Fixed and documented Workers Routes and Secrets API
Previously, a request to the Workers Create Route API always returned null for "script" and an empty string for "pattern" even if the request was successful.
curl https://api.cloudflare.com/client/v4/zones/$CF_ACCOUNT_ID/workers/routes \-X PUT \-H "Authorization: Bearer $CF_API_TOKEN" \-H 'Content-Type: application/json' \--data '{ "pattern": "example.com/*", "script": "hello-world-script" }'{ "result": { "id": "bf153a27ba2b464bb9f04dcf75de1ef9", "pattern": "", "script": null, "request_limit_fail_open": false }, "success": true, "errors": [], "messages": []}Now, it properly returns all values!
{ "result": { "id": "bf153a27ba2b464bb9f04dcf75de1ef9", "pattern": "example.com/*", "script": "hello-world-script", "request_limit_fail_open": false }, "success": true, "errors": [], "messages": []}The Workers and Workers for Platforms secrets APIs are now properly documented in the Cloudflare OpenAPI docs. Previously, these endpoints were not publicly documented, leaving users confused on how to directly manage their secrets via the API. Now, you can find the proper endpoints in our public documentation, as well as in our API Library SDKs such as cloudflare-typescript ↗ (>4.2.0) and cloudflare-python ↗ (>4.1.0).
Note the cloudflare_workers_secret and cloudflare_workers_for_platforms_script_secret Terraform resources ↗ are being removed in a future release. This resource is not recommended for managing secrets. Users should instead use the:
- Secrets Store with the "Secrets Store Secret" binding on Workers and Workers for Platforms Script Upload
- "Secret Text" Binding on Workers Script Upload and Workers for Platforms Script Upload
- Workers (and WFP) Secrets API
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark