# Devices ## List devices (deprecated) `client.zeroTrust.devices.list(DeviceListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices` List WARP devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated**: please use one of the following endpoints instead: - GET /accounts/{account_id}/devices/physical-devices - GET /accounts/{account_id}/devices/registrations ### Parameters - `params: DeviceListParams` - `account_id: string` ### Returns - `Device` - `id?: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `created?: string` When the device was created. - `deleted?: boolean` True if the device was deleted. - `device_type?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `ip?: string` IPv4 or IPv6 address. - `key?: string` The device's public key. - `last_seen?: string` When the device last connected to Cloudflare services. - `mac_address?: string` The device mac address. - `manufacturer?: string` The device manufacturer name. - `model?: string` The device model name. - `name?: string` The device name. - `os_distro_name?: string` The Linux distro name. - `os_distro_revision?: string` The Linux distro revision. - `os_version?: string` The operating system version. - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `revoked_at?: string` When the device was revoked. - `serial_number?: string` The device serial number. - `updated?: string` When the device was updated. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `version?: string` The WARP client version. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const device of client.zeroTrust.devices.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(device.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "created": "2017-06-14T00:00:00Z", "deleted": true, "device_type": "windows", "ip": "1.1.1.1", "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=", "last_seen": "2017-06-14T00:00:00Z", "mac_address": "00-00-5E-00-53-00", "manufacturer": "My phone corp", "model": "MyPhone(pro-X)", "name": "My mobile device", "os_distro_name": "ubuntu", "os_distro_revision": "1.0.0", "os_version": "10.0.0", "os_version_extra": "(a) or 6889 or Ubuntu 24.04", "revoked_at": "2017-06-14T00:00:00Z", "serial_number": "EXAMPLEHMD6R", "updated": "2017-06-14T00:00:00Z", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "version": "1.0.0" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device (deprecated) `client.zeroTrust.devices.get(stringdeviceID, DeviceGetParamsparams, RequestOptionsoptions?): DeviceGetResponse | null` **get** `/accounts/{account_id}/devices/{device_id}` Fetches a single WARP device. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated**: please use one of the following endpoints instead: - GET /accounts/{account_id}/devices/physical-devices/{device_id} - GET /accounts/{account_id}/devices/registrations/{registration_id} ### Parameters - `deviceID: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `params: DeviceGetParams` - `account_id: string` ### Returns - `DeviceGetResponse` - `id?: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `account?: Account` - `id?: string` - `account_type?: string` - `name?: string` The name of the enrolled account. - `created?: string` When the device was created. - `deleted?: boolean` True if the device was deleted. - `device_type?: string` - `gateway_device_id?: string` - `ip?: string` IPv4 or IPv6 address. - `key?: string` The device's public key. - `key_type?: string` Type of the key. - `last_seen?: string` When the device last connected to Cloudflare services. - `mac_address?: string` The device mac address. - `model?: string` The device model name. - `name?: string` The device name. - `os_version?: string` The operating system version. - `serial_number?: string` The device serial number. - `tunnel_type?: string` Type of the tunnel connection used. - `updated?: string` When the device was updated. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `version?: string` The WARP client version. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const device = await client.zeroTrust.devices.get('f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', }); console.log(device.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "account": { "id": "id", "account_type": "account_type", "name": "Company" }, "created": "2017-06-14T00:00:00Z", "deleted": true, "device_type": "windows", "gateway_device_id": "PD33E90AXfafe14643cbbbc-4a0ed4fc8415Q", "ip": "1.1.1.1", "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=", "key_type": "curve25519", "last_seen": "2017-06-14T00:00:00Z", "mac_address": "00-00-5E-00-53-00", "model": "MyPhone(pro-X)", "name": "My mobile device", "os_version": "10.0.0", "serial_number": "EXAMPLEHMD6R", "tunnel_type": "masque", "updated": "2017-06-14T00:00:00Z", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "version": "1.0.0" }, "success": true } ``` ## Domain Types ### Device - `Device` - `id?: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `created?: string` When the device was created. - `deleted?: boolean` True if the device was deleted. - `device_type?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `ip?: string` IPv4 or IPv6 address. - `key?: string` The device's public key. - `last_seen?: string` When the device last connected to Cloudflare services. - `mac_address?: string` The device mac address. - `manufacturer?: string` The device manufacturer name. - `model?: string` The device model name. - `name?: string` The device name. - `os_distro_name?: string` The Linux distro name. - `os_distro_revision?: string` The Linux distro revision. - `os_version?: string` The operating system version. - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `revoked_at?: string` When the device was revoked. - `serial_number?: string` The device serial number. - `updated?: string` When the device was updated. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `version?: string` The WARP client version. ### Device Get Response - `DeviceGetResponse` - `id?: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `account?: Account` - `id?: string` - `account_type?: string` - `name?: string` The name of the enrolled account. - `created?: string` When the device was created. - `deleted?: boolean` True if the device was deleted. - `device_type?: string` - `gateway_device_id?: string` - `ip?: string` IPv4 or IPv6 address. - `key?: string` The device's public key. - `key_type?: string` Type of the key. - `last_seen?: string` When the device last connected to Cloudflare services. - `mac_address?: string` The device mac address. - `model?: string` The device model name. - `name?: string` The device name. - `os_version?: string` The operating system version. - `serial_number?: string` The device serial number. - `tunnel_type?: string` Type of the tunnel connection used. - `updated?: string` When the device was updated. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `version?: string` The WARP client version. # Devices ## List devices `client.zeroTrust.devices.devices.list(DeviceListParamsparams, RequestOptionsoptions?): CursorPagination` **get** `/accounts/{account_id}/devices/physical-devices` Lists WARP devices. ### Parameters - `params: DeviceListParams` - `account_id: string` Path param - `id?: Array` Query param: Filter by a one or more device IDs. - `active_registrations?: "include" | "only" | "exclude"` Query param: Include or exclude devices with active registrations. The default is "only" - return only devices with active registrations. - `"include"` - `"only"` - `"exclude"` - `cursor?: string` Query param: Opaque token indicating the starting position when requesting the next set of records. A cursor value can be obtained from the result_info.cursor field in the response. - `include?: string` Query param: Comma-separated list of additional information that should be included in the device response. Supported values are: "last_seen_registration.policy". - `last_seen_user?: LastSeenUser` Query param - `email?: string` Filter by the last seen user's email. - `per_page?: number` Query param: The maximum number of devices to return in a single response. - `search?: string` Query param: Search by device details. - `seen_after?: string` Query param: Filter by the last_seen timestamp - returns only devices last seen after this timestamp. - `seen_before?: string` Query param: Filter by the last_seen timestamp - returns only devices last seen before this timestamp. - `sort_by?: "name" | "id" | "client_version" | 4 more` Query param: The device field to order results by. - `"name"` - `"id"` - `"client_version"` - `"last_seen_user.email"` - `"last_seen_at"` - `"active_registrations"` - `"created_at"` - `sort_order?: "asc" | "desc"` Query param: Sort direction. - `"asc"` - `"desc"` ### Returns - `DeviceListResponse` A WARP Device. - `id: string` The unique ID of the device. - `active_registrations: number` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: string` The RFC3339 timestamp when the device was created. - `last_seen_at: string | null` The RFC3339 timestamp when the device was last seen. - `name: string` The name of the device. - `updated_at: string` The RFC3339 timestamp when the device was last updated. - `client_version?: string | null` Version of the WARP client. - `deleted_at?: string | null` The RFC3339 timestamp when the device was deleted. - `device_type?: string | null` The device operating system. - `hardware_id?: string | null` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration?: LastSeenRegistration | null` The last seen registration for the device. - `policy?: Policy | null` A summary of the device profile evaluated for the registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user?: LastSeenUser | null` The last user to use the WARP device. - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `mac_address?: string | null` The device MAC address. - `manufacturer?: string | null` The device manufacturer. - `model?: string | null` The model name of the device. - `os_version?: string | null` The device operating system version number. - `os_version_extra?: string | null` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip?: string | null` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number?: string | null` The device serial number. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const deviceListResponse of client.zeroTrust.devices.devices.list({ account_id: 'account_id', })) { console.log(deviceListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "fc9ab6ab-3b94-4319-9941-459462b3d73e", "active_registrations": 1, "created_at": "2025-02-14T13:17:00Z", "last_seen_at": "2025-02-14T13:17:00Z", "name": "My Device", "updated_at": "2025-02-14T13:17:00Z", "client_version": "1.0.0", "deleted_at": "2025-02-14T13:17:00Z", "device_type": "linux", "hardware_id": "hardware_id", "last_seen_registration": { "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" } }, "last_seen_user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "mac_address": "f5:01:73:cf:12:23", "manufacturer": "ACME", "model": "Mark VII", "os_version": "os_version", "os_version_extra": "os_version_extra", "public_ip": "1.1.1.1", "serial_number": "ABS765ASD8A" } ], "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Get device `client.zeroTrust.devices.devices.get(stringdeviceID, DeviceGetParamsparams, RequestOptionsoptions?): DeviceGetResponse` **get** `/accounts/{account_id}/devices/physical-devices/{device_id}` Fetches a single WARP device. ### Parameters - `deviceID: string` - `params: DeviceGetParams` - `account_id: string` Path param - `include?: string` Query param: Comma-separated list of additional information that should be included in the device response. Supported values are: "last_seen_registration.policy". ### Returns - `DeviceGetResponse` A WARP Device. - `id: string` The unique ID of the device. - `active_registrations: number` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: string` The RFC3339 timestamp when the device was created. - `last_seen_at: string | null` The RFC3339 timestamp when the device was last seen. - `name: string` The name of the device. - `updated_at: string` The RFC3339 timestamp when the device was last updated. - `client_version?: string | null` Version of the WARP client. - `deleted_at?: string | null` The RFC3339 timestamp when the device was deleted. - `device_type?: string | null` The device operating system. - `hardware_id?: string | null` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration?: LastSeenRegistration | null` The last seen registration for the device. - `policy?: Policy | null` A summary of the device profile evaluated for the registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user?: LastSeenUser | null` The last user to use the WARP device. - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `mac_address?: string | null` The device MAC address. - `manufacturer?: string | null` The device manufacturer. - `model?: string | null` The model name of the device. - `os_version?: string | null` The device operating system version number. - `os_version_extra?: string | null` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip?: string | null` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number?: string | null` The device serial number. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const device = await client.zeroTrust.devices.devices.get('device_id', { account_id: 'account_id', }); console.log(device.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "fc9ab6ab-3b94-4319-9941-459462b3d73e", "active_registrations": 1, "created_at": "2025-02-14T13:17:00Z", "last_seen_at": "2025-02-14T13:17:00Z", "name": "My Device", "updated_at": "2025-02-14T13:17:00Z", "client_version": "1.0.0", "deleted_at": "2025-02-14T13:17:00Z", "device_type": "linux", "hardware_id": "hardware_id", "last_seen_registration": { "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" } }, "last_seen_user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "mac_address": "f5:01:73:cf:12:23", "manufacturer": "ACME", "model": "Mark VII", "os_version": "os_version", "os_version_extra": "os_version_extra", "public_ip": "1.1.1.1", "serial_number": "ABS765ASD8A" }, "success": true } ``` ## Delete device `client.zeroTrust.devices.devices.delete(stringdeviceID, DeviceDeleteParamsparams, RequestOptionsoptions?): DeviceDeleteResponse | null` **delete** `/accounts/{account_id}/devices/physical-devices/{device_id}` Deletes a WARP device. ### Parameters - `deviceID: string` - `params: DeviceDeleteParams` - `account_id: string` ### Returns - `DeviceDeleteResponse = unknown` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const device = await client.zeroTrust.devices.devices.delete('device_id', { account_id: 'account_id', }); console.log(device); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Revoke device registrations `client.zeroTrust.devices.devices.revoke(stringdeviceID, DeviceRevokeParamsparams, RequestOptionsoptions?): DeviceRevokeResponse | null` **post** `/accounts/{account_id}/devices/physical-devices/{device_id}/revoke` Revokes all WARP registrations associated with the specified device. ### Parameters - `deviceID: string` - `params: DeviceRevokeParams` - `account_id: string` ### Returns - `DeviceRevokeResponse = unknown` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.devices.revoke('device_id', { account_id: 'account_id', }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Domain Types ### Device List Response - `DeviceListResponse` A WARP Device. - `id: string` The unique ID of the device. - `active_registrations: number` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: string` The RFC3339 timestamp when the device was created. - `last_seen_at: string | null` The RFC3339 timestamp when the device was last seen. - `name: string` The name of the device. - `updated_at: string` The RFC3339 timestamp when the device was last updated. - `client_version?: string | null` Version of the WARP client. - `deleted_at?: string | null` The RFC3339 timestamp when the device was deleted. - `device_type?: string | null` The device operating system. - `hardware_id?: string | null` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration?: LastSeenRegistration | null` The last seen registration for the device. - `policy?: Policy | null` A summary of the device profile evaluated for the registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user?: LastSeenUser | null` The last user to use the WARP device. - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `mac_address?: string | null` The device MAC address. - `manufacturer?: string | null` The device manufacturer. - `model?: string | null` The model name of the device. - `os_version?: string | null` The device operating system version number. - `os_version_extra?: string | null` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip?: string | null` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number?: string | null` The device serial number. ### Device Get Response - `DeviceGetResponse` A WARP Device. - `id: string` The unique ID of the device. - `active_registrations: number` The number of active registrations for the device. Active registrations are those which haven't been revoked or deleted. - `created_at: string` The RFC3339 timestamp when the device was created. - `last_seen_at: string | null` The RFC3339 timestamp when the device was last seen. - `name: string` The name of the device. - `updated_at: string` The RFC3339 timestamp when the device was last updated. - `client_version?: string | null` Version of the WARP client. - `deleted_at?: string | null` The RFC3339 timestamp when the device was deleted. - `device_type?: string | null` The device operating system. - `hardware_id?: string | null` A string that uniquely identifies the hardware or virtual machine (VM). - `last_seen_registration?: LastSeenRegistration | null` The last seen registration for the device. - `policy?: Policy | null` A summary of the device profile evaluated for the registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `last_seen_user?: LastSeenUser | null` The last user to use the WARP device. - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `mac_address?: string | null` The device MAC address. - `manufacturer?: string | null` The device manufacturer. - `model?: string | null` The model name of the device. - `os_version?: string | null` The device operating system version number. - `os_version_extra?: string | null` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `public_ip?: string | null` **Deprecated**: IP information is provided by DEX - see https://developers.cloudflare.com/api/resources/zero_trust/subresources/dex/subresources/fleet_status/subresources/devices/methods/list/ - `serial_number?: string | null` The device serial number. ### Device Delete Response - `DeviceDeleteResponse = unknown` ### Device Revoke Response - `DeviceRevokeResponse = unknown` # Resilience # Global WARP Override ## Retrieve Global WARP override state `client.zeroTrust.devices.resilience.globalWARPOverride.get(GlobalWARPOverrideGetParamsparams, RequestOptionsoptions?): GlobalWARPOverrideGetResponse | null` **get** `/accounts/{account_id}/devices/resilience/disconnect` Fetch the Global WARP override state. ### Parameters - `params: GlobalWARPOverrideGetParams` - `account_id: string` ### Returns - `GlobalWARPOverrideGetResponse` - `disconnect?: boolean` Disconnects all devices on the account using Global WARP override. - `timestamp?: string` When the Global WARP override state was updated. