Common API calls

The following examples address common scenarios of using the Cloudflare API to manage and configure leaked credentials detection.

If you are using Terraform, refer to Terraform configuration examples.

General operations

The following API examples cover basic operations such as enabling and disabling the leaked credentials detection.

Turn on leaked credentials detection

To turn on leaked credentials detection, use a POST request similar to the following:

Required API token permissions

At least one of the following token permissions is required:

Zone WAF Write
Account WAF Write

curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks" \
  --request POST \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  --json '{
    "enabled": true
  }'

Turn off leaked credentials detection

To turn off leaked credentials detection, use a POST request similar to the following:

Required API token permissions

At least one of the following token permissions is required:

Zone WAF Write
Account WAF Write

curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks" \
  --request POST \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  --json '{
    "enabled": false
  }'

Get status of leaked credentials detection

To obtain the current status of the leaked credentials detection, use a GET request similar to the following:

Required API token permissions

At least one of the following token permissions is required:

Zone WAF Write
Zone WAF Read
Account WAF Write
Account WAF Read

curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks" \
  --request GET \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"

{
  "result": {
    "enabled": true
  },
  "success": true,
  "errors": [],
  "messages": []
}

Custom detection location operations

The following API examples cover operations on custom detection locations for leaked credentials detection.

Add a custom detection location

To add a custom detection location, use a POST request similar to the following:

Required API token permissions

At least one of the following token permissions is required:

Zone WAF Write
Account WAF Write

curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks/detections" \
  --request POST \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  --json '{
    "username": "lookup_json_string(http.request.body.raw, \"user\")",
    "password": "lookup_json_string(http.request.body.raw, \"secret\")"
  }'

Get existing custom detection locations

To get a list of existing custom detection locations, use a GET request similar to the following:

Required API token permissions

At least one of the following token permissions is required:

Zone WAF Write
Zone WAF Read
Account WAF Write
Account WAF Read

curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks/detections" \
  --request GET \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"

{
  "result": [
    {
      "id": "<DETECTION_ID>",
      "username": "lookup_json_string(http.request.body.raw, \"user\")",
      "password": "lookup_json_string(http.request.body.raw, \"secret\")"
    }
    // (...)
  ],
  "success": true,
  "errors": [],
  "messages": []
}

Delete a custom detection location

To delete a custom detection location, use a DELETE request similar to the following:

Required API token permissions

At least one of the following token permissions is required:

Zone WAF Write
Account WAF Write

curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks/detections/$DETECTION_ID" \
  --request DELETE \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"

Was this helpful?

Community
X
Discord
YouTube
GitHub