Skip to content
Cloudflare API
Start here
API Reference

Token Validation

Token ValidationConfiguration

resource cloudflare_token_validation_config

required Expand Collapse
zone_id: String

Identifier.

token_type: String
credentials: Attributes
keys: List[Attributes]
alg: String

Algorithm

e?: String

RSA exponent

kid: String

Key ID

kty: String

Key Type

n?: String

RSA modulus

crv?: String

Curve

x?: String

X EC coordinate

y?: String

Y EC coordinate

description: String
title: String
token_sources: List[String]
computed Expand Collapse
id: String

UUID.

created_at: Time
last_updated: Time

cloudflare_token_validation_config

resource "cloudflare_token_validation_config" "example_token_validation_config" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  credentials = {
    keys = [{
      alg = "ES256"
      crv = "P-256"
      kid = "38013f13-c266-4eec-a72a-92ec92779f21"
      kty = "EC"
      x = "KN53JRwN3wCjm2o39bvZUX2VdrsHzS8pxOAGjm8m7EQ"
      y = "lnkkzIxaveggz-HFhcMWW15nxvOj0Z_uQsXbpK0GFcY"
    }]
  }
  description = "Long description for Token Validation Configuration"
  title = "Example Token Validation Configuration"
  token_sources = ["http.request.headers[\"x-auth\"][0]", "http.request.cookies[\"Authorization\"][0]"]
  token_type = "JWT"
}

data cloudflare_token_validation_config

required Expand Collapse
config_id: String

UUID.

zone_id: String

Identifier.

computed Expand Collapse
id: String

UUID.

created_at: Time
description: String
last_updated: Time
title: String
token_type: String
token_sources: List[String]
credentials: Attributes
keys: List[Attributes]
alg: String

Algorithm

e: String

RSA exponent

kid: String

Key ID

kty: String

Key Type

n: String

RSA modulus

crv: String

Curve

x: String

X EC coordinate

y: String

Y EC coordinate

cloudflare_token_validation_config

data "cloudflare_token_validation_config" "example_token_validation_config" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  config_id = "4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7"
}

data cloudflare_token_validation_configs

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

UUID.

created_at: Time
credentials: Attributes
keys: List[Attributes]
alg: String

Algorithm

e: String

RSA exponent

kid: String

Key ID

kty: String

Key Type

n: String

RSA modulus

crv: String

Curve

x: String

X EC coordinate

y: String

Y EC coordinate

description: String
last_updated: Time
title: String
token_sources: List[String]
token_type: String

cloudflare_token_validation_configs

data "cloudflare_token_validation_configs" "example_token_validation_configs" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

Token ValidationRules

resource cloudflare_token_validation_rules

required Expand Collapse
zone_id: String

Identifier.

action: String

Action to take on requests that match operations included in selector and fail expression.

description: String

A human-readable description that gives more details than title.

enabled: Bool

Toggle rule on or off.

expression: String

Rule expression. Requests that fail to match this expression will be subject to action.

For details on expressions, see the Cloudflare Docs.

title: String

A human-readable name for the rule.

selector: Attributes

Select operations covered by this rule.

For details on selectors, see the Cloudflare Docs.

exclude?: List[Attributes]

Ignore operations that were otherwise included by include.

operation_ids?: List[String]

Excluded operation IDs.

include?: List[Attributes]

Select all matching operations.

host?: List[String]

Included hostnames.

optional Expand Collapse
position?: Attributes

Update rule order among zone rules.

index?: Int64

Move rule to this position

before?: String

Move rule to before rule with this ID.

after?: String

Move rule to after rule with this ID.

computed Expand Collapse
id: String

UUID.

created_at: Time
last_updated: Time

cloudflare_token_validation_rules

resource "cloudflare_token_validation_rules" "example_token_validation_rules" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  action = "log"
  description = "Long description for Token Validation Rule"
  enabled = true
  expression = "is_jwt_valid(\"52973293-cb04-4a97-8f55-e7d2ad1107dd\") or is_jwt_valid(\"46eab8d1-6376-45e3-968f-2c649d77d423\")"
  selector = {
    exclude = [{
      operation_ids = ["f9c5615e-fe15-48ce-bec6-cfc1946f1bec", "56828eae-035a-4396-ba07-51c66d680a04"]
    }]
    include = [{
      host = ["v1.example.com", "v2.example.com"]
    }]
  }
  title = "Example Token Validation Rule"
}

data cloudflare_token_validation_rules

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
rule_id?: String

UUID.

filter?: Attributes
id?: String

Select rules with these IDs.

action?: String

Action to take on requests that match operations included in selector and fail expression.

enabled?: Bool

Toggle rule on or off.

host?: String

Select rules with this host in include.

hostname?: String

Select rules with this host in include.

token_configuration?: List[String]

Select rules using any of these token configurations.

computed Expand Collapse
id: String

UUID.

action: String

Action to take on requests that match operations included in selector and fail expression.

created_at: Time
description: String

A human-readable description that gives more details than title.

enabled: Bool

Toggle rule on or off.

expression: String

Rule expression. Requests that fail to match this expression will be subject to action.

For details on expressions, see the Cloudflare Docs.

last_updated: Time
title: String

A human-readable name for the rule.

selector: Attributes

Select operations covered by this rule.

For details on selectors, see the Cloudflare Docs.

exclude: List[Attributes]

Ignore operations that were otherwise included by include.

operation_ids: List[String]

Excluded operation IDs.

include: List[Attributes]

Select all matching operations.

host: List[String]

Included hostnames.

cloudflare_token_validation_rules

data "cloudflare_token_validation_rules" "example_token_validation_rules" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  rule_id = "4a7ee8d3-dd63-4ceb-9d5f-c27831854ce7"
}

data cloudflare_token_validation_rules_list

required Expand Collapse
zone_id: String

Identifier.

optional Expand Collapse
action?: String

Action to take on requests that match operations included in selector and fail expression.

enabled?: Bool

Toggle rule on or off.

host?: String

Select rules with this host in include.

hostname?: String

Select rules with this host in include.

id?: String

Select rules with these IDs.

rule_id?: String

Select rules with these IDs.

token_configuration?: List[String]

Select rules using any of these token configurations.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

action: String

Action to take on requests that match operations included in selector and fail expression.

description: String

A human-readable description that gives more details than title.

enabled: Bool

Toggle rule on or off.

expression: String

Rule expression. Requests that fail to match this expression will be subject to action.

For details on expressions, see the Cloudflare Docs.

selector: Attributes

Select operations covered by this rule.

For details on selectors, see the Cloudflare Docs.

exclude: List[Attributes]

Ignore operations that were otherwise included by include.

operation_ids: List[String]

Excluded operation IDs.

include: List[Attributes]

Select all matching operations.

host: List[String]

Included hostnames.

title: String

A human-readable name for the rule.

id: String

UUID.

created_at: Time
last_updated: Time

cloudflare_token_validation_rules_list

data "cloudflare_token_validation_rules_list" "example_token_validation_rules_list" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
  action = "log"
  enabled = true
  host = "www.example.com"
  hostname = "www.example.com"
  rule_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
  token_configuration = ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"]
}