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const globalWARPOverride = await client.zeroTrust.devices.resilience.globalWARPOverride.get({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(globalWARPOverride.disconnect); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disconnect": false, "timestamp": "1970-01-01T00:00:00.000Z" }, "success": true } ``` ## Set Global WARP override state `client.zeroTrust.devices.resilience.globalWARPOverride.create(GlobalWARPOverrideCreateParamsparams, RequestOptionsoptions?): GlobalWARPOverrideCreateResponse | null` **post** `/accounts/{account_id}/devices/resilience/disconnect` Sets the Global WARP override state. ### Parameters - `params: GlobalWARPOverrideCreateParams` - `account_id: string` Path param - `disconnect: boolean` Body param: Disconnects all devices on the account using Global WARP override. - `justification?: string` Body param: Reasoning for setting the Global WARP override state. This will be surfaced in the audit log. ### Returns - `GlobalWARPOverrideCreateResponse` - `disconnect?: boolean` Disconnects all devices on the account using Global WARP override. - `timestamp?: string` When the Global WARP override state was updated. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const globalWARPOverride = await client.zeroTrust.devices.resilience.globalWARPOverride.create({ account_id: '699d98642c564d2e855e9661899b7252', disconnect: false, }); console.log(globalWARPOverride.disconnect); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disconnect": false, "timestamp": "1970-01-01T00:00:00.000Z" }, "success": true } ``` ## Domain Types ### Global WARP Override Get Response - `GlobalWARPOverrideGetResponse` - `disconnect?: boolean` Disconnects all devices on the account using Global WARP override. - `timestamp?: string` When the Global WARP override state was updated. ### Global WARP Override Create Response - `GlobalWARPOverrideCreateResponse` - `disconnect?: boolean` Disconnects all devices on the account using Global WARP override. - `timestamp?: string` When the Global WARP override state was updated. # Registrations ## List registrations `client.zeroTrust.devices.registrations.list(RegistrationListParamsparams, RequestOptionsoptions?): CursorPagination` **get** `/accounts/{account_id}/devices/registrations` Lists WARP registrations. ### Parameters - `params: RegistrationListParams` - `account_id: string` Path param - `id?: Array` Query param: Filter by registration ID. - `cursor?: string` Query param: Opaque token indicating the starting position when requesting the next set of records. A cursor value can be obtained from the result_info.cursor field in the response. - `device?: Device` Query param - `id?: string` Filter by WARP device ID. - `include?: string` Query param: Comma-separated list of additional information that should be included in the registration response. Supported values are: "policy". - `per_page?: number` Query param: The maximum number of devices to return in a single response. - `search?: string` Query param: Filter by registration details. - `seen_after?: string` Query param: Filter by the last_seen timestamp - returns only registrations last seen after this timestamp. - `seen_before?: string` Query param: Filter by the last_seen timestamp - returns only registrations last seen before this timestamp. - `sort_by?: "id" | "user.name" | "user.email" | 2 more` Query param: The registration field to order results by. - `"id"` - `"user.name"` - `"user.email"` - `"last_seen_at"` - `"created_at"` - `sort_order?: "asc" | "desc"` Query param: Sort direction. - `"asc"` - `"desc"` - `status?: "active" | "all" | "revoked"` Query param: Filter by registration status. Defaults to 'active'. - `"active"` - `"all"` - `"revoked"` - `user?: User` Query param - `id?: Array` Filter by user ID. ### Returns - `RegistrationListResponse` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: string` The ID of the registration. - `created_at: string` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: string` The ID of the device. - `name: string` The name of the device. - `client_version?: string` Version of the WARP client. - `key: string` The public key used to connect to the Cloudflare network. - `last_seen_at: string` The RFC3339 timestamp when the registration was last seen. - `updated_at: string` The RFC3339 timestamp when the registration was last updated. - `deleted_at?: string | null` The RFC3339 timestamp when the registration was deleted. - `key_type?: string | null` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy?: Policy` The device settings profile assigned to this registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at?: string | null` The RFC3339 timestamp when the registration was revoked. - `tunnel_type?: string | null` Type of the tunnel - wireguard or masque. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `virtual_ipv4?: string | null` The virtual IPv4 address assigned to the network interface of the tunnel for this registration. - `virtual_ipv6?: string | null` The virtual IPv6 address assigned to the network interface of the tunnel for this registration. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const registrationListResponse of client.zeroTrust.devices.registrations.list({ account_id: 'account_id', })) { console.log(registrationListResponse.id); } ``` #### Response ```json { "errors": [], "messages": [], "result": [ { "created_at": "2025-02-14T13:17:00Z", "deleted_at": null, "device": { "client_version": "1.0.0", "id": "32aa0404-78f1-49a4-99e0-97f575081356", "name": "My Device" }, "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "key": "U+QTP50RsWfeLGHF4tlGDnmGeuwtsz46KCHr5OyhWq00Rsdfl45mgnQAuEJ6CO0YrkyTl9FUf5iB0bwYR3g4EEFEHhtu6jFaqfMrBMBSz6itv9HQXkaR9OieKQ==", "key_type": "secp256r1", "last_seen_at": "2025-02-14T13:17:00Z", "revoked_at": null, "tunnel_type": "masque", "updated_at": "2025-02-14T13:17:00Z", "user": { "email": "alice@example.org", "id": "30323c1f-318d-4ec9-92c7-5a8c4d25c4fc", "name": "Alice" } }, { "created_at": "2025-02-15T10:20:00Z", "deleted_at": null, "device": { "client_version": "1.0.1", "id": "43bb1515-8902-50b5-aa01-a88686192467", "name": "Bob's Laptop" }, "id": "22eedc7a-4a1d-5417-c5b3-f73a983c277b", "key": "V/RSP61StXgfmLHJG5umHEonHfvxtz57LDIs6PziXr11Stegm56nhrRBvFK7DP1ZsLzUm0GVg6jC1cxZS4h5FFGFJiju7kGbrgNsCNCT77juw0IRYlS0QpjgLR==", "key_type": "secp256r1", "last_seen_at": "2025-02-15T10:25:00Z", "revoked_at": null, "tunnel_type": "masque", "updated_at": "2025-02-15T10:25:00Z", "user": { "email": "bob@example.com", "id": "41434d2a-429e-5fd0-a3d8-6b9d5e36d5ad", "name": "Bob" } } ], "result_info": { "count": 2, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null }, "success": true } ``` ## Get registration `client.zeroTrust.devices.registrations.get(stringregistrationID, RegistrationGetParamsparams, RequestOptionsoptions?): RegistrationGetResponse` **get** `/accounts/{account_id}/devices/registrations/{registration_id}` Fetches a single WARP registration. ### Parameters - `registrationID: string` - `params: RegistrationGetParams` - `account_id: string` Path param - `include?: string` Query param: Comma-separated list of additional information that should be included in the registration response. Supported values are: "policy". ### Returns - `RegistrationGetResponse` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: string` The ID of the registration. - `created_at: string` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: string` The ID of the device. - `name: string` The name of the device. - `client_version?: string` Version of the WARP client. - `key: string` The public key used to connect to the Cloudflare network. - `last_seen_at: string` The RFC3339 timestamp when the registration was last seen. - `updated_at: string` The RFC3339 timestamp when the registration was last updated. - `deleted_at?: string | null` The RFC3339 timestamp when the registration was deleted. - `key_type?: string | null` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy?: Policy` The device settings profile assigned to this registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at?: string | null` The RFC3339 timestamp when the registration was revoked. - `tunnel_type?: string | null` Type of the tunnel - wireguard or masque. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `virtual_ipv4?: string | null` The virtual IPv4 address assigned to the network interface of the tunnel for this registration. - `virtual_ipv6?: string | null` The virtual IPv6 address assigned to the network interface of the tunnel for this registration. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const registration = await client.zeroTrust.devices.registrations.get('registration_id', { account_id: 'account_id', }); console.log(registration.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "created_at": "2025-02-14T13:17:00Z", "device": { "id": "32aa0404-78f1-49a4-99e0-97f575081356", "name": "My Device", "client_version": "1.0.0" }, "key": "U+QTP50RsWfeLGHF4tlGDnmGeuwtsz46KCHr5OyhWq00Rsdfl45mgnQAuEJ6CO0YrkyTl9FUf5iB0bwYR3g4EEFEHhtu6jFaqfMrBMBSz6itv9HQXkaR9OieKQ==", "last_seen_at": "2025-02-14T13:17:00Z", "updated_at": "2025-02-14T13:17:00Z", "deleted_at": "2025-02-14T13:17:00Z", "key_type": "secp256r1", "policy": { "id": "11ffb86f-3f0c-4306-b4a2-e62f872b166a", "default": true, "deleted": true, "name": "name", "updated_at": "2025-02-14T13:17:00Z" }, "revoked_at": "2025-02-14T13:17:00Z", "tunnel_type": "masque", "user": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "email": "user@example.com", "name": "John Appleseed" }, "virtual_ipv4": "100.96.0.1", "virtual_ipv6": "2606:4700:0cf1:1000::1" }, "success": true } ``` ## Delete registration `client.zeroTrust.devices.registrations.delete(stringregistrationID, RegistrationDeleteParamsparams, RequestOptionsoptions?): RegistrationDeleteResponse | null` **delete** `/accounts/{account_id}/devices/registrations/{registration_id}` Deletes a WARP registration. ### Parameters - `registrationID: string` - `params: RegistrationDeleteParams` - `account_id: string` ### Returns - `RegistrationDeleteResponse = unknown` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const registration = await client.zeroTrust.devices.registrations.delete('registration_id', { account_id: 'account_id', }); console.log(registration); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "success": true, "result": {} } ``` ## Delete registrations `client.zeroTrust.devices.registrations.bulkDelete(RegistrationBulkDeleteParamsparams, RequestOptionsoptions?): RegistrationBulkDeleteResponse | null` **delete** `/accounts/{account_id}/devices/registrations` Deletes a list of WARP registrations. ### Parameters - `params: RegistrationBulkDeleteParams` - `account_id: string` Path param - `id: Array` Query param: A list of registration IDs to delete. ### Returns - `RegistrationBulkDeleteResponse = unknown` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.registrations.bulkDelete({ account_id: 'account_id', id: ['string'], }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Revoke registrations `client.zeroTrust.devices.registrations.revoke(RegistrationRevokeParamsparams, RequestOptionsoptions?): RegistrationRevokeResponse | null` **post** `/accounts/{account_id}/devices/registrations/revoke` Revokes a list of WARP registrations. ### Parameters - `params: RegistrationRevokeParams` - `account_id: string` Path param - `id: Array` Query param: A list of registration IDs to revoke. ### Returns - `RegistrationRevokeResponse = unknown` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.registrations.revoke({ account_id: 'account_id', id: ['string'], }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Unrevoke registrations `client.zeroTrust.devices.registrations.unrevoke(RegistrationUnrevokeParamsparams, RequestOptionsoptions?): RegistrationUnrevokeResponse | null` **post** `/accounts/{account_id}/devices/registrations/unrevoke` Unrevokes a list of WARP registrations. ### Parameters - `params: RegistrationUnrevokeParams` - `account_id: string` Path param - `id: Array` Query param: A list of registration IDs to unrevoke. ### Returns - `RegistrationUnrevokeResponse = unknown` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.registrations.unrevoke({ account_id: 'account_id', id: ['string'], }); console.log(response); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": {}, "success": true, "result_info": { "count": 1, "cursor": "ais86dftf.asdf7ba8", "per_page": 10, "total_count": null } } ``` ## Domain Types ### Registration List Response - `RegistrationListResponse` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: string` The ID of the registration. - `created_at: string` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: string` The ID of the device. - `name: string` The name of the device. - `client_version?: string` Version of the WARP client. - `key: string` The public key used to connect to the Cloudflare network. - `last_seen_at: string` The RFC3339 timestamp when the registration was last seen. - `updated_at: string` The RFC3339 timestamp when the registration was last updated. - `deleted_at?: string | null` The RFC3339 timestamp when the registration was deleted. - `key_type?: string | null` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy?: Policy` The device settings profile assigned to this registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at?: string | null` The RFC3339 timestamp when the registration was revoked. - `tunnel_type?: string | null` Type of the tunnel - wireguard or masque. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `virtual_ipv4?: string | null` The virtual IPv4 address assigned to the network interface of the tunnel for this registration. - `virtual_ipv6?: string | null` The virtual IPv6 address assigned to the network interface of the tunnel for this registration. ### Registration Get Response - `RegistrationGetResponse` A WARP configuration tied to a single user. Multiple registrations can be created from a single WARP device. - `id: string` The ID of the registration. - `created_at: string` The RFC3339 timestamp when the registration was created. - `device: Device` Device details embedded inside of a registration. - `id: string` The ID of the device. - `name: string` The name of the device. - `client_version?: string` Version of the WARP client. - `key: string` The public key used to connect to the Cloudflare network. - `last_seen_at: string` The RFC3339 timestamp when the registration was last seen. - `updated_at: string` The RFC3339 timestamp when the registration was last updated. - `deleted_at?: string | null` The RFC3339 timestamp when the registration was deleted. - `key_type?: string | null` The type of encryption key used by the WARP client for the active key. Currently 'curve25519' for WireGuard and 'secp256r1' for MASQUE. - `policy?: Policy` The device settings profile assigned to this registration. - `id: string` The ID of the device settings profile. - `default: boolean` Whether the device settings profile is the default profile for the account. - `deleted: boolean` Whether the device settings profile was deleted. - `name: string` The name of the device settings profile. - `updated_at: string` The RFC3339 timestamp of when the device settings profile last changed for the registration. - `revoked_at?: string | null` The RFC3339 timestamp when the registration was revoked. - `tunnel_type?: string | null` Type of the tunnel - wireguard or masque. - `user?: User` - `id?: string` UUID. - `email?: string` The contact email address of the user. - `name?: string` The enrolled device user's name. - `virtual_ipv4?: string | null` The virtual IPv4 address assigned to the network interface of the tunnel for this registration. - `virtual_ipv6?: string | null` The virtual IPv6 address assigned to the network interface of the tunnel for this registration. ### Registration Delete Response - `RegistrationDeleteResponse = unknown` ### Registration Bulk Delete Response - `RegistrationBulkDeleteResponse = unknown` ### Registration Revoke Response - `RegistrationRevokeResponse = unknown` ### Registration Unrevoke Response - `RegistrationUnrevokeResponse = unknown` # DEX Tests ## List Device DEX tests `client.zeroTrust.devices.dexTests.list(DEXTestListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/dex/devices/dex_tests` Fetch all DEX tests. ### Parameters - `params: DEXTestListParams` - `account_id: string` Path param: Unique identifier linked to an account. - `kind?: "http" | "traceroute"` Query param: Filter by test type. - `"http"` - `"traceroute"` - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: Number of results per page. - `testName?: string` Query param: Filter by test name. ### Returns - `SchemaHTTP` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `created?: string` Date the test was created, in RFC 3339 format. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. - `updated?: string` Date the test was last updated, in RFC 3339 format. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const schemaHTTP of client.zeroTrust.devices.dexTests.list({ account_id: '01a7362d577a6c3019a474fd6f485823', })) { console.log(schemaHTTP.test_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": [ { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "created": "2023-10-11T00:00:00Z", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59", "updated": "2023-10-11T00:00:00Z" } ] } ``` ## Get Device DEX test `client.zeroTrust.devices.dexTests.get(stringdexTestID, DEXTestGetParamsparams, RequestOptionsoptions?): SchemaHTTP` **get** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Fetch a single DEX test. ### Parameters - `dexTestID: string` The unique identifier for the test. - `params: DEXTestGetParams` - `account_id: string` Unique identifier linked to an account. ### Returns - `SchemaHTTP` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `created?: string` Date the test was created, in RFC 3339 format. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. - `updated?: string` Date the test was last updated, in RFC 3339 format. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const schemaHTTP = await client.zeroTrust.devices.dexTests.get('372e67954025e0ba6aaa6d586b9e0b59', { account_id: '01a7362d577a6c3019a474fd6f485823', }); console.log(schemaHTTP.test_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "created": "2023-10-11T00:00:00Z", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59", "updated": "2023-10-11T00:00:00Z" } } ``` ## Create Device DEX test `client.zeroTrust.devices.dexTests.create(DEXTestCreateParamsparams, RequestOptionsoptions?): SchemaHTTP` **post** `/accounts/{account_id}/dex/devices/dex_tests` Create a DEX test. ### Parameters - `params: DEXTestCreateParams` - `account_id: string` Path param: Unique identifier linked to an account. - `data: SchemaData` Body param: The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Body param: Determines whether or not the test is active. - `interval: string` Body param: How often the test will run. - `name: string` Body param: The name of the DEX test. Must be unique. - `description?: string` Body param: Additional details about the test. - `target_policies?: Array` Body param: DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` Body param ### Returns - `SchemaHTTP` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `created?: string` Date the test was created, in RFC 3339 format. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. - `updated?: string` Date the test was last updated, in RFC 3339 format. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const schemaHTTP = await client.zeroTrust.devices.dexTests.create({ account_id: '01a7362d577a6c3019a474fd6f485823', data: { host: 'https://dash.cloudflare.com', kind: 'http' }, enabled: true, interval: '30m', name: 'HTTP dash health check', }); console.log(schemaHTTP.test_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "created": "2023-10-11T00:00:00Z", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59", "updated": "2023-10-11T00:00:00Z" } } ``` ## Update Device DEX test `client.zeroTrust.devices.dexTests.update(stringdexTestID, DEXTestUpdateParamsparams, RequestOptionsoptions?): SchemaHTTP` **put** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Update a DEX test. ### Parameters - `dexTestID: string` API Resource UUID tag. - `params: DEXTestUpdateParams` - `account_id: string` Path param: Unique identifier linked to an account. - `data: SchemaData` Body param: The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Body param: Determines whether or not the test is active. - `interval: string` Body param: How often the test will run. - `name: string` Body param: The name of the DEX test. Must be unique. - `description?: string` Body param: Additional details about the test. - `target_policies?: Array` Body param: DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` Body param ### Returns - `SchemaHTTP` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `created?: string` Date the test was created, in RFC 3339 format. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. - `updated?: string` Date the test was last updated, in RFC 3339 format. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const schemaHTTP = await client.zeroTrust.devices.dexTests.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '01a7362d577a6c3019a474fd6f485823', data: { host: 'https://dash.cloudflare.com', kind: 'http' }, enabled: true, interval: '30m', name: 'HTTP dash health check', }, ); console.log(schemaHTTP.test_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "created": "2023-10-11T00:00:00Z", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59", "updated": "2023-10-11T00:00:00Z" } } ``` ## Delete Device DEX test `client.zeroTrust.devices.dexTests.delete(stringdexTestID, DEXTestDeleteParamsparams, RequestOptionsoptions?): DEXTestDeleteResponse` **delete** `/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}` Delete a Device DEX test. Returns the remaining device dex tests for the account. ### Parameters - `dexTestID: string` API Resource UUID tag. - `params: DEXTestDeleteParams` - `account_id: string` Unique identifier linked to an account. ### Returns - `DEXTestDeleteResponse` - `dex_tests?: Array` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `created?: string` Date the test was created, in RFC 3339 format. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. - `updated?: string` Date the test was last updated, in RFC 3339 format. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted }); const dexTest = await client.zeroTrust.devices.dexTests.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '01a7362d577a6c3019a474fd6f485823' }, ); console.log(dexTest.dex_tests); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "dex_tests": [ { "data": { "host": "https://dash.cloudflare.com", "kind": "http", "method": "GET" }, "enabled": true, "interval": "30m", "name": "HTTP dash health check", "created": "2023-10-11T00:00:00Z", "description": "Checks the dash endpoint every 30 minutes", "target_policies": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "default": true, "name": "name" } ], "targeted": true, "test_id": "372e67954025e0ba6aaa6d586b9e0b59", "updated": "2023-10-11T00:00:00Z" } ] } } ``` ## Domain Types ### Schema Data - `SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` ### Schema HTTP - `SchemaHTTP` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `created?: string` Date the test was created, in RFC 3339 format. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. - `updated?: string` Date the test was last updated, in RFC 3339 format. ### DEX Test Delete Response - `DEXTestDeleteResponse` - `dex_tests?: Array` - `data: SchemaData` The configuration object which contains the details for the WARP client to conduct the test. - `host: string` The desired endpoint to test. - `kind: "http" | "traceroute"` The type of test. - `"http"` - `"traceroute"` - `method?: "GET"` The HTTP request method type. - `"GET"` - `enabled: boolean` Determines whether or not the test is active. - `interval: string` How often the test will run. - `name: string` The name of the DEX test. Must be unique. - `created?: string` Date the test was created, in RFC 3339 format. - `description?: string` Additional details about the test. - `target_policies?: Array` DEX rules targeted by this test - `id: string` The id of the DEX rule. - `default?: boolean` Whether the DEX rule is the account default. - `name?: string` The name of the DEX rule. - `targeted?: boolean` - `test_id?: string` The unique identifier for the test. - `updated?: string` Date the test was last updated, in RFC 3339 format. # IP Profiles ## List IP profiles `client.zeroTrust.devices.ipProfiles.list(IPProfileListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/devices/ip-profiles` Lists WARP Device IP profiles. ### Parameters - `params: IPProfileListParams` - `account_id: string` Path param - `page?: number` Query param: The page number to return. - `per_page?: number` Query param: The number of IP profiles to return per page. ### Returns - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const ipProfile of client.zeroTrust.devices.ipProfiles.list({ account_id: 'account_id', })) { console.log(ipProfile.id); } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 10, "total_count": 10, "total_pages": 1 } } ``` ## Get IP profile `client.zeroTrust.devices.ipProfiles.get(stringprofileID, IPProfileGetParamsparams, RequestOptionsoptions?): IPProfile` **get** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Fetches a single WARP Device IP profile. ### Parameters - `profileID: string` - `params: IPProfileGetParams` - `account_id: string` ### Returns - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ipProfile = await client.zeroTrust.devices.ipProfiles.get('profile_id', { account_id: 'account_id', }); console.log(ipProfile.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Create IP profile `client.zeroTrust.devices.ipProfiles.create(IPProfileCreateParamsparams, RequestOptionsoptions?): IPProfile` **post** `/accounts/{account_id}/devices/ip-profiles` Creates a WARP Device IP profile. Currently, only IPv4 Device subnets can be associated. ### Parameters - `params: IPProfileCreateParams` - `account_id: string` Path param - `match: string` Body param: The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` Body param: A user-friendly name for the Device IP profile. - `precedence: number` Body param: The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` Body param: The ID of the Subnet. - `description?: string | null` Body param: An optional description of the Device IP profile. - `enabled?: boolean` Body param: Whether the Device IP profile will be applied to matching devices. ### Returns - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ipProfile = await client.zeroTrust.devices.ipProfiles.create({ account_id: 'account_id', match: 'identity.email == "test@cloudflare.com"', name: 'IPv4 Cloudflare Source IPs', precedence: 100, subnet_id: 'b70ff985-a4ef-4643-bbbc-4a0ed4fc8415', }); console.log(ipProfile.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Update IP profile `client.zeroTrust.devices.ipProfiles.update(stringprofileID, IPProfileUpdateParamsparams, RequestOptionsoptions?): IPProfile` **patch** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Updates a WARP Device IP profile. Currently, only IPv4 Device subnets can be associated. ### Parameters - `profileID: string` - `params: IPProfileUpdateParams` - `account_id: string` Path param - `description?: string` Body param: An optional description of the Device IP profile. - `enabled?: boolean` Body param: Whether the Device IP profile is enabled. - `match?: string` Body param: The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name?: string` Body param: A user-friendly name for the Device IP profile. - `precedence?: number` Body param: The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id?: string` Body param: The ID of the Subnet. ### Returns - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ipProfile = await client.zeroTrust.devices.ipProfiles.update('profile_id', { account_id: 'account_id', }); console.log(ipProfile.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "created_at": "2025-02-14T13:17:00.123456789Z", "description": "example comment", "enabled": true, "match": "identity.email == \"test@cloudflare.com\"", "name": "IPv4 Cloudflare Source IPs", "precedence": 100, "subnet_id": "b70ff985-a4ef-4643-bbbc-4a0ed4fc8415", "updated_at": "2025-02-14T13:17:00.123456789Z" }, "success": true } ``` ## Delete IP profile `client.zeroTrust.devices.ipProfiles.delete(stringprofileID, IPProfileDeleteParamsparams, RequestOptionsoptions?): IPProfileDeleteResponse` **delete** `/accounts/{account_id}/devices/ip-profiles/{profile_id}` Delete a WARP Device IP profile. ### Parameters - `profileID: string` - `params: IPProfileDeleteParams` - `account_id: string` ### Returns - `IPProfileDeleteResponse` - `id?: string` ID of the deleted Device IP profile. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const ipProfile = await client.zeroTrust.devices.ipProfiles.delete('profile_id', { account_id: 'account_id', }); console.log(ipProfile.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### IP Profile - `IPProfile` - `id: string` The ID of the Device IP profile. - `created_at: string` The RFC3339Nano timestamp when the Device IP profile was created. - `description: string | null` An optional description of the Device IP profile. - `enabled: boolean` Whether the Device IP profile is enabled. - `match: string` The wirefilter expression to match registrations. Available values: "identity.name", "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.saml_attributes". - `name: string` A user-friendly name for the Device IP profile. - `precedence: number` The precedence of the Device IP profile. Lower values indicate higher precedence. Device IP profile will be evaluated in ascending order of this field. - `subnet_id: string` The ID of the Subnet. - `updated_at: string` The RFC3339Nano timestamp when the Device IP profile was last updated. ### IP Profile Delete Response - `IPProfileDeleteResponse` - `id?: string` ID of the deleted Device IP profile. # Deployment Groups ## List deployment groups `client.zeroTrust.devices.deploymentGroups.list(DeploymentGroupListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/accounts/{account_id}/devices/deployment-groups` Lists all deployment groups for an account. Use deployment groups to assign target WARP client versions to specific devices. This endpoint is in Beta. ### Parameters - `params: DeploymentGroupListParams` - `account_id: string` Path param - `page?: number` Query param: The page number to return. - `per_page?: number` Query param: The maximum number of deployment groups to return per page. ### Returns - `DeploymentGroup` - `id: string` The ID of the deployment group. - `created_at: string` The RFC3339Nano timestamp when the deployment group was created. - `name: string` A user-friendly name for the deployment group. - `updated_at: string` The RFC3339Nano timestamp when the deployment group was last updated. - `version_config: Array` Contains version configurations for different target environments. - `target_environment: string | null` The target environment for the client version (e.g., windows, macos). - `version: string` The specific client version to deploy. - `policy_ids?: Array | null` Contains a list of policy IDs assigned to this deployment group. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const deploymentGroup of client.zeroTrust.devices.deploymentGroups.list({ account_id: 'account_id', })) { console.log(deploymentGroup.id); } ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": [ { "id": "550e8400-e29b-41d4-a716-446655440000", "created_at": "2026-02-14T13:17:00.123456789Z", "name": "Engineering Ring 0", "updated_at": "2026-02-14T13:17:00.123456789Z", "version_config": [ { "target_environment": "windows", "version": "2026.6.234.0" } ], "policy_ids": [ "policy-uuid-1", "policy-uuid-2" ] } ], "result_info": { "count": 1, "page": 1, "per_page": 10, "total_count": 10, "total_pages": 1 }, "success": true } ``` ## Get deployment group `client.zeroTrust.devices.deploymentGroups.get(stringgroupID, DeploymentGroupGetParamsparams, RequestOptionsoptions?): DeploymentGroup` **get** `/accounts/{account_id}/devices/deployment-groups/{group_id}` Fetches a single deployment group by its ID. This endpoint is in Beta. ### Parameters - `groupID: string` - `params: DeploymentGroupGetParams` - `account_id: string` ### Returns - `DeploymentGroup` - `id: string` The ID of the deployment group. - `created_at: string` The RFC3339Nano timestamp when the deployment group was created. - `name: string` A user-friendly name for the deployment group. - `updated_at: string` The RFC3339Nano timestamp when the deployment group was last updated. - `version_config: Array` Contains version configurations for different target environments. - `target_environment: string | null` The target environment for the client version (e.g., windows, macos). - `version: string` The specific client version to deploy. - `policy_ids?: Array | null` Contains a list of policy IDs assigned to this deployment group. