Skip to content
Cloudflare Docs
Docs DirectoryAPIsSDKs

Supported resource types

The Tagging API supports the following resource types across account-level and zone-level scopes.

Account-level resources

Use /accounts/{account_id}/tags endpoints for these resource types.

Resource typeRequired extra fieldsDescription
accountNoneThe Cloudflare account itself
access_applicationNoneAccess application
access_groupNoneAccess group
account_rulesetNoneAccount-level ruleset
ai_gatewayNoneAI Gateway
alerting_policyNoneNotification policy
alerting_webhookNoneNotification webhook destination
cloudflared_tunnelNoneCloudflare Tunnel
d1_databaseNoneD1 database
durable_object_namespaceNoneDurable Objects namespace
gateway_listNoneGateway list
gateway_ruleNoneGateway rule
imageNoneCloudflare Image
kv_namespaceNoneWorkers KV namespace
load_balancer_monitorNoneLoad Balancer monitor
load_balancer_poolNoneLoad Balancer pool
pages_projectNonePages project
queueNoneQueue
r2_bucketNoneR2 bucket
resource_shareNoneResource share
stream_live_inputNoneStream live input
stream_videoNoneStream video
vectorize_indexNoneVectorize index
workerNoneWorkers script
worker_versionworker_idSpecific version of a Worker

Zone-level resources

Use /zones/{zone_id}/tags endpoints for these resource types.

Resource typeRequired extra fieldsDescription
access_application_policyaccess_application_idAccess application policy
api_gateway_operationNoneAPI Gateway operation
custom_certificateNoneCustom SSL certificate
custom_hostnameNoneCustom hostname (SSL for SaaS)
dns_recordNoneDNS record
healthcheckNoneHealth check
load_balancerNoneLoad Balancer
managed_client_certificateNoneManaged client certificate (mTLS)
worker_routeNoneWorker route
zoneNoneDNS zone
zone_rulesetNoneZone-level ruleset

Extra fields

Most resource types only require resource_type and resource_id. Two resource types require an additional field in both request bodies and query parameters.

worker_version

Include the worker_id field:

Terminal window
# GET
curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags?resource_type=worker_version&resource_id=$VERSION_ID&worker_id=$WORKER_ID" \
  -H "Authorization: Bearer $API_TOKEN"


# PUT
curl -X PUT "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "resource_type": "worker_version",
    "resource_id": "'"$VERSION_ID"'",
    "worker_id": "'"$WORKER_ID"'",
    "tags": {
      "version": "1.2.3",
      "environment": "staging"
    }
  }'

access_application_policy

Include the access_application_id field:

Terminal window
# GET
curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/tags?resource_type=access_application_policy&resource_id=$POLICY_ID&access_application_id=$APP_ID" \
  -H "Authorization: Bearer $API_TOKEN"


# PUT
curl -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/tags" \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "resource_type": "access_application_policy",
    "resource_id": "'"$POLICY_ID"'",
    "access_application_id": "'"$APP_ID"'",
    "tags": {
      "sensitivity": "high",
      "team": "security"
    }
  }'