Skip to content
Cloudflare API
Start here
API Reference

API Gateway

API GatewayConfigurations

resource cloudflare_api_shield

required Expand Collapse
zone_id: String

Identifier.

auth_id_characteristics: List[Attributes]
name: String

The name of the characteristic field, i.e., the header or cookie name.

type: String

The type of characteristic.

computed Expand Collapse
id: String

Identifier.

cloudflare_api_shield

resource "cloudflare_api_shield" "example_api_shield" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  auth_id_characteristics = [{
    name = "authorization"
    type = "header"
  }]
}

data cloudflare_api_shield

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
normalize?: Bool

Ensures that the configuration is written or retrieved in normalized fashion

computed Expand Collapse
id: String

Identifier.

auth_id_characteristics: List[Attributes]
name: String

The name of the characteristic field, i.e., the header or cookie name.

type: String

The type of characteristic.

cloudflare_api_shield

data "cloudflare_api_shield" "example_api_shield" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  normalize = true
}

API GatewayDiscoveryOperations

resource cloudflare_api_shield_discovery_operation

required Expand Collapse
operation_id: String

UUID.

zone_id: String

Identifier.

optional Expand Collapse
state?: String

Mark state of operation in API Discovery

  • review - Mark operation as for review
  • ignored - Mark operation as ignored
computed Expand Collapse
id: String

UUID.

cloudflare_api_shield_discovery_operation

resource "cloudflare_api_shield_discovery_operation" "example_api_shield_discovery_operation" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  operation_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
  state = "review"
}

data cloudflare_api_shield_discovery_operations

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
diff?: Bool

When true, only return API Discovery results that are not saved into API Shield Endpoint Management

direction?: String

Direction to order results.

endpoint?: String

Filter results to only include endpoints containing this pattern.

order?: String

Field to order by

origin?: String

Filter results to only include discovery results sourced from a particular discovery engine

  • ML - Discovered operations that were sourced using ML API Discovery
  • SessionIdentifier - Discovered operations that were sourced using Session Identifier API Discovery
state?: String

Filter results to only include discovery results in a particular state. States are as follows

  • review - Discovered operations that are not saved into API Shield Endpoint Management
  • saved - Discovered operations that are already saved into API Shield Endpoint Management
  • ignored - Discovered operations that have been marked as ignored
host?: List[String]

Filter results to only include the specified hosts.

method?: List[String]

Filter results to only include the specified HTTP methods.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

UUID.

endpoint: String

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

host: String

RFC3986-compliant host.

last_updated: Time
method: String

The HTTP method used to access the endpoint.

origin: List[String]

API discovery engine(s) that discovered this operation

state: String

State of operation in API Discovery

  • review - Operation is not saved into API Shield Endpoint Management
  • saved - Operation is saved into API Shield Endpoint Management
  • ignored - Operation is marked as ignored
features: Attributes
traffic_stats: Attributes
last_updated: Time
period_seconds: Int64

The period in seconds these statistics were computed over

requests: Float64

The average number of requests seen during this period

cloudflare_api_shield_discovery_operations

data "cloudflare_api_shield_discovery_operations" "example_api_shield_discovery_operations" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  diff = true
  direction = "desc"
  endpoint = "/api/v1"
  host = ["api.cloudflare.com"]
  method = ["GET"]
  order = "method"
  origin = "ML"
  state = "review"
}

API GatewayOperations

resource cloudflare_api_shield_operation

required Expand Collapse
zone_id: String

Identifier.

endpoint: String

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

host: String

RFC3986-compliant host.

method: String

The HTTP method used to access the endpoint.

computed Expand Collapse
id: String

UUID.

operation_id: String

UUID.

last_updated: Time
features: Attributes
thresholds: Attributes
auth_id_tokens: Int64

The total number of auth-ids seen across this calculation.

data_points: Int64

The number of data points used for the threshold suggestion calculation.

last_updated: Time
p50: Int64

The p50 quantile of requests (in period_seconds).

p90: Int64

The p90 quantile of requests (in period_seconds).