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deploymentGroup = await client.zeroTrust.devices.deploymentGroups.get('group_id', { account_id: 'account_id', }); console.log(deploymentGroup.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "550e8400-e29b-41d4-a716-446655440000", "created_at": "2026-02-14T13:17:00.123456789Z", "name": "Engineering Ring 0", "updated_at": "2026-02-14T13:17:00.123456789Z", "version_config": [ { "target_environment": "windows", "version": "2026.6.234.0" } ], "policy_ids": [ "policy-uuid-1", "policy-uuid-2" ] }, "success": true } ``` ## Create deployment group `client.zeroTrust.devices.deploymentGroups.create(DeploymentGroupCreateParamsparams, RequestOptionsoptions?): DeploymentGroup` **post** `/accounts/{account_id}/devices/deployment-groups` Creates a new deployment group. Policy IDs must be unique across all deployment groups. This endpoint is in Beta. ### Parameters - `params: DeploymentGroupCreateParams` - `account_id: string` Path param - `name: string` Body param: A user-friendly name for the deployment group. - `version_config: Array` Body param: Contains at least one version configuration. - `target_environment: string | null` The target environment for the client version (e.g., windows, macos). - `version: string` The specific client version to deploy. - `policy_ids?: Array` Body param: Contains an optional list of policy IDs assigned to a group. ### Returns - `DeploymentGroup` - `id: string` The ID of the deployment group. - `created_at: string` The RFC3339Nano timestamp when the deployment group was created. - `name: string` A user-friendly name for the deployment group. - `updated_at: string` The RFC3339Nano timestamp when the deployment group was last updated. - `version_config: Array` Contains version configurations for different target environments. - `target_environment: string | null` The target environment for the client version (e.g., windows, macos). - `version: string` The specific client version to deploy. - `policy_ids?: Array | null` Contains a list of policy IDs assigned to this deployment group. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deploymentGroup = await client.zeroTrust.devices.deploymentGroups.create({ account_id: 'account_id', name: 'Engineering Ring 0', version_config: [{ target_environment: 'windows', version: '2026.6.234.0' }], }); console.log(deploymentGroup.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "550e8400-e29b-41d4-a716-446655440000", "created_at": "2026-02-14T13:17:00.123456789Z", "name": "Engineering Ring 0", "updated_at": "2026-02-14T13:17:00.123456789Z", "version_config": [ { "target_environment": "windows", "version": "2026.6.234.0" } ], "policy_ids": [ "policy-uuid-1", "policy-uuid-2" ] }, "success": true } ``` ## Update deployment group `client.zeroTrust.devices.deploymentGroups.edit(stringgroupID, DeploymentGroupEditParamsparams, RequestOptionsoptions?): DeploymentGroup` **patch** `/accounts/{account_id}/devices/deployment-groups/{group_id}` Updates a deployment group. Returns 409 if any newly added policy IDs already belong to another deployment group. This endpoint is in Beta. ### Parameters - `groupID: string` - `params: DeploymentGroupEditParams` - `account_id: string` Path param - `name?: string` Body param: A user-friendly name for the deployment group. - `policy_ids?: Array` Body param: Replaces the entire list of policy IDs. - `version_config?: Array` Body param: Replaces the entire version_config array. - `target_environment: string | null` The target environment for the client version (e.g., windows, macos). - `version: string` The specific client version to deploy. ### Returns - `DeploymentGroup` - `id: string` The ID of the deployment group. - `created_at: string` The RFC3339Nano timestamp when the deployment group was created. - `name: string` A user-friendly name for the deployment group. - `updated_at: string` The RFC3339Nano timestamp when the deployment group was last updated. - `version_config: Array` Contains version configurations for different target environments. - `target_environment: string | null` The target environment for the client version (e.g., windows, macos). - `version: string` The specific client version to deploy. - `policy_ids?: Array | null` Contains a list of policy IDs assigned to this deployment group. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deploymentGroup = await client.zeroTrust.devices.deploymentGroups.edit('group_id', { account_id: 'account_id', }); console.log(deploymentGroup.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "550e8400-e29b-41d4-a716-446655440000", "created_at": "2026-02-14T13:17:00.123456789Z", "name": "Engineering Ring 0", "updated_at": "2026-02-14T13:17:00.123456789Z", "version_config": [ { "target_environment": "windows", "version": "2026.6.234.0" } ], "policy_ids": [ "policy-uuid-1", "policy-uuid-2" ] }, "success": true } ``` ## Delete deployment group `client.zeroTrust.devices.deploymentGroups.delete(stringgroupID, DeploymentGroupDeleteParamsparams, RequestOptionsoptions?): DeploymentGroupDeleteResponse` **delete** `/accounts/{account_id}/devices/deployment-groups/{group_id}` Deletes a deployment group. Associated policies no longer apply and devices stop receiving version targets. This endpoint is in Beta. ### Parameters - `groupID: string` - `params: DeploymentGroupDeleteParams` - `account_id: string` ### Returns - `DeploymentGroupDeleteResponse` - `id?: string` The ID of a deleted deployment group. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deploymentGroup = await client.zeroTrust.devices.deploymentGroups.delete('group_id', { account_id: 'account_id', }); console.log(deploymentGroup.id); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "id": "550e8400-e29b-41d4-a716-446655440000" }, "success": true } ``` ## Domain Types ### Deployment Group - `DeploymentGroup` - `id: string` The ID of the deployment group. - `created_at: string` The RFC3339Nano timestamp when the deployment group was created. - `name: string` A user-friendly name for the deployment group. - `updated_at: string` The RFC3339Nano timestamp when the deployment group was last updated. - `version_config: Array` Contains version configurations for different target environments. - `target_environment: string | null` The target environment for the client version (e.g., windows, macos). - `version: string` The specific client version to deploy. - `policy_ids?: Array | null` Contains a list of policy IDs assigned to this deployment group. ### Deployment Group Delete Response - `DeploymentGroupDeleteResponse` - `id?: string` The ID of a deleted deployment group. # Networks ## List your device managed networks `client.zeroTrust.devices.networks.list(NetworkListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/networks` Fetches a list of managed networks for an account. ### Parameters - `params: NetworkListParams` - `account_id: string` ### Returns - `DeviceNetwork` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const deviceNetwork of client.zeroTrust.devices.networks.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(deviceNetwork.network_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device managed network details `client.zeroTrust.devices.networks.get(stringnetworkID, NetworkGetParamsparams, RequestOptionsoptions?): DeviceNetwork | null` **get** `/accounts/{account_id}/devices/networks/{network_id}` Fetches details for a single managed network. ### Parameters - `networkID: string` API UUID. - `params: NetworkGetParams` - `account_id: string` ### Returns - `DeviceNetwork | null` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceNetwork = await client.zeroTrust.devices.networks.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(deviceNetwork.network_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Create a device managed network `client.zeroTrust.devices.networks.create(NetworkCreateParamsparams, RequestOptionsoptions?): DeviceNetwork | null` **post** `/accounts/{account_id}/devices/networks` Creates a new device managed network. ### Parameters - `params: NetworkCreateParams` - `account_id: string` Path param - `config: Config` Body param: The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name: string` Body param: The name of the device managed network. This name must be unique. - `type: "tls"` Body param: The type of device managed network. - `"tls"` ### Returns - `DeviceNetwork | null` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceNetwork = await client.zeroTrust.devices.networks.create({ account_id: '699d98642c564d2e855e9661899b7252', config: { tls_sockaddr: 'foo.bar:1234' }, name: 'managed-network-1', type: 'tls', }); console.log(deviceNetwork.network_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Update a device managed network `client.zeroTrust.devices.networks.update(stringnetworkID, NetworkUpdateParamsparams, RequestOptionsoptions?): DeviceNetwork | null` **put** `/accounts/{account_id}/devices/networks/{network_id}` Updates a configured device managed network. ### Parameters - `networkID: string` API UUID. - `params: NetworkUpdateParams` - `account_id: string` Path param - `config?: Config` Body param: The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` Body param: The name of the device managed network. This name must be unique. - `type?: "tls"` Body param: The type of device managed network. - `"tls"` ### Returns - `DeviceNetwork | null` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceNetwork = await client.zeroTrust.devices.networks.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(deviceNetwork.network_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" }, "success": true } ``` ## Delete a device managed network `client.zeroTrust.devices.networks.delete(stringnetworkID, NetworkDeleteParamsparams, RequestOptionsoptions?): SinglePage` **delete** `/accounts/{account_id}/devices/networks/{network_id}` Deletes a device managed network and fetches a list of the remaining device managed networks for an account. ### Parameters - `networkID: string` API UUID. - `params: NetworkDeleteParams` - `account_id: string` ### Returns - `DeviceNetwork` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const deviceNetwork of client.zeroTrust.devices.networks.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(deviceNetwork.network_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "config": { "tls_sockaddr": "foo.bar:1234", "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c" }, "name": "managed-network-1", "network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "type": "tls" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Device Network - `DeviceNetwork` - `config?: Config` The configuration object containing information for the WARP client to detect the managed network. - `tls_sockaddr: string` A network address of the form "host:port" that the WARP client will use to detect the presence of a TLS host. - `sha256?: string` The SHA-256 hash of the TLS certificate presented by the host found at tls_sockaddr. If absent, regular certificate verification (trusted roots, valid timestamp, etc) will be used to validate the certificate. - `name?: string` The name of the device managed network. This name must be unique. - `network_id?: string` API UUID. - `type?: "tls"` The type of device managed network. - `"tls"` # Fleet Status ## Get the latest status of a device. `client.zeroTrust.devices.fleetStatus.get(stringdeviceID, FleetStatusGetParamsparams, RequestOptionsoptions?): FleetStatusGetResponse` **get** `/accounts/{account_id}/dex/devices/{device_id}/fleet-status/live` Get the latest status of a device given device_id from the device_state table. ### Parameters - `deviceID: string` Unique identifier for the physical device (UUID). - `params: FleetStatusGetParams` - `account_id: string` Path param: Unique identifier linked to an account. - `since_minutes: number` Query param: Number of minutes before current time. - `colo?: string` Query param: List of data centers to filter results. - `time_now?: string` Query param: Current time in ISO format. ### Returns - `FleetStatusGetResponse` - `colo: string` Cloudflare colo airport code. - `deviceId: string` Device identifier (UUID v4) - `mode: string` The mode under which the WARP client is run. - `platform: string` Operating system. - `status: string` Network status. - `timestamp: string` - `version: string` WARP client version. - `alwaysOn?: boolean | null` - `batteryCharging?: boolean | null` - `batteryCycles?: number | null` - `batteryPct?: number | null` - `connectionType?: string | null` - `cpuPct?: number | null` - `cpuPctByApp?: Array | null` - `cpu_pct?: number | null` CPU usage percentage, on a scale of 0 to 100. - `name?: string | null` Application name. - `deviceIpv4?: DeviceIPV4 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `deviceIpv6?: DeviceIPV6 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `deviceName?: string` Device identifier (human readable). - `deviceRegistration?: string | null` Deprecated: use registrationId. Device registration identifier (UUID). - `diskReadBps?: number | null` - `diskUsagePct?: number | null` - `diskWriteBps?: number | null` - `dohSubdomain?: string | null` - `estimatedLossPct?: number | null` - `firewallEnabled?: boolean | null` - `gatewayIpv4?: GatewayIPV4 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `gatewayIpv6?: GatewayIPV6 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `handshakeLatencyMs?: number | null` - `ispIpv4?: ISPIPV4 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `ispIpv6?: ISPIPV6 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `metal?: string | null` - `networkRcvdBps?: number | null` - `networkSentBps?: number | null` - `networkSsid?: string | null` - `personEmail?: string` User contact email address - `ramAvailableKb?: number | null` - `ramUsedPct?: number | null` - `ramUsedPctByApp?: Array | null` - `name?: string | null` Application name. - `ram_used_pct?: number | null` RAM usage percentage, on a scale of 0 to 100. - `registrationId?: string | null` Device registration identifier (UUID v4). On multi-user devices, this uniquely identifies a user's registration on the device. - `rtt?: RTT | null` Round-trip time statistics for the WARP tunnel. - `minRttUs?: MinRTTUs | null` Minimum round-trip time in microseconds. - `downstream?: number | null` - `upstream?: number | null` - `rttUs?: RTTUs | null` Round-trip time in microseconds. - `downstream?: number | null` - `upstream?: number | null` - `rttVarUs?: RTTVarUs | null` Round-trip time variance in microseconds. - `downstream?: number | null` - `upstream?: number | null` - `switchLocked?: boolean | null` - `tunnelStats?: TunnelStats | null` WARP tunnel packet and byte counters. - `bytesLost?: BytesLost | null` Number of bytes lost, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `bytesReceived?: BytesReceived | null` Number of bytes received, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `bytesRetransmitted?: BytesRetransmitted | null` Number of bytes retransmitted, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `bytesSent?: BytesSent | null` Number of bytes sent, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `packetsLost?: PacketsLost | null` Number of packets lost, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `packetsReceived?: PacketsReceived | null` Number of packets received, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `packetsRetransmitted?: PacketsRetransmitted | null` Number of packets retransmitted, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `packetsSent?: PacketsSent | null` Number of packets sent, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `statsWindowMs?: number | null` The measurement window duration in milliseconds. - `tunnelType?: string | null` - `wifiStrengthDbm?: number | null` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const fleetStatus = await client.zeroTrust.devices.fleetStatus.get( 'cb49c27f-7f97-49c5-b6f3-f7c01ead0fd7', { account_id: '01a7362d577a6c3019a474fd6f485823', since_minutes: 10 }, ); console.log(fleetStatus.networkSsid); ``` #### Response ```json { "colo": "SJC", "deviceId": "deviceId", "mode": "proxy", "platform": "windows", "status": "connected", "timestamp": "2023-10-11 00:00:00+00", "version": "1.0.0", "alwaysOn": true, "batteryCharging": true, "batteryCycles": 0, "batteryPct": 0, "connectionType": "connectionType", "cpuPct": 0, "cpuPctByApp": [ { "cpu_pct": 0, "name": "name" } ], "deviceIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "name": "name", "netmask": "netmask", "version": 1 }, "deviceIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "name": "name", "netmask": "netmask", "version": 1 }, "deviceName": "deviceName", "deviceRegistration": "deviceRegistration", "diskReadBps": 0, "diskUsagePct": 0, "diskWriteBps": 0, "dohSubdomain": "dohSubdomain", "estimatedLossPct": 0, "firewallEnabled": true, "gatewayIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "name": "name", "netmask": "netmask", "version": 1 }, "gatewayIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "name": "name", "netmask": "netmask", "version": 1 }, "handshakeLatencyMs": 0, "ispIpv4": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "name": "name", "netmask": "netmask", "version": 1 }, "ispIpv6": { "address": "address", "asn": 0, "aso": "aso", "location": { "city": "city", "country_iso": "country_iso", "state_iso": "state_iso", "zip": "zip" }, "name": "name", "netmask": "netmask", "version": 