Magic Transit

magic_transit

Domain types

HealthCheck = { enabled, rate, target, 1 more... }
HealthCheckRate = "low" | "mid" | "high"

How frequent the health check is run. The default value is mid.

HealthCheckType = "reply" | "request"

The type of healthcheck to run, reply or request. The default value is reply.

magic_transit.apps

Methods

Create A New App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
post/accounts/{account_id}/magic/apps

Creates a new App for an account

Delete Account App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
delete/accounts/{account_id}/magic/apps/{account_app_id}

Deletes specific Account App.

List Apps -> SinglePage<{ account_app_id, hostnames, ip_subnets, 2 more... } | { managed_app_id, hostnames, ip_subnets, 2 more... }>
get/accounts/{account_id}/magic/apps

Lists Apps associated with an account.

Update An App -> Envelope<{ account_app_id, hostnames, ip_subnets, 2 more... }>
put/accounts/{account_id}/magic/apps/{account_app_id}

Updates an Account App

Magic Transit

Cf Interconnects

magic_transit.cf_interconnects

Methods

Update Multiple Interconnects -> Envelope<{ modified, modified_interconnects }>
put/accounts/{account_id}/magic/cf_interconnects

Updates multiple interconnects associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List Interconnect Details -> Envelope<{ interconnect }>
get/accounts/{account_id}/magic/cf_interconnects/{cf_interconnect_id}

Lists details for a specific interconnect.

List Interconnects -> Envelope<{ interconnects }>
get/accounts/{account_id}/magic/cf_interconnects

Lists interconnects associated with an account.

Update Interconnect -> Envelope<{ modified, modified_interconnect }>
put/accounts/{account_id}/magic/cf_interconnects/{cf_interconnect_id}

Updates a specific interconnect associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Magic Transit

Connectors

magic_transit.connectors

Methods

Update Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
patch/accounts/{account_id}/magic/connectors/{connector_id}

Update Connector

Fetch Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
get/accounts/{account_id}/magic/connectors/{connector_id}

Fetch Connector

List Connectors -> SinglePage<{ id, activated, interrupt_window_duration_hours, 7 more... }>
get/accounts/{account_id}/magic/connectors

List Connectors

Replace Connector -> Envelope<{ id, activated, interrupt_window_duration_hours, 7 more... }>
put/accounts/{account_id}/magic/connectors/{connector_id}

Replace Connector

Magic Transit

GRE Tunnels

magic_transit.gre_tunnels

Methods

Update Multiple GRE Tunnels -> Envelope<{ modified, modified_gre_tunnels }>
put/accounts/{account_id}/magic/gre_tunnels

Updates multiple GRE tunnels. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Create GRE Tunnels -> Envelope<{ gre_tunnels }>
post/accounts/{account_id}/magic/gre_tunnels

Creates new GRE tunnels. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Delete GRE Tunnel -> Envelope<{ deleted, deleted_gre_tunnel }>
delete/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Disables and removes a specific static GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List GRE Tunnel Details -> Envelope<{ gre_tunnel }>
get/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Lists informtion for a specific GRE tunnel.

List GRE Tunnels -> Envelope<{ gre_tunnels }>
get/accounts/{account_id}/magic/gre_tunnels

Lists GRE tunnels associated with an account.

Update GRE Tunnel -> Envelope<{ modified, modified_gre_tunnel }>
put/accounts/{account_id}/magic/gre_tunnels/{gre_tunnel_id}

Updates a specific GRE tunnel. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Magic Transit

IPSEC Tunnels

magic_transit.ipsec_tunnels

Methods

Update Multiple I Psec Tunnels -> Envelope<{ modified, modified_ipsec_tunnels }>
put/accounts/{account_id}/magic/ipsec_tunnels

Update multiple IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Create I Psec Tunnels -> Envelope<{ ipsec_tunnels }>
post/accounts/{account_id}/magic/ipsec_tunnels

Creates new IPsec tunnels associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Delete I Psec Tunnel -> Envelope<{ deleted, deleted_ipsec_tunnel }>
delete/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Disables and removes a specific static IPsec Tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

List I Psec Tunnel Details -> Envelope<{ ipsec_tunnel }>
get/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Lists details for a specific IPsec tunnel.

