The following sections contain example requests for common API calls. For a list of available API endpoints, refer to Endpoints.

Get Advanced TCP Protection status

This example obtains the current status of Advanced TCP Protection (enabled or disabled).

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_protection_status \ --header "Authorization: Bearer <API_TOKEN>"

Example response { " result " : { " enabled " : false }, " success " : true , " errors " : [], " messages " : [] }

Enable Advanced TCP Protection

This example enables Advanced TCP Protection.

Request curl --request PATCH \ https://api.cloudflare.com/client/v4/accounts/{ account_id}/magic/advanced_tcp_protection/configs/tcp_protection_status \ --header "Authorization: Bearer <API_TOKEN>" \ --header "Content-Type: application/json" \ --data '{ "enabled": true }'

Get existing prefixes

This example fetches all existing prefixes in Advanced TCP Protection.

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/prefixes \ --header "Authorization: Bearer <API_TOKEN>"

Example response { " result " : [ { " prefix " : "203.0.113/24" , " comment " : "My prefix" , " excluded " : false } ], " success " : true , " errors " : [], " messages " : [] }

Add prefixes

This example POST request adds two prefixes. The second prefix excludes a subset of the first prefix from Advanced TCP Protection.

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/prefixes/bulk \ --header "Authorization: Bearer <API_TOKEN>" \ --header "Content-Type: application/json" \ --data '[ { "prefix": "192.0.2.0/24", "comment": "Game ranges", "excluded": false }, { "prefix": "192.0.2.2/26", "comment": "Range for a specific game", "excluded": true } ]'

Example response { " result " : [ { " id " : "<PREFIX_1_ID>" , " prefix " : "192.0.2.0/24" , " excluded " : false , " comment " : "Game ranges" , " created_on " : "<TIMESTAMP>" , " modified_on " : "<TIMESTAMP>" }, { " id " : "<PREFIX_2_ID>" , " prefix " : "192.0.2.2/26" , " excluded " : true , " comment " : "Range for a specific game" , " created_on " : "<TIMESTAMP>" , " modified_on " : "<TIMESTAMP>" } ], " success " : true , " errors " : [], " messages " : [] }

Get all prefixes in allowlist

This example fetches all the prefixes in the allowlist.

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/allowlist \ --header "Authorization: Bearer <API_TOKEN>"

Example response { " result " : [ { " id " : "<ALLOWLIST_PREFIX_ID>" , " prefix " : "192.0.2.127" , " comment " : "Single IP address in allowlist" , " enabled " : true , " created_on " : "<TIMESTAMP>" , " modified_on " : "<TIMESTAMP>" } ], " success " : true , " errors " : [], " messages " : [] }

Add a prefix to the allowlist

This example POST request adds a prefix to the allowlist of the account.

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/allowlist \ --header "Authorization: Bearer <API_TOKEN>" \ --header "Content-Type: application/json" \ --data '{ "prefix": "203.0.113.0/26", "comment": "Partner range", "enabled": true }'

Example response { " result " : { " id " : "<ALLOWLIST_PREFIX_1_ID>" , " prefix " : "203.0.113.0/26" , " comment " : "Partner range" , " enabled " : true , " created_on " : "<TIMESTAMP>" , " modified_on " : "<TIMESTAMP>" }, " success " : true , " errors " : [], " messages " : [] }

Create a SYN flood rule

This example POST request creates a SYN flood rule with a regional scope (Western Europe) in monitoring mode.

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/syn_protection/rules \ --header "Authorization: Bearer <API_TOKEN>" \ --header "Content-Type: application/json" \ --data '{ "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "medium", "burst_sensitivity": "medium" }'

Example response { " result " : { " id " : "<SYN_FLOOD_RULE_ID>" , " scope " : "region" , " name " : "WEUR" , " mode " : "monitoring" , " rate_sensitivity " : "medium" , " burst_sensitivity " : "medium" , " created_on " : "<TIMESTAMP>" , " modified_on " : "<TIMESTAMP>" }, " success " : true , " errors " : [], " messages " : [] }

Refer to JSON objects for more information on the fields in the JSON body.

Create an out-of-state TCP rule

This example POST request creates an out-of-state TCP rule in monitoring mode, with a regional scope, and with low rate and burst sensitivities.

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_flow_protection/rules \ --header "Authorization: Bearer <API_TOKEN>" \ --header "Content-Type: application/json" \ --data '{ "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "low", "burst_sensitivity": "low" }'

Example response { " result " : { " id " : "<OOS_TCP_RULE_ID>" , " scope " : "region" , " name " : "WEUR" , " mode " : "monitoring" , " rate_sensitivity " : "low" , " burst_sensitivity " : "low" , " created_on " : "<TIMESTAMP>" , " modified_on " : "<TIMESTAMP>" }, " success " : true , " errors " : [], " messages " : [] }

Refer to JSON objects for more information on the fields in the JSON body.

Create a SYN flood filter

This example POST request creates a SYN flood filter, setting SYN flood protection to monitoring mode for a specific range of destination IP addresses.

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/syn_protection/filters \ --header "Authorization: Bearer <API_TOKEN>" \ --header "Content-Type: application/json" \ --data '{ "expression": "ip.dst in { 192.0.2.0/24 }", "mode": "monitoring" }'

Example response { " result " : { " id " : "<SYN_FLOOD_FILTER_ID>" , " expression " : "ip.dst in { 192.0.2.0/24 }" , " mode " : "monitoring" , " created_on " : "<TIMESTAMP>" , " modified_on " : "<TIMESTAMP>" }, " success " : true , " errors " : [], " messages " : [] }

Refer to JSON objects for more information on the fields in the JSON body.

Create an out-of-state TCP filter

This example POST request creates an out-of-state TCP filter, disabling out-of-state TCP protection for a specific range of destination IP addresses and ports.

Request curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_flow_protection/filters \ --header "Authorization: Bearer <API_TOKEN>" \ --header "Content-Type: application/json" \ --data '{ "expression": "ip.dst in { 203.0.113.0/24 } and tcp.dstport in { 8000..8081 }", "mode": "disabled" }'

Example response { " result " : { " id " : "<OOS_TCP_FILTER_ID>" , " expression " : "ip.dst in { 203.0.113.0/24 } and tcp.dstport in { 8000..8081 }" , " mode " : "disabled" , " created_on " : "<TIMESTAMP>" , " modified_on " : "<TIMESTAMP>" }, " success " : true , " errors " : [], " messages " : [] }

Refer to JSON objects for more information on the fields in the JSON body.