p99: Int64

The p99 quantile of requests (in period_seconds).

period_seconds: Int64

The period over which this threshold is suggested.

requests: Int64

The estimated number of requests covered by these calculations.

suggested_threshold: Int64

The suggested threshold in requests done by the same auth_id or period_seconds.

parameter_schemas: Attributes
last_updated: Time
parameter_schemas: Attributes

An operation schema object containing a response.

parameters: List[JSON]

An array containing the learned parameter schemas.

responses: JSON

An empty response object. This field is required to yield a valid operation schema.

api_routing: Attributes

API Routing settings on endpoint.

last_updated: Time
route: String

Target route.

confidence_intervals: Attributes
last_updated: Time
suggested_threshold: Attributes
confidence_intervals: Attributes
p90: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

p95: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

p99: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

mean: Float64

Suggested threshold.

schema_info: Attributes
active_schema: Attributes

Schema active on endpoint.

id: String

UUID.

created_at: Time
is_learned: Bool

True if schema is Cloudflare-provided.

name: String

Schema file name.

learned_available: Bool

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: String

Action taken on requests failing validation.

cloudflare_api_shield_operation

resource "cloudflare_api_shield_operation" "example_api_shield_operation" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  endpoint = "/api/v1/users/{var1}"
  host = "www.example.com"
  method = "GET"
}

data cloudflare_api_shield_operation

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
operation_id?: String

UUID.

feature?: List[String]

Add feature(s) to the results. The feature name that is given here corresponds to the resulting feature object. Have a look at the top-level object description for more details on the specific meaning.

filter?: Attributes
direction?: String

Direction to order results.

endpoint?: String

Filter results to only include endpoints containing this pattern.

feature?: List[String]

Add feature(s) to the results. The feature name that is given here corresponds to the resulting feature object. Have a look at the top-level object description for more details on the specific meaning.

host?: List[String]

Filter results to only include the specified hosts.

method?: List[String]

Filter results to only include the specified HTTP methods.

order?: String

Field to order by. When requesting a feature, the feature keys are available for ordering as well, e.g., thresholds.suggested_threshold.

computed Expand Collapse
id: String

UUID.

endpoint: String

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

host: String

RFC3986-compliant host.

last_updated: Time
method: String

The HTTP method used to access the endpoint.

features: Attributes
thresholds: Attributes
auth_id_tokens: Int64

The total number of auth-ids seen across this calculation.

data_points: Int64

The number of data points used for the threshold suggestion calculation.

last_updated: Time
p50: Int64

The p50 quantile of requests (in period_seconds).

p90: Int64

The p90 quantile of requests (in period_seconds).

p99: Int64

The p99 quantile of requests (in period_seconds).

period_seconds: Int64

The period over which this threshold is suggested.

requests: Int64

The estimated number of requests covered by these calculations.

suggested_threshold: Int64

The suggested threshold in requests done by the same auth_id or period_seconds.

parameter_schemas: Attributes
last_updated: Time
parameter_schemas: Attributes

An operation schema object containing a response.

parameters: List[JSON]

An array containing the learned parameter schemas.

responses: JSON

An empty response object. This field is required to yield a valid operation schema.

api_routing: Attributes

API Routing settings on endpoint.

last_updated: Time
route: String

Target route.

confidence_intervals: Attributes
last_updated: Time
suggested_threshold: Attributes
confidence_intervals: Attributes
p90: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

p95: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

p99: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

mean: Float64

Suggested threshold.

schema_info: Attributes
active_schema: Attributes

Schema active on endpoint.

id: String

UUID.

created_at: Time
is_learned: Bool

True if schema is Cloudflare-provided.

name: String

Schema file name.

learned_available: Bool

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: String

Action taken on requests failing validation.

cloudflare_api_shield_operation

data "cloudflare_api_shield_operation" "example_api_shield_operation" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  operation_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
  feature = ["thresholds"]
}

data cloudflare_api_shield_operations

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
direction?: String

Direction to order results.

endpoint?: String

Filter results to only include endpoints containing this pattern.

order?: String

Field to order by. When requesting a feature, the feature keys are available for ordering as well, e.g., thresholds.suggested_threshold.

feature?: List[String]

Add feature(s) to the results. The feature name that is given here corresponds to the resulting feature object. Have a look at the top-level object description for more details on the specific meaning.

host?: List[String]

Filter results to only include the specified hosts.

method?: List[String]

Filter results to only include the specified HTTP methods.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

UUID.

endpoint: String

The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/.

host: String

RFC3986-compliant host.

last_updated: Time
method: String

The HTTP method used to access the endpoint.

operation_id: String

UUID.

features: Attributes
thresholds: Attributes
auth_id_tokens: Int64

The total number of auth-ids seen across this calculation.

data_points: Int64

The number of data points used for the threshold suggestion calculation.

last_updated: Time
p50: Int64

The p50 quantile of requests (in period_seconds).

p90: Int64

The p90 quantile of requests (in period_seconds).

p99: Int64

The p99 quantile of requests (in period_seconds).

period_seconds: Int64

The period over which this threshold is suggested.

requests: Int64

The estimated number of requests covered by these calculations.

suggested_threshold: Int64

The suggested threshold in requests done by the same auth_id or period_seconds.

parameter_schemas: Attributes
last_updated: Time
parameter_schemas: Attributes

An operation schema object containing a response.

parameters: List[JSON]

An array containing the learned parameter schemas.

responses: JSON

An empty response object. This field is required to yield a valid operation schema.

api_routing: Attributes

API Routing settings on endpoint.

last_updated: Time
route: String

Target route.

confidence_intervals: Attributes
last_updated: Time
suggested_threshold: Attributes
confidence_intervals: Attributes
p90: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

p95: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

p99: Attributes

Upper and lower bound for percentile estimate

lower: Float64

Lower bound for percentile estimate

upper: Float64

Upper bound for percentile estimate

mean: Float64

Suggested threshold.

schema_info: Attributes
active_schema: Attributes

Schema active on endpoint.

id: String

UUID.

created_at: Time
is_learned: Bool

True if schema is Cloudflare-provided.

name: String

Schema file name.

learned_available: Bool

True if a Cloudflare-provided learned schema is available for this endpoint.

mitigation_action: String

Action taken on requests failing validation.

cloudflare_api_shield_operations

data "cloudflare_api_shield_operations" "example_api_shield_operations" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  direction = "desc"
  endpoint = "/api/v1"
  feature = ["thresholds"]
  host = ["api.cloudflare.com"]
  method = ["GET"]
  order = "method"
}

API GatewayOperationsSchema Validation

resource cloudflare_api_shield_operation_schema_validation_settings

required Expand Collapse
operation_id: String

UUID.

zone_id: String

Identifier.

optional Expand Collapse
mitigation_action?: String

When set, this applies a mitigation action to this operation

  • log log request when request does not conform to schema for this operation
  • block deny access to the site when request does not conform to schema for this operation
  • none will skip mitigation for this operation
  • null indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied
computed Expand Collapse
id: String

UUID.

cloudflare_api_shield_operation_schema_validation_settings

resource "cloudflare_api_shield_operation_schema_validation_settings" "example_api_shield_operation_schema_validation_settings" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  operation_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
  mitigation_action = "block"
}

data cloudflare_api_shield_operation_schema_validation_settings

required Expand Collapse
operation_id: String

UUID.

zone_id: String

Identifier.

computed Expand Collapse
mitigation_action: String

When set, this applies a mitigation action to this operation

  • log log request when request does not conform to schema for this operation
  • block deny access to the site when request does not conform to schema for this operation
  • none will skip mitigation for this operation
  • null indicates that no operation level mitigation is in place, see Zone Level Schema Validation Settings for mitigation action that will be applied

cloudflare_api_shield_operation_schema_validation_settings

data "cloudflare_api_shield_operation_schema_validation_settings" "example_api_shield_operation_schema_validation_settings" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  operation_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
}

API GatewaySettingsSchema Validation

resource cloudflare_api_shield_schema_validation_settings

required Expand Collapse
zone_id: String

Identifier.

validation_default_mitigation_action: String

The default mitigation action used when there is no mitigation action defined on the operation

Mitigation actions are as follows:

  • log - log request when request does not conform to schema
  • block - deny access to the site when request does not conform to schema

A special value of of none will skip running schema validation entirely for the request when there is no mitigation action defined on the operation

optional Expand Collapse
validation_override_mitigation_action?: String

When set, this overrides both zone level and operation level mitigation actions.