1 }, "metal": "metal", "networkRcvdBps": 0, "networkSentBps": 0, "networkSsid": "networkSsid", "personEmail": "personEmail", "ramAvailableKb": 0, "ramUsedPct": 0, "ramUsedPctByApp": [ { "name": "name", "ram_used_pct": 0 } ], "registrationId": "registrationId", "rtt": { "minRttUs": { "downstream": 0, "upstream": 0 }, "rttUs": { "downstream": 0, "upstream": 0 }, "rttVarUs": { "downstream": 0, "upstream": 0 } }, "switchLocked": true, "tunnelStats": { "bytesLost": { "downstream": 0, "upstream": 0 }, "bytesReceived": { "downstream": 0, "upstream": 0 }, "bytesRetransmitted": { "downstream": 0, "upstream": 0 }, "bytesSent": { "downstream": 0, "upstream": 0 }, "packetsLost": { "downstream": 0, "upstream": 0 }, "packetsReceived": { "downstream": 0, "upstream": 0 }, "packetsRetransmitted": { "downstream": 0, "upstream": 0 }, "packetsSent": { "downstream": 0, "upstream": 0 }, "statsWindowMs": 0 }, "tunnelType": "tunnelType", "wifiStrengthDbm": 0 } ``` ## Domain Types ### Fleet Status Get Response - `FleetStatusGetResponse` - `colo: string` Cloudflare colo airport code. - `deviceId: string` Device identifier (UUID v4) - `mode: string` The mode under which the WARP client is run. - `platform: string` Operating system. - `status: string` Network status. - `timestamp: string` - `version: string` WARP client version. - `alwaysOn?: boolean | null` - `batteryCharging?: boolean | null` - `batteryCycles?: number | null` - `batteryPct?: number | null` - `connectionType?: string | null` - `cpuPct?: number | null` - `cpuPctByApp?: Array | null` - `cpu_pct?: number | null` CPU usage percentage, on a scale of 0 to 100. - `name?: string | null` Application name. - `deviceIpv4?: DeviceIPV4 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `deviceIpv6?: DeviceIPV6 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `deviceName?: string` Device identifier (human readable). - `deviceRegistration?: string | null` Deprecated: use registrationId. Device registration identifier (UUID). - `diskReadBps?: number | null` - `diskUsagePct?: number | null` - `diskWriteBps?: number | null` - `dohSubdomain?: string | null` - `estimatedLossPct?: number | null` - `firewallEnabled?: boolean | null` - `gatewayIpv4?: GatewayIPV4 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `gatewayIpv6?: GatewayIPV6 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `handshakeLatencyMs?: number | null` - `ispIpv4?: ISPIPV4 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `ispIpv6?: ISPIPV6 | null` - `address?: string | null` - `asn?: number | null` - `aso?: string | null` - `location?: Location` - `city?: string | null` - `country_iso?: string | null` - `state_iso?: string | null` - `zip?: string | null` - `name?: string | null` - `netmask?: string | null` - `version?: number` IP version (`1` for IPv4, `2` for IPv6, `0` if unknown). - `metal?: string | null` - `networkRcvdBps?: number | null` - `networkSentBps?: number | null` - `networkSsid?: string | null` - `personEmail?: string` User contact email address - `ramAvailableKb?: number | null` - `ramUsedPct?: number | null` - `ramUsedPctByApp?: Array | null` - `name?: string | null` Application name. - `ram_used_pct?: number | null` RAM usage percentage, on a scale of 0 to 100. - `registrationId?: string | null` Device registration identifier (UUID v4). On multi-user devices, this uniquely identifies a user's registration on the device. - `rtt?: RTT | null` Round-trip time statistics for the WARP tunnel. - `minRttUs?: MinRTTUs | null` Minimum round-trip time in microseconds. - `downstream?: number | null` - `upstream?: number | null` - `rttUs?: RTTUs | null` Round-trip time in microseconds. - `downstream?: number | null` - `upstream?: number | null` - `rttVarUs?: RTTVarUs | null` Round-trip time variance in microseconds. - `downstream?: number | null` - `upstream?: number | null` - `switchLocked?: boolean | null` - `tunnelStats?: TunnelStats | null` WARP tunnel packet and byte counters. - `bytesLost?: BytesLost | null` Number of bytes lost, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `bytesReceived?: BytesReceived | null` Number of bytes received, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `bytesRetransmitted?: BytesRetransmitted | null` Number of bytes retransmitted, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `bytesSent?: BytesSent | null` Number of bytes sent, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `packetsLost?: PacketsLost | null` Number of packets lost, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `packetsReceived?: PacketsReceived | null` Number of packets received, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `packetsRetransmitted?: PacketsRetransmitted | null` Number of packets retransmitted, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `packetsSent?: PacketsSent | null` Number of packets sent, split by direction. - `downstream?: number | null` - `upstream?: number | null` - `statsWindowMs?: number | null` The measurement window duration in milliseconds. - `tunnelType?: string | null` - `wifiStrengthDbm?: number | null` # Policies ## Domain Types ### Device Policy Certificates - `DevicePolicyCertificates` - `enabled: boolean` The current status of the device policy certificate provisioning feature for WARP clients. ### Fallback Domain - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Fallback Domain Policy - `FallbackDomainPolicy = Array | null` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Settings Policy - `SettingsPolicy` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Split Tunnel Exclude - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Split Tunnel Include - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. # Default ## Get the default device settings profile `client.zeroTrust.devices.policies.default.get(DefaultGetParamsparams, RequestOptionsoptions?): DefaultGetResponse | null` **get** `/accounts/{account_id}/devices/policy` Fetches the default device settings profile for an account. ### Parameters - `params: DefaultGetParams` - `account_id: string` ### Returns - `DefaultGetResponse` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy will be applied to matching devices. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `policy_id?: string` - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const _default = await client.zeroTrust.devices.policies.default.get({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(_default.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": true, "disable_auto_fallback": true, "dns_search_suffixes": [ { "suffix": "internal.corp", "description": "Example internal domains" } ], "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "global_acceleration": { "api_endpoints": [ "198.51.100.1:443" ], "enabled": true, "masque_endpoints": [ "198.51.100.1:443" ], "wireguard_endpoints": [ "198.51.100.1:2408" ] }, "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "tunnel_protocol": "wireguard", "virtual_networks": { "allowed": [ "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" ], "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } }, "success": true } ``` ## Update the default device settings profile `client.zeroTrust.devices.policies.default.edit(DefaultEditParamsparams, RequestOptionsoptions?): DefaultEditResponse | null` **patch** `/accounts/{account_id}/devices/policy` Updates the default device settings profile for an account. ### Parameters - `params: DefaultEditParams` - `account_id: string` Path param - `allow_mode_switch?: boolean` Body param: Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Body param: Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Body param: Whether to allow devices to leave the organization. - `auto_connect?: number` Body param: The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Body param: Turn on the captive portal after the specified amount of time. - `disable_auto_fallback?: boolean` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` Body param: List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `exclude?: Array` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `global_acceleration?: GlobalAcceleration | null` Body param: Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `register_interface_ip_with_dns?: boolean` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` Body param - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` Body param: The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Body param: Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Body param: Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Returns - `DefaultEditResponse` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy will be applied to matching devices. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `policy_id?: string` - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.zeroTrust.devices.policies.default.edit({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(response.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": true, "disable_auto_fallback": true, "dns_search_suffixes": [ { "suffix": "internal.corp", "description": "Example internal domains" } ], "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "global_acceleration": { "api_endpoints": [ "198.51.100.1:443" ], "enabled": true, "masque_endpoints": [ "198.51.100.1:443" ], "wireguard_endpoints": [ "198.51.100.1:2408" ] }, "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "tunnel_protocol": "wireguard", "virtual_networks": { "allowed": [ "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" ], "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } }, "success": true } ``` ## Domain Types ### Default Get Response - `DefaultGetResponse` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy will be applied to matching devices. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `policy_id?: string` - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Default Edit Response - `DefaultEditResponse` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy will be applied to matching devices. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `policy_id?: string` - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. # Excludes ## Get the Split Tunnel exclude list `client.zeroTrust.devices.policies.default.excludes.get(ExcludeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/exclude` Fetches the list of routes excluded from the WARP client's tunnel. ### Parameters - `params: ExcludeGetParams` - `account_id: string` ### Returns - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelExclude of client.zeroTrust.devices.policies.default.excludes.get({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(splitTunnelExclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel exclude list `client.zeroTrust.devices.policies.default.excludes.update(ExcludeUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/exclude` Sets the list of routes excluded from the WARP client's tunnel. ### Parameters - `params: ExcludeUpdateParams` - `account_id: string` Path param - `body: Array` Body param - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelExclude of client.zeroTrust.devices.policies.default.excludes.update({ account_id: '699d98642c564d2e855e9661899b7252', body: [{ address: '192.0.2.0/24' }], })) { console.log(splitTunnelExclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Includes ## Get the Split Tunnel include list `client.zeroTrust.devices.policies.default.includes.get(IncludeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/include` Fetches the list of routes included in the WARP client's tunnel. ### Parameters - `params: IncludeGetParams` - `account_id: string` ### Returns - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelInclude of client.zeroTrust.devices.policies.default.includes.get({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(splitTunnelInclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel include list `client.zeroTrust.devices.policies.default.includes.update(IncludeUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/include` Sets the list of routes included in the WARP client's tunnel. ### Parameters - `params: IncludeUpdateParams` - `account_id: string` Path param - `body: Array` Body param - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelInclude of client.zeroTrust.devices.policies.default.includes.update({ account_id: '699d98642c564d2e855e9661899b7252', body: [{ address: '192.0.2.0/24' }], })) { console.log(splitTunnelInclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Fallback Domains ## Get your Local Domain Fallback list `client.zeroTrust.devices.policies.default.fallbackDomains.get(FallbackDomainGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/fallback_domains` Fetches a list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. ### Parameters - `params: FallbackDomainGetParams` - `account_id: string` ### Returns - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const fallbackDomain of client.zeroTrust.devices.policies.default.fallbackDomains.get({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(fallbackDomain.suffix); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set your Local Domain Fallback list `client.zeroTrust.devices.policies.default.fallbackDomains.update(FallbackDomainUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/fallback_domains` Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. ### Parameters - `params: FallbackDomainUpdateParams` - `account_id: string` Path param - `domains: Array` Body param - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Returns - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const fallbackDomain of client.zeroTrust.devices.policies.default.fallbackDomains.update( { account_id: '699d98642c564d2e855e9661899b7252', domains: [{ suffix: 'example.com' }] }, )) { console.log(fallbackDomain.suffix); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Certificates ## Get device certificate provisioning status `client.zeroTrust.devices.policies.default.certificates.get(CertificateGetParamsparams, RequestOptionsoptions?): DevicePolicyCertificates | null` **get** `/zones/{zone_id}/devices/policy/certificates` Fetches device certificate provisioning. ### Parameters - `params: CertificateGetParams` - `zone_id: string` ### Returns - `DevicePolicyCertificates | null` - `enabled: boolean` The current status of the device policy certificate provisioning feature for WARP clients. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePolicyCertificates = await client.zeroTrust.devices.policies.default.certificates.get({ zone_id: '699d98642c564d2e855e9661899b7252', }); console.log(devicePolicyCertificates.enabled); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "enabled": true }, "success": true } ``` ## Update device certificate provisioning status `client.zeroTrust.devices.policies.default.certificates.edit(CertificateEditParamsparams, RequestOptionsoptions?): DevicePolicyCertificates | null` **patch** `/zones/{zone_id}/devices/policy/certificates` Enable Zero Trust Clients to provision a certificate, containing a x509 subject, and referenced by Access device posture policies when the client visits MTLS protected domains. This facilitates device posture without a WARP session. ### Parameters - `params: CertificateEditParams` - `zone_id: string` Path param - `enabled: boolean` Body param: The current status of the device policy certificate provisioning feature for WARP clients. ### Returns - `DevicePolicyCertificates | null` - `enabled: boolean` The current status of the device policy certificate provisioning feature for WARP clients. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePolicyCertificates = await client.zeroTrust.devices.policies.default.certificates.edit({ zone_id: '699d98642c564d2e855e9661899b7252', enabled: true, }); console.log(devicePolicyCertificates.enabled); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "enabled": true }, "success": true } ``` # Custom ## List device settings profiles `client.zeroTrust.devices.policies.custom.list(CustomListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policies` Fetches a list of the device settings profiles for an account. ### Parameters - `params: CustomListParams` - `account_id: string` ### Returns - `SettingsPolicy` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const settingsPolicy of client.zeroTrust.devices.policies.custom.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(settingsPolicy.gateway_unique_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "dns_search_suffixes": [ { "suffix": "internal.corp", "description": "Example internal domains" } ], "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "global_acceleration": { "api_endpoints": [ "198.51.100.1:443" ], "enabled": true, "masque_endpoints": [ "198.51.100.1:443" ], "wireguard_endpoints": [ "198.51.100.1:2408" ] }, "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard", "virtual_networks": { "allowed": [ "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" ], "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device settings profile by ID `client.zeroTrust.devices.policies.custom.get(stringpolicyID, CustomGetParamsparams, RequestOptionsoptions?): SettingsPolicy | null` **get** `/accounts/{account_id}/devices/policy/{policy_id}` Fetches a device settings profile by ID. ### Parameters - `policyID: string` - `params: CustomGetParams` - `account_id: string` ### Returns - `SettingsPolicy | null` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const settingsPolicy = await client.zeroTrust.devices.policies.custom.