List I Psec Tunnels -> Envelope<{ ipsec_tunnels }>
get/accounts/{account_id}/magic/ipsec_tunnels

Lists IPsec tunnels associated with an account.

Generate Pre Shared Key PSK For I Psec Tunnels -> Envelope<{ ipsec_tunnel_id, psk, psk_metadata }>
post/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}/psk_generate

Generates a Pre Shared Key for a specific IPsec tunnel used in the IKE session. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes. After a PSK is generated, the PSK is immediately persisted to Cloudflare's edge and cannot be retrieved later. Note the PSK in a safe place.

Update I Psec Tunnel -> Envelope<{ modified, modified_ipsec_tunnel }>
put/accounts/{account_id}/magic/ipsec_tunnels/{ipsec_tunnel_id}

Updates a specific IPsec tunnel associated with an account. Use ?validate_only=true as an optional query parameter to only run validation without persisting changes.

Domain types

PSKMetadata = { last_generated_on }

The PSK metadata that includes when the PSK was generated.

magic_transit.pcaps

Methods

Create PCAP Request -> Envelope< | { id, byte_limit, colo_name, 8 more... }>
post/accounts/{account_id}/pcaps

Create new PCAP request for account.

Get PCAP Request -> Envelope< | { id, byte_limit, colo_name, 8 more... }>
get/accounts/{account_id}/pcaps/{pcap_id}

Get information for a PCAP request by id.

List Packet Capture Requests -> SinglePage< | { id, byte_limit, colo_name, 8 more... }>
get/accounts/{account_id}/pcaps

Lists all packet capture requests for an account.

Domain types

PCAP = { id, filter_v1, status, 4 more... }
PCAPFilter = { destination_address, destination_port, protocol, 2 more... }

The packet capture filter. When this field is empty, all packets are captured.

magic_transit.pcaps.download

Methods

Download Simple PCAP -> unknown
get/accounts/{account_id}/pcaps/{pcap_id}/download

Download PCAP information into a file. Response is a binary PCAP file.

magic_transit.pcaps.ownership

Methods

Add Buckets For Full Packet Captures -> Envelope<>
post/accounts/{account_id}/pcaps/ownership

Adds an AWS or GCP bucket to use with full packet captures.

Delete Buckets For Full Packet Captures ->
delete/accounts/{account_id}/pcaps/ownership/{ownership_id}

Deletes buckets added to the packet captures API.

List PCAPs Bucket Ownership -> Envelope<Array<>>
get/accounts/{account_id}/pcaps/ownership

List all buckets configured for use with PCAPs API.

Validate Buckets For Full Packet Captures -> Envelope<>
post/accounts/{account_id}/pcaps/ownership/validate

Validates buckets added to the packet captures API.

Domain types

Ownership = { id, destination_conf, filename, 3 more... }

magic_transit.routes

Methods

Update Many Routes -> Envelope<{ modified, modified_routes }>
put/accounts/{account_id}/magic/routes

Update multiple Magic static routes. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes. Only fields for a route that need to be changed need be provided.

Create Routes -> Envelope<{ routes }>
post/accounts/{account_id}/magic/routes

Creates a new Magic static route. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes.

Delete Route -> Envelope<{ deleted, deleted_route }>
delete/accounts/{account_id}/magic/routes/{route_id}

Disable and remove a specific Magic static route.

Delete Many Routes -> Envelope<{ deleted, deleted_routes }>
delete/accounts/{account_id}/magic/routes

Delete multiple Magic static routes.

Route Details -> Envelope<{ route }>
get/accounts/{account_id}/magic/routes/{route_id}

Get a specific Magic static route.

List Routes -> Envelope<{ routes }>
get/accounts/{account_id}/magic/routes

List all Magic static routes.

Update Route -> Envelope<{ modified, modified_route }>
put/accounts/{account_id}/magic/routes/{route_id}

Update a specific Magic static route. Use ?validate_only=true as an optional query parameter to run validation only without persisting changes.

Domain types

Scope = { colo_names, colo_regions }

Used only for ECMP routes.

magic_transit.sites

Methods

Create A New Site -> Envelope<>
post/accounts/{account_id}/magic/sites

Creates a new Site

Delete Site -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}

Remove a specific Site.

Patch Site -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}

Patch a specific Site.

Site Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}

Get a specific Site.

