Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
DLP
Payload Logs

Set payload log settings

PUT/accounts/{account_id}/dlp/payload_log

Enables or disables payload logging for DLP matches. When enabled, matched content is stored for review.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Zero Trust Write
Path ParametersExpand Collapse
account_id: optional string
Body ParametersJSONExpand Collapse
masking_level: optional "full" or "partial" or "clear" or "default"

Masking level for payload logs.

  • full: The entire payload is masked.
  • partial: Only partial payload content is masked.
  • clear: No masking is applied to the payload content.
  • default: DLP uses its default masking behavior.
One of the following:
"full"
"partial"
"clear"
"default"
public_key: optional string

Base64-encoded public key for encrypting payload logs.

  • Set to null or empty string to disable payload logging.
  • Set to a non-empty base64 string to enable payload logging with the given key.

For customers with configurable payload masking feature rolled out:

  • If the field is missing, the existing setting will be kept. Note that this is different from setting to null or empty string.

For all other customers:

  • If the field is missing, the existing setting will be cleared.
ReturnsExpand Collapse
errors: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
messages: array of object { code, message, documentation_url, source }
code: number
minimum1000
message: string
documentation_url: optional string
source: optional object { pointer }
pointer: optional string
success: true

Whether the API call was successful.

result: optional object { updated_at, masking_level, public_key }
updated_at: string
formatdate-time
masking_level: optional "full" or "partial" or "clear" or "default"

Masking level for payload logs.

  • full: The entire payload is masked.
  • partial: Only partial payload content is masked.
  • clear: No masking is applied to the payload content.
  • default: DLP uses its default masking behavior.
One of the following:
"full"
"partial"
"clear"
"default"
public_key: optional string

Base64-encoded public key for encrypting payload logs. Null when payload logging is disabled.

Set payload log settings

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/dlp/payload_log \
    -X PUT \
    -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "updated_at": "2019-12-27T18:11:19.117Z",
    "masking_level": "full",
    "public_key": "public_key"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "updated_at": "2019-12-27T18:11:19.117Z",
    "masking_level": "full",
    "public_key": "public_key"
  }
}