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(settingsPolicy.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "dns_search_suffixes": [ { "suffix": "internal.corp", "description": "Example internal domains" } ], "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "global_acceleration": { "api_endpoints": [ "198.51.100.1:443" ], "enabled": true, "masque_endpoints": [ "198.51.100.1:443" ], "wireguard_endpoints": [ "198.51.100.1:2408" ] }, "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard", "virtual_networks": { "allowed": [ "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" ], "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } }, "success": true } ``` ## Create a device settings profile `client.zeroTrust.devices.policies.custom.create(CustomCreateParamsparams, RequestOptionsoptions?): SettingsPolicy | null` **post** `/accounts/{account_id}/devices/policy` Creates a device settings profile to be applied to certain devices matching the criteria. ### Parameters - `params: CustomCreateParams` - `account_id: string` Path param - `match: string` Body param: The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name: string` Body param: The name of the device settings profile. - `precedence: number` Body param: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `allow_mode_switch?: boolean` Body param: Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Body param: Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Body param: Whether to allow devices to leave the organization. - `auto_connect?: number` Body param: The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Body param: Turn on the captive portal after the specified amount of time. - `description?: string` Body param: A description of the policy. - `disable_auto_fallback?: boolean` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` Body param: List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Body param: Whether the policy will be applied to matching devices. - `exclude?: Array` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `global_acceleration?: GlobalAcceleration | null` Body param: Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `register_interface_ip_with_dns?: boolean` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` Body param - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` Body param: The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Body param: Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Body param: Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Returns - `SettingsPolicy | null` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const settingsPolicy = await client.zeroTrust.devices.policies.custom.create({ account_id: '699d98642c564d2e855e9661899b7252', match: 'identity.email == "test@cloudflare.com"', name: 'Allow Developers', precedence: 100, }); console.log(settingsPolicy.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "dns_search_suffixes": [ { "suffix": "internal.corp", "description": "Example internal domains" } ], "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "global_acceleration": { "api_endpoints": [ "198.51.100.1:443" ], "enabled": true, "masque_endpoints": [ "198.51.100.1:443" ], "wireguard_endpoints": [ "198.51.100.1:2408" ] }, "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard", "virtual_networks": { "allowed": [ "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" ], "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } }, "success": true } ``` ## Update a device settings profile `client.zeroTrust.devices.policies.custom.edit(stringpolicyID, CustomEditParamsparams, RequestOptionsoptions?): SettingsPolicy | null` **patch** `/accounts/{account_id}/devices/policy/{policy_id}` Updates a configured device settings profile. ### Parameters - `policyID: string` - `params: CustomEditParams` - `account_id: string` Path param - `allow_mode_switch?: boolean` Body param: Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Body param: Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Body param: Whether to allow devices to leave the organization. - `auto_connect?: number` Body param: The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Body param: Turn on the captive portal after the specified amount of time. - `description?: string` Body param: A description of the policy. - `disable_auto_fallback?: boolean` Body param: If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` Body param: List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Body param: Whether the policy will be applied to matching devices. - `exclude?: Array` Body param: List of routes excluded in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Body param: Whether to add Microsoft IPs to Split Tunnel exclusions. - `global_acceleration?: GlobalAcceleration | null` Body param: Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` Body param: List of routes included in the WARP client's tunnel. Both 'exclude' and 'include' cannot be set in the same request. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` Body param: The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` Body param: The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` Body param: The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` Body param: The name of the device settings profile. - `precedence?: number` Body param: The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Body param: Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Body param: Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` Body param - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` Body param: The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Body param: Whether to allow the user to turn off the WARP switch and disconnect the client. - `tunnel_protocol?: string` Body param: Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Body param: Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Returns - `SettingsPolicy | null` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const settingsPolicy = await client.zeroTrust.devices.policies.custom.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(settingsPolicy.gateway_unique_id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "dns_search_suffixes": [ { "suffix": "internal.corp", "description": "Example internal domains" } ], "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "global_acceleration": { "api_endpoints": [ "198.51.100.1:443" ], "enabled": true, "masque_endpoints": [ "198.51.100.1:443" ], "wireguard_endpoints": [ "198.51.100.1:2408" ] }, "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard", "virtual_networks": { "allowed": [ "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" ], "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } }, "success": true } ``` ## Delete a device settings profile `client.zeroTrust.devices.policies.custom.delete(stringpolicyID, CustomDeleteParamsparams, RequestOptionsoptions?): SinglePage` **delete** `/accounts/{account_id}/devices/policy/{policy_id}` Deletes a device settings profile and fetches a list of the remaining profiles for an account. ### Parameters - `policyID: string` - `params: CustomDeleteParams` - `account_id: string` ### Returns - `SettingsPolicy` - `allow_mode_switch?: boolean` Whether to allow the user to switch WARP between modes. - `allow_updates?: boolean` Whether to receive update notifications when a new version of the client is available. - `allowed_to_leave?: boolean` Whether to allow devices to leave the organization. - `auto_connect?: number` The amount of time in seconds to reconnect after having been disabled. - `captive_portal?: number` Turn on the captive portal after the specified amount of time. - `default?: boolean` Whether the policy is the default policy for an account. - `description?: string` A description of the policy. - `disable_auto_fallback?: boolean` If the `dns_server` field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to `true`. - `dns_search_suffixes?: Array` List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear. - `suffix: string` The DNS search suffix to append when resolving short hostnames. - `description?: string` A description of the DNS search suffix. - `enabled?: boolean` Whether the policy will be applied to matching devices. - `exclude?: Array` List of routes excluded in the WARP client's tunnel. - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `exclude_office_ips?: boolean` Whether to add Microsoft IPs to Split Tunnel exclusions. - `fallback_domains?: Array` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. - `gateway_unique_id?: string` - `global_acceleration?: GlobalAcceleration | null` Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/. - `api_endpoints: Array` IP:port entries for the API endpoints. - `enabled: boolean` Global acceleration settings are used only when "enabled". - `masque_endpoints: Array` IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `wireguard_endpoints: Array` IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided. - `include?: Array` List of routes included in the WARP client's tunnel. - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `lan_allow_minutes?: number` The amount of time in minutes a user is allowed access to their LAN. A value of 0 will allow LAN access until the next WARP reconnection, such as a reboot or a laptop waking from sleep. Note that this field is omitted from the response if null or unset. - `lan_allow_subnet_size?: number` The size of the subnet for the local access network. Note that this field is omitted from the response if null or unset. - `match?: string` The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service_token_uuid", "identity.saml_attributes", "network", "os.name", "os.version". - `name?: string` The name of the device settings profile. - `policy_id?: string` - `precedence?: number` The precedence of the policy. Lower values indicate higher precedence. Policies will be evaluated in ascending order of this field. - `register_interface_ip_with_dns?: boolean` Determines if the operating system will register WARP's local interface IP with your on-premises DNS server. - `sccm_vpn_boundary_support?: boolean` Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only). - `service_mode_v2?: ServiceModeV2` - `mode?: string` The mode to run the WARP client under. - `port?: number` The port number when used with proxy mode. - `support_url?: string` The URL to launch when the Send Feedback button is clicked. - `switch_locked?: boolean` Whether to allow the user to turn off the WARP switch and disconnect the client. - `target_tests?: Array` - `id?: string` The id of the DEX test targeting this policy. - `name?: string` The name of the DEX test targeting this policy. - `tunnel_protocol?: string` Determines which tunnel protocol to use. - `virtual_networks?: VirtualNetworks | null` Virtual network access settings for the device. - `allowed: Array` List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required. - `default: string` The default virtual network ID. Must be included in the `allowed` list. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const settingsPolicy of client.zeroTrust.devices.policies.custom.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(settingsPolicy.gateway_unique_id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "allow_mode_switch": true, "allow_updates": true, "allowed_to_leave": true, "auto_connect": 0, "captive_portal": 180, "default": false, "description": "Policy for test teams.", "disable_auto_fallback": true, "dns_search_suffixes": [ { "suffix": "internal.corp", "description": "Example internal domains" } ], "enabled": true, "exclude": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "exclude_office_ips": true, "fallback_domains": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "gateway_unique_id": "699d98642c564d2e855e9661899b7252", "global_acceleration": { "api_endpoints": [ "198.51.100.1:443" ], "enabled": true, "masque_endpoints": [ "198.51.100.1:443" ], "wireguard_endpoints": [ "198.51.100.1:2408" ] }, "include": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "lan_allow_minutes": 30, "lan_allow_subnet_size": 24, "match": "identity.email == \"test@cloudflare.com\"", "name": "Allow Developers", "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "precedence": 100, "register_interface_ip_with_dns": true, "sccm_vpn_boundary_support": false, "service_mode_v2": { "mode": "proxy", "port": 3000 }, "support_url": "https://1.1.1.1/help", "switch_locked": true, "target_tests": [ { "id": "id", "name": "name" } ], "tunnel_protocol": "wireguard", "virtual_networks": { "allowed": [ "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" ], "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" } } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Excludes ## Get the Split Tunnel exclude list for a device settings profile `client.zeroTrust.devices.policies.custom.excludes.get(stringpolicyID, ExcludeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/{policy_id}/exclude` Fetches the list of routes excluded from the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyID: string` - `params: ExcludeGetParams` - `account_id: string` ### Returns - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelExclude of client.zeroTrust.devices.policies.custom.excludes.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(splitTunnelExclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel exclude list for a device settings profile `client.zeroTrust.devices.policies.custom.excludes.update(stringpolicyID, ExcludeUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/{policy_id}/exclude` Sets the list of routes excluded from the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyID: string` - `params: ExcludeUpdateParams` - `account_id: string` Path param - `body: Array` Body param - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelExclude = TeamsDevicesExcludeSplitTunnelWithAddress | TeamsDevicesExcludeSplitTunnelWithHost` - `TeamsDevicesExcludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to exclude from the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesExcludeSplitTunnelWithHost` - `host: string` The domain name to exclude from the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelExclude of client.zeroTrust.devices.policies.custom.excludes.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', body: [{ address: '192.0.2.0/24' }] }, )) { console.log(splitTunnelExclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Exclude testing domains from the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Includes ## Get the Split Tunnel include list for a device settings profile `client.zeroTrust.devices.policies.custom.includes.get(stringpolicyID, IncludeGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/{policy_id}/include` Fetches the list of routes included in the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyID: string` - `params: IncludeGetParams` - `account_id: string` ### Returns - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelInclude of client.zeroTrust.devices.policies.custom.includes.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(splitTunnelInclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Split Tunnel include list for a device settings profile `client.zeroTrust.devices.policies.custom.includes.update(stringpolicyID, IncludeUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/{policy_id}/include` Sets the list of routes included in the WARP client's tunnel for a specific device settings profile. ### Parameters - `policyID: string` - `params: IncludeUpdateParams` - `account_id: string` Path param - `body: Array` Body param - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Returns - `SplitTunnelInclude = TeamsDevicesIncludeSplitTunnelWithAddress | TeamsDevicesIncludeSplitTunnelWithHost` - `TeamsDevicesIncludeSplitTunnelWithAddress` - `address: string` The address in CIDR format to include in the tunnel. If `address` is present, `host` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. - `TeamsDevicesIncludeSplitTunnelWithHost` - `host: string` The domain name to include in the tunnel. If `host` is present, `address` must not be present. - `description?: string` A description of the Split Tunnel item, displayed in the client UI. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const splitTunnelInclude of client.zeroTrust.devices.policies.custom.includes.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', body: [{ address: '192.0.2.0/24' }] }, )) { console.log(splitTunnelInclude); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "address": "192.0.2.0/24", "description": "Include testing domains in the tunnel" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Fallback Domains ## Get the Local Domain Fallback list for a device settings profile `client.zeroTrust.devices.policies.custom.fallbackDomains.get(stringpolicyID, FallbackDomainGetParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains` Fetches the list of domains to bypass Gateway DNS resolution from a specified device settings profile. These domains will use the specified local DNS resolver instead. ### Parameters - `policyID: string` - `params: FallbackDomainGetParams` - `account_id: string` ### Returns - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const fallbackDomain of client.zeroTrust.devices.policies.custom.fallbackDomains.