to the user.

created_at: optional string

formatdate-time

email: optional string

The email of the user.

formatemail

gateway_seat: optional boolean

True if the user has logged into the WARP client.

last_successful_login: optional string

The time at which the user last successfully logged in.

formatdate-time

The name of the user.

seat_uid: optional string

The unique API identifier for the Zero Trust seat.

uid: optional string

The unique API identifier for the user.

updated_at: optional string

formatdate-time

UserDeleteResponse = unknown

UsersActive Sessions

Get active sessions

GET/accounts/{account_id}/access/users/{user_id}/active_sessions

Get single active session

GET/accounts/{account_id}/access/users/{user_id}/active_sessions/{nonce}

ModelsExpand Collapse

ActiveSessionListResponse { expiration, metadata, name }

expiration: optional number

metadata: optional { apps, expires, iat, 2 more }

apps: optional map[ { hostname, name, type, uid } ]

hostname: optional string

type: optional string

uid: optional string

expires: optional number

iat: optional number

nonce: optional string

ttl: optional number

ActiveSessionGetResponse { account_id, auth_status, common_name, 16 more }

account_id: optional string

auth_status: optional string

common_name: optional string

device_id: optional string

device_sessions: optional map[ { last_authenticated } ]

last_authenticated: optional number

devicePosture: optional map[ { id, check, data, 6 more } ]

id: optional string

check: optional { exists, path }

exists: optional boolean

path: optional string

data: optional unknown

description: optional string

error: optional string

rule_name: optional string

success: optional boolean

timestamp: optional string

type: optional string

email: optional string

geo: optional UserPolicyCheckGeo { country }

iat: optional number

idp: optional { id, type }

id: optional string

type: optional string

ip: optional string

is_gateway: optional boolean

is_warp: optional boolean

isActive: optional boolean

mtls_auth: optional { auth_status, cert_issuer_dn, cert_issuer_ski, 2 more }

auth_status: optional string

cert_issuer_dn: optional string

cert_issuer_ski: optional string

cert_presented: optional boolean

cert_serial: optional string

service_token_id: optional string

service_token_status: optional boolean

user_uuid: optional string

version: optional number

UsersLast Seen Identity

Get last seen identity

GET/accounts/{account_id}/access/users/{user_id}/last_seen_identity

ModelsExpand Collapse

Identity { account_id, auth_status, common_name, 15 more }

account_id: optional string

auth_status: optional string

common_name: optional string

device_id: optional string

device_sessions: optional map[ { last_authenticated } ]

last_authenticated: optional number

devicePosture: optional map[ { id, check, data, 6 more } ]

id: optional string

check: optional { exists, path }

exists: optional boolean

path: optional string

data: optional unknown

description: optional string

error: optional string

rule_name: optional string

success: optional boolean

timestamp: optional string

type: optional string

email: optional string

geo: optional UserPolicyCheckGeo { country }

iat: optional number

idp: optional { id, type }

id: optional string

type: optional string

ip: optional string

is_gateway: optional boolean

is_warp: optional boolean

mtls_auth: optional { auth_status, cert_issuer_dn, cert_issuer_ski, 2 more }

auth_status: optional string

cert_issuer_dn: optional string

cert_issuer_ski: optional string

cert_presented: optional boolean

cert_serial: optional string

service_token_id: optional string

service_token_status: optional boolean

user_uuid: optional string

version: optional number

UsersFailed Logins

Get failed logins

GET/accounts/{account_id}/access/users/{user_id}/failed_logins

ModelsExpand Collapse

FailedLoginListResponse { expiration, metadata }

expiration: optional number

metadata: optional unknown