List Sites -> SinglePage<>
get/accounts/{account_id}/magic/sites

Lists Sites associated with an account. Use connector_identifier query param to return sites where connector_identifier matches either site.ConnectorID or site.SecondaryConnectorID.

Update Site -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}

Update a specific Site.

Domain types

Site = { id, connector_id, description, 4 more... }
SiteLocation = { lat, lon }

Location of site in latitude and longitude.

magic_transit.sites.acls

Methods

Create A New Site ACL -> Envelope<>
post/accounts/{account_id}/magic/sites/{site_id}/acls

Creates a new Site ACL.

Delete Site ACL -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Remove a specific Site ACL.

Patch Site ACL -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Patch a specific Site ACL.

Site ACL Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Get a specific Site ACL.

List Site ACLs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/acls

Lists Site ACLs associated with an account.

Update Site ACL -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/acls/{acl_id}

Update a specific Site ACL.

Security
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example: X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example: X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Parameters
account_id: string
(maxLength: 32)

Identifier

site_id: string
(maxLength: 32)

Identifier

acl_id: string
(maxLength: 32)

Identifier

Body parameters
description: string
Optional

Description for the ACL.

forward_locally: boolean
Optional

The desired forwarding action for this ACL policy. If set to "false", the policy will forward traffic to Cloudflare. If set to "true", the policy will forward traffic locally on the Magic Connector. If not included in request, will default to false.

lan_1:
Optional
lan_2:
Optional
name: string
Optional

The name of the ACL.

protocols: Array<>
Optional
unidirectional: boolean
Optional

The desired traffic direction for this ACL policy. If set to "false", the policy will allow bidirectional traffic. If set to "true", the policy will only allow traffic in one direction. If not included in request, will default to false.

Response fields
errors: Array<>
messages: Array<>
result:

Bidirectional ACL policy for network traffic within a site.

success: true

Whether the API call was successful

Request example
200Example

Domain types

ACL = { id, description, forward_locally, 5 more... }

Bidirectional ACL policy for network traffic within a site.

ACLConfiguration = { lan_id, lan_name, ports, 1 more... }
AllowedProtocol = "tcp" | "udp" | "icmp"

Array of allowed communication protocols between configured LANs. If no protocols are provided, all protocols are allowed.

Subnet = string

A valid IPv4 address.

magic_transit.sites.lans

Methods

Create A New Site LAN -> Envelope<Array<>>
post/accounts/{account_id}/magic/sites/{site_id}/lans

Creates a new Site LAN. If the site is in high availability mode, static_addressing is required along with secondary and virtual address.

Delete Site LAN -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Remove a specific Site LAN.

Patch Site LAN -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Patch a specific Site LAN.

Site LAN Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Get a specific Site LAN.

List Site LANs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/lans

Lists Site LANs associated with an account.

Update Site LAN -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/lans/{lan_id}

Update a specific Site LAN.

Domain types

DHCPRelay = { server_addresses }
DHCPServer = { dhcp_pool_end, dhcp_pool_start, dns_server, 1 more... }
LAN = { id, ha_link, name, 6 more... }
LANStaticAddressing = { address, dhcp_relay, dhcp_server, 2 more... }

If the site is not configured in high availability mode, this configuration is optional (if omitted, use DHCP). However, if in high availability mode, static_address is required along with secondary and virtual address.

Nat = { static_prefix }
RoutedSubnet = { next_hop, prefix, nat }

magic_transit.sites.wans

Methods

Create A New Site WAN -> Envelope<Array<>>
post/accounts/{account_id}/magic/sites/{site_id}/wans

Creates a new Site WAN.

Delete Site WAN -> Envelope<>
delete/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Remove a specific Site WAN.

Patch Site WAN -> Envelope<>
patch/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Patch a specific Site WAN.

Site WAN Details -> Envelope<>
get/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Get a specific Site WAN.

List Site WANs -> SinglePage<>
get/accounts/{account_id}/magic/sites/{site_id}/wans

Lists Site WANs associated with an account.

Update Site WAN -> Envelope<>
put/accounts/{account_id}/magic/sites/{site_id}/wans/{wan_id}

Update a specific Site WAN.

Domain types

WAN = { id, health_check_rate, name, 5 more... }
WANStaticAddressing = { address, gateway_address, secondary_address }

(optional) if omitted, use DHCP. Submit secondary_address when site is in high availability mode.