  • none will skip running schema validation entirely for the request
  • null indicates that no override is in place

To clear any override, use the special value disable_override or null

computed Expand Collapse
id: String

Identifier.

cloudflare_api_shield_schema_validation_settings

resource "cloudflare_api_shield_schema_validation_settings" "example_api_shield_schema_validation_settings" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  validation_default_mitigation_action = "block"
  validation_override_mitigation_action = "none"
}

data cloudflare_api_shield_schema_validation_settings

required Expand Collapse
zone_id: String

Identifier.

computed Expand Collapse
id: String

Identifier.

validation_default_mitigation_action: String

The default mitigation action used when there is no mitigation action defined on the operation

Mitigation actions are as follows:

  • log - log request when request does not conform to schema
  • block - deny access to the site when request does not conform to schema

A special value of of none will skip running schema validation entirely for the request when there is no mitigation action defined on the operation

validation_override_mitigation_action: String

When set, this overrides both zone level and operation level mitigation actions.

  • none will skip running schema validation entirely for the request
  • null indicates that no override is in place

cloudflare_api_shield_schema_validation_settings

data "cloudflare_api_shield_schema_validation_settings" "example_api_shield_schema_validation_settings" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

API GatewayUser Schemas

resource cloudflare_api_shield_schema

required Expand Collapse
zone_id: String

Identifier.

file: String

Schema file bytes

kind: String

Kind of schema

optional Expand Collapse
schema_id?: String
name?: String

Name of the schema

validation_enabled?: String

Flag whether schema is enabled for validation.

computed Expand Collapse
created_at: Time
source: String

Source of the schema

schema: Attributes
created_at: Time
kind: String

Kind of schema

name: String

Name of the schema

schema_id: String

UUID.

source: String

Source of the schema

validation_enabled: Bool

Flag whether schema is enabled for validation.

upload_details: Attributes
warnings: List[Attributes]

Diagnostic warning events that occurred during processing. These events are non-critical errors found within the schema.

code: Int64

Code that identifies the event that occurred.

locations: List[String]

JSONPath location(s) in the schema where these events were encountered. See https://goessner.net/articles/JsonPath/ for JSONPath specification.

message: String

Diagnostic message that describes the event.

cloudflare_api_shield_schema

resource "cloudflare_api_shield_schema" "example_api_shield_schema" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  file = "Example data"
  kind = "openapi_v3"
  name = "petstore schema"
  validation_enabled = "true"
}

data cloudflare_api_shield_schema

required Expand Collapse
schema_id: String
zone_id: String

Identifier.

optional Expand Collapse
omit_source?: Bool

Omit the source-files of schemas and only retrieve their meta-data.

computed Expand Collapse
created_at: Time
kind: String

Kind of schema

name: String

Name of the schema

source: String

Source of the schema

validation_enabled: Bool

Flag whether schema is enabled for validation.

cloudflare_api_shield_schema

data "cloudflare_api_shield_schema" "example_api_shield_schema" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  schema_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
  omit_source = true
}

data cloudflare_api_shield_schemas

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
validation_enabled?: Bool

Flag whether schema is enabled for validation.

omit_source?: Bool

Omit the source-files of schemas and only retrieve their meta-data.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

created_at: Time
kind: String

Kind of schema

name: String

Name of the schema

schema_id: String

UUID.

source: String

Source of the schema

validation_enabled: Bool

Flag whether schema is enabled for validation.

cloudflare_api_shield_schemas

data "cloudflare_api_shield_schemas" "example_api_shield_schemas" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  validation_enabled = true
}