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(fallbackDomain.suffix); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Set the Local Domain Fallback list for a device settings profile `client.zeroTrust.devices.policies.custom.fallbackDomains.update(stringpolicyID, FallbackDomainUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains` Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. This will only apply to the specified device settings profile. ### Parameters - `policyID: string` - `params: FallbackDomainUpdateParams` - `account_id: string` Path param - `domains: Array` Body param - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Returns - `FallbackDomain` - `suffix: string` The domain suffix to match when resolving locally. - `description?: string` A description of the fallback domain, displayed in the client UI. - `dns_server?: Array` A list of IP addresses to handle domain resolution. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const fallbackDomain of client.zeroTrust.devices.policies.custom.fallbackDomains.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', domains: [{ suffix: 'example.com' }] }, )) { console.log(fallbackDomain.suffix); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "suffix": "example.com", "description": "Domain bypass for local development", "dns_server": [ "1.1.1.1" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` # Posture ## List device posture rules `client.zeroTrust.devices.posture.list(PostureListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/posture` Fetches device posture rules for a Zero Trust account. ### Parameters - `params: PostureListParams` - `account_id: string` ### Returns - `DevicePostureRule` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `enabled?: boolean` Whether the rule is enabled. This is a computed, read-only value. It is false for deprecated Kolide posture rules that still use the issue_count input, and true otherwise. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const devicePostureRule of client.zeroTrust.devices.posture.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(devicePostureRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "enabled": true, "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device posture rule details `client.zeroTrust.devices.posture.get(stringruleID, PostureGetParamsparams, RequestOptionsoptions?): DevicePostureRule | null` **get** `/accounts/{account_id}/devices/posture/{rule_id}` Fetches a single device posture rule. ### Parameters - `ruleID: string` API UUID. - `params: PostureGetParams` - `account_id: string` ### Returns - `DevicePostureRule | null` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `enabled?: boolean` Whether the rule is enabled. This is a computed, read-only value. It is false for deprecated Kolide posture rules that still use the issue_count input, and true otherwise. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePostureRule = await client.zeroTrust.devices.posture.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(devicePostureRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "enabled": true, "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Create a device posture rule `client.zeroTrust.devices.posture.create(PostureCreateParamsparams, RequestOptionsoptions?): DevicePostureRule | null` **post** `/accounts/{account_id}/devices/posture` Creates a new device posture rule. ### Parameters - `params: PostureCreateParams` - `account_id: string` Path param - `name: string` Body param: The name of the device posture rule. - `type: "file" | "application" | "tanium" | 20 more` Body param: The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` - `description?: string` Body param: The description of the device posture rule. - `expiration?: string` Body param: Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` Body param: The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` Body param: The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `schedule?: string` Body param: Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. ### Returns - `DevicePostureRule | null` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `enabled?: boolean` Whether the rule is enabled. This is a computed, read-only value. It is false for deprecated Kolide posture rules that still use the issue_count input, and true otherwise. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePostureRule = await client.zeroTrust.devices.posture.create({ account_id: '699d98642c564d2e855e9661899b7252', name: 'Admin Serial Numbers', type: 'file', }); console.log(devicePostureRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "enabled": true, "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Update a device posture rule `client.zeroTrust.devices.posture.update(stringruleID, PostureUpdateParamsparams, RequestOptionsoptions?): DevicePostureRule | null` **put** `/accounts/{account_id}/devices/posture/{rule_id}` Updates a device posture rule. ### Parameters - `ruleID: string` API UUID. - `params: PostureUpdateParams` - `account_id: string` Path param - `name: string` Body param: The name of the device posture rule. - `type: "file" | "application" | "tanium" | 20 more` Body param: The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` - `description?: string` Body param: The description of the device posture rule. - `expiration?: string` Body param: Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` Body param: The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` Body param: The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `schedule?: string` Body param: Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. ### Returns - `DevicePostureRule | null` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `enabled?: boolean` Whether the rule is enabled. This is a computed, read-only value. It is false for deprecated Kolide posture rules that still use the issue_count input, and true otherwise. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const devicePostureRule = await client.zeroTrust.devices.posture.update( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252', name: 'Admin Serial Numbers', type: 'file', }, ); console.log(devicePostureRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "description": "The rule for admin serial numbers", "enabled": true, "expiration": "1h", "input": { "operating_system": "linux", "path": "/bin/cat", "exists": true, "sha256": "https://api.us-2.crowdstrike.com", "thumbprint": "0aabab210bdb998e9cf45da2c9ce352977ab531c681b74cf1e487be1bbe9fe6e" }, "match": [ { "platform": "windows" } ], "name": "Admin Serial Numbers", "schedule": "1h", "type": "file" }, "success": true } ``` ## Delete a device posture rule `client.zeroTrust.devices.posture.delete(stringruleID, PostureDeleteParamsparams, RequestOptionsoptions?): PostureDeleteResponse | null` **delete** `/accounts/{account_id}/devices/posture/{rule_id}` Deletes a device posture rule. ### Parameters - `ruleID: string` API UUID. - `params: PostureDeleteParams` - `account_id: string` ### Returns - `PostureDeleteResponse` - `id?: string` API UUID. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const posture = await client.zeroTrust.devices.posture.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(posture.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" }, "success": true } ``` ## Domain Types ### Carbonblack Input - `CarbonblackInput = string` ### Client Certificate Input - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. ### Crowdstrike Input - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` ### Device Input - `DeviceInput = FileInput | UniqueClientIDInput | DomainJoinedInput | 17 more` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. ### Device Match - `DeviceMatch` - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` ### Device Posture Rule - `DevicePostureRule` - `id?: string` API UUID. - `description?: string` The description of the device posture rule. - `enabled?: boolean` Whether the rule is enabled. This is a computed, read-only value. It is false for deprecated Kolide posture rules that still use the issue_count input, and true otherwise. - `expiration?: string` Sets the expiration time for a posture check result. If empty, the result remains valid until it is overwritten by new data from the WARP client. - `input?: DeviceInput` The value to be checked against. - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesCarbonblackInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `TeamsDevicesAccessSerialNumberListInputRequest` - `id: string` UUID of Access List. - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. - `TeamsDevicesApplicationInputRequest` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` Path for the application. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. - `ClientCertificateInput` - `certificate_id: string` UUID of Cloudflare managed certificate. - `cn: string` Common Name that is protected by the certificate. - `TeamsDevicesClientCertificateV2InputRequest` - `certificate_id: string` UUID of Cloudflare managed certificate. - `check_private_key: boolean` Confirm the certificate was not imported from another device. We recommend keeping this enabled unless the certificate was deployed without a private key. - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `cn?: string` Certificate Common Name. This may include one or more variables in the ${ } notation. Only ${serial_number} and ${hostname} are valid variables. - `extended_key_usage?: Array<"clientAuth" | "emailProtection">` List of values indicating purposes for which the certificate public key can be used. - `"clientAuth"` - `"emailProtection"` - `locations?: Locations` - `paths?: Array` List of paths to check for client certificate on linux. - `trust_stores?: Array<"system" | "user">` List of trust stores to check for client certificate. - `"system"` - `"user"` - `subject_alternative_names?: Array` List of certificate Subject Alternative Names. - `TeamsDevicesAntivirusInputRequest` - `update_window_days?: number` Number of days that the antivirus should be updated within. - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. - `CrowdstrikeInput` - `connection_id: string` Posture Integration ID. - `last_seen?: string` For more details on last seen, please refer to the Crowdstrike documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `os?: string` Os Version. - `overall?: string` Overall. - `sensor_config?: string` SensorConfig. - `state?: "online" | "offline" | "unknown"` For more details on state, please refer to the Crowdstrike documentation. - `"online"` - `"offline"` - `"unknown"` - `version?: string` Version. - `versionOperator?: "<" | "<=" | ">" | 2 more` Version Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `TeamsDevicesCustomS2sInputRequest` - `connection_id: string` Posture Integration ID. - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `score: number` A value between 0-100 assigned to devices set by the 3rd party posture provider. - `match?: Array` The conditions that the client must match to run the rule. - `platform?: "windows" | "mac" | "linux" | 3 more` - `"windows"` - `"mac"` - `"linux"` - `"android"` - `"ios"` - `"chromeos"` - `name?: string` The name of the device posture rule. - `schedule?: string` Polling frequency for the WARP client posture check. Default: `5m` (poll every five minutes). Minimum: `1m`. - `type?: "file" | "application" | "tanium" | 20 more` The type of device posture rule. - `"file"` - `"application"` - `"tanium"` - `"gateway"` - `"warp"` - `"disk_encryption"` - `"serial_number"` - `"sentinelone"` - `"carbonblack"` - `"firewall"` - `"os_version"` - `"domain_joined"` - `"client_certificate"` - `"client_certificate_v2"` - `"antivirus"` - `"unique_client_id"` - `"kolide"` - `"tanium_s2s"` - `"crowdstrike_s2s"` - `"intune"` - `"workspace_one"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Disk Encryption Input - `DiskEncryptionInput` - `checkDisks?: Array` List of volume names to be checked for encryption. - `requireAll?: boolean` Whether to check all disks for encryption. ### Domain Joined Input - `DomainJoinedInput` - `operating_system: "windows"` Operating System. - `"windows"` - `domain?: string` Domain. ### File Input - `FileInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `exists?: boolean` Whether or not file exists. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. ### Firewall Input - `FirewallInput` - `enabled: boolean` Enabled. - `operating_system: "windows" | "mac"` Operating System. - `"windows"` - `"mac"` ### Intune Input - `IntuneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown" | 3 more` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `"notapplicable"` - `"ingraceperiod"` - `"error"` - `connection_id: string` Posture Integration ID. ### Kolide Input - `KolideInput` - `connection_id: string` Posture Integration ID. - `auth_state?: Array<"Good" | "Notified" | "Will Block" | "Blocked">` The set of Kolide device authentication states that pass the posture check. Device must match one of the specified states. - `"Good"` - `"Notified"` - `"Will Block"` - `"Blocked"` - `countOperator?: "<" | "<=" | ">" | 2 more` Count Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `issue_count?: string` The Number of Issues. ### OS Version Input - `OSVersionInput` - `operating_system: "windows"` Operating System. - `"windows"` - `operator: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `version: string` Version of OS. - `os_distro_name?: string` Operating System Distribution Name (linux only). - `os_distro_revision?: string` Version of OS Distribution (linux only). - `os_version_extra?: string` Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. ### Sentinelone Input - `SentineloneInput` - `operating_system: "windows" | "linux" | "mac"` Operating system. - `"windows"` - `"linux"` - `"mac"` - `path: string` File path. - `sha256?: string` SHA-256. - `thumbprint?: string` Signing certificate thumbprint. ### Sentinelone S2s Input - `SentineloneS2sInput` - `connection_id: string` Posture Integration ID. - `active_threats?: number` The Number of active threats. - `infected?: boolean` Whether device is infected. - `is_active?: boolean` Whether device is active. - `network_status?: "connected" | "disconnected" | "disconnecting" | "connecting"` Network status of device. - `"connected"` - `"disconnected"` - `"disconnecting"` - `"connecting"` - `operational_state?: "na" | "partially_disabled" | "auto_fully_disabled" | 4 more` Agent operational state. - `"na"` - `"partially_disabled"` - `"auto_fully_disabled"` - `"fully_disabled"` - `"auto_partially_disabled"` - `"disabled_error"` - `"db_corruption"` - `operator?: "<" | "<=" | ">" | 2 more` Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` ### Tanium Input - `TaniumInput` - `connection_id: string` Posture Integration ID. - `eid_last_seen?: string` For more details on eid last seen, refer to the Tanium documentation. - `operator?: "<" | "<=" | ">" | 2 more` Operator to evaluate risk_level or eid_last_seen. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `risk_level?: "low" | "medium" | "high" | "critical"` For more details on risk level, refer to the Tanium documentation. - `"low"` - `"medium"` - `"high"` - `"critical"` - `scoreOperator?: "<" | "<=" | ">" | 2 more` Score Operator. - `"<"` - `"<="` - `">"` - `">="` - `"=="` - `total_score?: number` For more details on total score, refer to the Tanium documentation. ### Unique Client ID Input - `UniqueClientIDInput` - `id: string` List ID. - `operating_system: "android" | "ios" | "chromeos"` Operating System. - `"android"` - `"ios"` - `"chromeos"` ### Workspace One Input - `WorkspaceOneInput` - `compliance_status: "compliant" | "noncompliant" | "unknown"` Compliance Status. - `"compliant"` - `"noncompliant"` - `"unknown"` - `connection_id: string` Posture Integration ID. ### Posture Delete Response - `PostureDeleteResponse` - `id?: string` API UUID. # Integrations ## List your device posture integrations `client.zeroTrust.devices.posture.integrations.list(IntegrationListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/posture/integration` Fetches the list of device posture integrations for an account. ### Parameters - `params: IntegrationListParams` - `account_id: string` ### Returns - `Integration` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const integration of client.zeroTrust.devices.posture.integrations.list({ account_id: '699d98642c564d2e855e9661899b7252', })) { console.log(integration.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get device posture integration details `client.zeroTrust.devices.posture.integrations.get(stringintegrationID, IntegrationGetParamsparams, RequestOptionsoptions?): Integration | null` **get** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Fetches details for a single device posture integration. ### Parameters - `integrationID: string` API UUID. - `params: IntegrationGetParams` - `account_id: string` ### Returns - `Integration | null` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const integration = await client.zeroTrust.devices.posture.integrations.get( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(integration.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Create a device posture integration `client.zeroTrust.devices.posture.integrations.create(IntegrationCreateParamsparams, RequestOptionsoptions?): Integration | null` **post** `/accounts/{account_id}/devices/posture/integration` Create a new device posture integration. ### Parameters - `params: IntegrationCreateParams` - `account_id: string` Path param - `config: TeamsDevicesWorkspaceOneConfigRequest | TeamsDevicesCrowdstrikeConfigRequest | TeamsDevicesUptycsConfigRequest | 5 more` Body param: The configuration object containing third-party integration information. - `TeamsDevicesWorkspaceOneConfigRequest` - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `client_secret: string` The Workspace One client secret provided in the Workspace One Admin Dashboard. - `TeamsDevicesCrowdstrikeConfigRequest` - `api_url: string` The Crowdstrike API URL. - `client_id: string` The Crowdstrike client ID. - `client_secret: string` The Crowdstrike client secret. - `customer_id: string` The Crowdstrike customer ID. - `TeamsDevicesUptycsConfigRequest` - `api_url: string` The Uptycs API URL. - `client_key: string` The Uptycs client secret. - `client_secret: string` The Uptycs client secret. - `customer_id: string` The Uptycs customer ID. - `TeamsDevicesIntuneConfigRequest` - `client_id: string` The Intune client ID. - `client_secret: string` The Intune client secret. - `customer_id: string` The Intune customer ID. - `TeamsDevicesKolideConfigRequest` - `client_id: string` The Kolide client ID. - `client_secret: string` The Kolide client secret. - `TeamsDevicesTaniumConfigRequest` - `api_url: string` The Tanium API URL. - `client_secret: string` The Tanium client secret. - `access_client_id?: string` If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret?: string` If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `TeamsDevicesSentineloneS2sConfigRequest` - `api_url: string` The SentinelOne S2S API URL. - `client_secret: string` The SentinelOne S2S client secret. - `TeamsDevicesCustomS2sConfigRequest` - `access_client_id: string` This id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret: string` This secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `api_url: string` The Custom Device Posture Integration API URL. - `interval: string` Body param: The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name: string` Body param: The name of the device posture integration. - `type: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` Body param: The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Returns - `Integration | null` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const integration = await client.zeroTrust.devices.posture.integrations.create({ account_id: '699d98642c564d2e855e9661899b7252', config: { api_url: 'https://as123.awmdm.com/API', auth_url: 'https://na.uemauth.workspaceone.com/connect/token', client_id: 'example client id', client_secret: 'example client secret', }, interval: '10m', name: 'My Workspace One Integration', type: 'workspace_one', }); console.log(integration.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Update a device posture integration `client.zeroTrust.devices.posture.integrations.edit(stringintegrationID, IntegrationEditParamsparams, RequestOptionsoptions?): Integration | null` **patch** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Updates a configured device posture integration. ### Parameters - `integrationID: string` API UUID. - `params: IntegrationEditParams` - `account_id: string` Path param - `config?: TeamsDevicesWorkspaceOneConfigRequest | TeamsDevicesCrowdstrikeConfigRequest | TeamsDevicesUptycsConfigRequest | 5 more` Body param: The configuration object containing third-party integration information. - `TeamsDevicesWorkspaceOneConfigRequest` - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `client_secret: string` The Workspace One client secret provided in the Workspace One Admin Dashboard. - `TeamsDevicesCrowdstrikeConfigRequest` - `api_url: string` The Crowdstrike API URL. - `client_id: string` The Crowdstrike client ID. - `client_secret: string` The Crowdstrike client secret. - `customer_id: string` The Crowdstrike customer ID. - `TeamsDevicesUptycsConfigRequest` - `api_url: string` The Uptycs API URL. - `client_key: string` The Uptycs client secret. - `client_secret: string` The Uptycs client secret. - `customer_id: string` The Uptycs customer ID. - `TeamsDevicesIntuneConfigRequest` - `client_id: string` The Intune client ID. - `client_secret: string` The Intune client secret. - `customer_id: string` The Intune customer ID. - `TeamsDevicesKolideConfigRequest` - `client_id: string` The Kolide client ID. - `client_secret: string` The Kolide client secret. - `TeamsDevicesTaniumConfigRequest` - `api_url: string` The Tanium API URL. - `client_secret: string` The Tanium client secret. - `access_client_id?: string` If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret?: string` If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `TeamsDevicesSentineloneS2sConfigRequest` - `api_url: string` The SentinelOne S2S API URL. - `client_secret: string` The SentinelOne S2S client secret. - `TeamsDevicesCustomS2sConfigRequest` - `access_client_id: string` This id will be passed in the `CF-Access-Client-ID` header when hitting the `api_url`. - `access_client_secret: string` This secret will be passed in the `CF-Access-Client-Secret` header when hitting the `api_url`. - `api_url: string` The Custom Device Posture Integration API URL. - `interval?: string` Body param: The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` Body param: The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` Body param: The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Returns - `Integration | null` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const integration = await client.zeroTrust.devices.posture.integrations.edit( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(integration.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "config": { "api_url": "https://as123.awmdm.com/API", "auth_url": "https://na.uemauth.workspaceone.com/connect/token", "client_id": "example client id" }, "interval": "10m", "name": "My Workspace One Integration", "type": "workspace_one" }, "success": true } ``` ## Delete a device posture integration `client.zeroTrust.devices.posture.integrations.delete(stringintegrationID, IntegrationDeleteParamsparams, RequestOptionsoptions?): IntegrationDeleteResponse | null` **delete** `/accounts/{account_id}/devices/posture/integration/{integration_id}` Delete a configured device posture integration. ### Parameters - `integrationID: string` API UUID. - `params: IntegrationDeleteParams` - `account_id: string` ### Returns - `IntegrationDeleteResponse = unknown | string | null` - `unknown` - `string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const integration = await client.zeroTrust.devices.posture.integrations.delete( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, ); console.log(integration); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Integration - `Integration` - `id?: string` API UUID. - `config?: Config` The configuration object containing third-party integration information. - `api_url: string` The Workspace One API URL provided in the Workspace One Admin Dashboard. - `auth_url: string` The Workspace One Authorization URL depending on your region. - `client_id: string` The Workspace One client ID provided in the Workspace One Admin Dashboard. - `interval?: string` The interval between each posture check with the third-party API. Use `m` for minutes (e.g. `5m`) and `h` for hours (e.g. `12h`). - `name?: string` The name of the device posture integration. - `type?: "workspace_one" | "crowdstrike_s2s" | "uptycs" | 5 more` The type of device posture integration. - `"workspace_one"` - `"crowdstrike_s2s"` - `"uptycs"` - `"intune"` - `"kolide"` - `"tanium_s2s"` - `"sentinelone_s2s"` - `"custom_s2s"` ### Integration Delete Response - `IntegrationDeleteResponse = unknown | string | null` - `unknown` - `string` # Revoke ## Revoke devices (deprecated) `client.zeroTrust.devices.revoke.create(RevokeCreateParamsparams, RequestOptionsoptions?): RevokeCreateResponse | null` **post** `/accounts/{account_id}/devices/revoke` Revokes a list of devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled. **Deprecated**: please use POST /accounts/{account_id}/devices/registrations/revoke instead. ### Parameters - `params: RevokeCreateParams` - `account_id: string` Path param - `body: Array` Body param: A list of Registration IDs to revoke. ### Returns - `RevokeCreateResponse = unknown | string | null` - `unknown` - `string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const revoke = await client.zeroTrust.devices.revoke.create({ account_id: '699d98642c564d2e855e9661899b7252', body: ['f174e90a-fafe-4643-bbbc-4a0ed4fc8415'], }); console.log(revoke); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Revoke Create Response - `RevokeCreateResponse = unknown | string | null` - `unknown` - `string` # Settings ## Get device settings for a Zero Trust account `client.zeroTrust.devices.settings.get(SettingGetParamsparams, RequestOptionsoptions?): DeviceSettings | null` **get** `/accounts/{account_id}/devices/settings` Describes the current device settings for a Zero Trust account. ### Parameters - `params: SettingGetParams` - `account_id: string` ### Returns - `DeviceSettings | null` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceSettings = await client.zeroTrust.devices.settings.get({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(deviceSettings.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Update device settings for a Zero Trust account `client.zeroTrust.devices.settings.update(SettingUpdateParamsparams, RequestOptionsoptions?): DeviceSettings | null` **put** `/accounts/{account_id}/devices/settings` Updates the current device settings for a Zero Trust account. ### Parameters - `params: SettingUpdateParams` - `account_id: string` Path param - `disable_for_time?: number` Body param: Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Body param: Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` Body param: The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` Body param: The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` Body param: The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Body param: Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Body param: Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Body param: Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Body param: Enable using CGNAT virtual IPv4. ### Returns - `DeviceSettings | null` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceSettings = await client.zeroTrust.devices.settings.update({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(deviceSettings.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Patch device settings for a Zero Trust account `client.zeroTrust.devices.settings.edit(SettingEditParamsparams, RequestOptionsoptions?): DeviceSettings | null` **patch** `/accounts/{account_id}/devices/settings` Patches the current device settings for a Zero Trust account. ### Parameters - `params: SettingEditParams` - `account_id: string` Path param - `disable_for_time?: number` Body param: Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Body param: Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` Body param: The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` Body param: The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` Body param: The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Body param: Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Body param: Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Body param: Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Body param: Enable using CGNAT virtual IPv4. ### Returns - `DeviceSettings | null` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceSettings = await client.zeroTrust.devices.settings.edit({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(deviceSettings.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Reset device settings for a Zero Trust account with defaults. This turns off all proxying. `client.zeroTrust.devices.settings.delete(SettingDeleteParamsparams, RequestOptionsoptions?): DeviceSettings | null` **delete** `/accounts/{account_id}/devices/settings` Resets the current device settings for a Zero Trust account. ### Parameters - `params: SettingDeleteParams` - `account_id: string` ### Returns - `DeviceSettings | null` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const deviceSettings = await client.zeroTrust.devices.settings.delete({ account_id: '699d98642c564d2e855e9661899b7252', }); console.log(deviceSettings.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "disable_for_time": 0, "external_emergency_signal_enabled": true, "external_emergency_signal_fingerprint": "abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234", "external_emergency_signal_interval": "5m", "external_emergency_signal_url": "https://192.0.2.1/signal", "gateway_proxy_enabled": true, "gateway_udp_proxy_enabled": true, "root_certificate_installation_enabled": true, "use_zt_virtual_ip": true }, "success": true } ``` ## Domain Types ### Device Settings - `DeviceSettings` - `disable_for_time?: number` Sets the time limit, in seconds, that a user can use an override code to bypass WARP. - `external_emergency_signal_enabled?: boolean` Controls whether the external emergency disconnect feature is enabled. - `external_emergency_signal_fingerprint?: string` The SHA256 fingerprint (64 hexadecimal characters) of the HTTPS server certificate for the external_emergency_signal_url. If provided, the WARP client will use this value to verify the server's identity. The device will ignore any response if the server's certificate fingerprint does not exactly match this value. - `external_emergency_signal_interval?: string` The interval at which the WARP client fetches the emergency disconnect signal, formatted as a duration string (e.g., "5m", "2m30s", "1h"). Minimum 30 seconds. - `external_emergency_signal_url?: string` The HTTPS URL from which to fetch the emergency disconnect signal. Must use HTTPS and have an IPv4 or IPv6 address as the host. - `gateway_proxy_enabled?: boolean` Enable gateway proxy filtering on TCP. - `gateway_udp_proxy_enabled?: boolean` Enable gateway proxy filtering on UDP. - `root_certificate_installation_enabled?: boolean` Enable installation of cloudflare managed root certificate. - `use_zt_virtual_ip?: boolean` Enable using CGNAT virtual IPv4. # Unrevoke ## Unrevoke devices (deprecated) `client.zeroTrust.devices.unrevoke.create(UnrevokeCreateParamsparams, RequestOptionsoptions?): UnrevokeCreateResponse | null` **post** `/accounts/{account_id}/devices/unrevoke` Unrevokes a list of devices. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled. **Deprecated**: please use POST /accounts/{account_id}/devices/registrations/unrevoke instead. ### Parameters - `params: UnrevokeCreateParams` - `account_id: string` Path param - `body: Array` Body param: A list of Registration IDs to unrevoke. ### Returns - `UnrevokeCreateResponse = unknown | string | null` - `unknown` - `string` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const unrevoke = await client.zeroTrust.devices.unrevoke.create({ account_id: '699d98642c564d2e855e9661899b7252', body: ['f174e90a-fafe-4643-bbbc-4a0ed4fc8415'], }); console.log(unrevoke); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Unrevoke Create Response - `UnrevokeCreateResponse = unknown | string | null` - `unknown` - `string` # Override Codes ## Get override codes (deprecated) `client.zeroTrust.devices.overrideCodes.list(stringdeviceID, OverrideCodeListParamsparams, RequestOptionsoptions?): SinglePage` **get** `/accounts/{account_id}/devices/{device_id}/override_codes` Fetches a one-time use admin override code for a device. This relies on the **Admin Override** setting being enabled in your device configuration. Not supported when [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) is enabled for the account. **Deprecated:** please use GET /accounts/{account_id}/devices/registrations/{registration_id}/override_codes instead. ### Parameters - `deviceID: string` Registration ID. Equal to Device ID except for accounts which enabled [multi-user mode](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/). - `params: OverrideCodeListParams` - `account_id: string` ### Returns - `OverrideCodeListResponse = unknown` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const overrideCodeListResponse of client.zeroTrust.devices.overrideCodes.list( 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', { account_id: '699d98642c564d2e855e9661899b7252' }, )) { console.log(overrideCodeListResponse); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ {} ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get override codes `client.zeroTrust.devices.overrideCodes.get(stringregistrationID, OverrideCodeGetParamsparams, RequestOptionsoptions?): OverrideCodeGetResponse` **get** `/accounts/{account_id}/devices/registrations/{registration_id}/override_codes` Fetches one-time use admin override codes for a registration. This relies on the **Admin Override** setting being enabled in your device configuration. ### Parameters - `registrationID: string` - `params: OverrideCodeGetParams` - `account_id: string` ### Returns - `OverrideCodeGetResponse` - `disable_for_time?: Record` ### Example ```typescript import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const overrideCode = await client.zeroTrust.devices.overrideCodes.get('registration_id', { account_id: 'account_id', }); console.log(overrideCode.disable_for_time); ``` #### Response ```json { "errors": [ { "code": 0, "message": "message" } ], "messages": [ { "code": 0, "message": "message" } ], "result": { "disable_for_time": { "foo": "string" } }, "success": true } ``` ## Domain Types ### Override Code List Response - `OverrideCodeListResponse = unknown` ### Override Code Get Response - `OverrideCodeGetResponse` - `disable_for_time?: Record`