API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Token Validation

Token ValidationConfiguration

List token validation configurations

GET/zones/{zone_id}/token_validation/config

Get a single Token Configuration

GET/zones/{zone_id}/token_validation/config/{config_id}

Create a new Token Validation configuration

POST/zones/{zone_id}/token_validation/config

Edit an existing Token Configuration

PATCH/zones/{zone_id}/token_validation/config/{config_id}

Delete Token Configuration

DELETE/zones/{zone_id}/token_validation/config/{config_id}

ModelsExpand Collapse

TokenConfig { id, created_at, credentials, 5 more }

id: string

UUID.

maxLength36

minLength36

created_at: string

formatdate-time

credentials: { keys }

keys: array of { alg, e, kid, 2 more } or { alg, crv, kid, 3 more } or { alg, crv, kid, 3 more }

One of the following:

APIShieldCredentialsJWTKeyRSA { alg, e, kid, 2 more }

JSON representation of an RSA key.

alg: "RS256" or "RS384" or "RS512" or 3 more

Algorithm

One of the following:

"RS256"

"RS384"

"RS512"

"PS256"

"PS384"

"PS512"

e: string

RSA exponent

kid: string

Key ID

kty: "RSA"

Key Type

n: string

RSA modulus

APIShieldCredentialsJWTKeyEcEs256 { alg, crv, kid, 3 more }

JSON representation of an ES256 key

alg: "ES256"

Algorithm

crv: "P-256"

Curve

kid: string

Key ID

kty: "EC"

Key Type

x: string

X EC coordinate

y: string

Y EC coordinate

APIShieldCredentialsJWTKeyEcEs384 { alg, crv, kid, 3 more }

JSON representation of an ES384 key

alg: "ES384"

Algorithm

crv: "P-384"

Curve

kid: string

Key ID

kty: "EC"

Key Type

x: string

X EC coordinate

y: string

Y EC coordinate

description: string

maxLength500

last_updated: string

formatdate-time

title: string

maxLength50

token_sources: array of string

token_type: "JWT"

ConfigurationEditResponse { id, description, title, token_sources }

id: optional string

UUID.

maxLength36

minLength36

description: optional string

maxLength500

title: optional string

maxLength50

token_sources: optional array of string

ConfigurationDeleteResponse { id }

id: optional string

UUID.

maxLength36

minLength36

Token ValidationConfigurationCredentials

Update Token Configuration credentials

PUT/zones/{zone_id}/token_validation/config/{config_id}/credentials

ModelsExpand Collapse

CredentialUpdateResponse { errors, keys, messages, success }

errors: Message { code, message, documentation_url, source }

keys: array of { alg, e, kid, 2 more } or { alg, crv, kid, 3 more } or { alg, crv, kid, 3 more }

One of the following:

APIShieldCredentialsJWTKeyRSA { alg, e, kid, 2 more }

JSON representation of an RSA key.

alg: "RS256" or "RS384" or "RS512" or 3 more

Algorithm

One of the following:

"RS256"

"RS384"

"RS512"

"PS256"

"PS384"

"PS512"

e: string

RSA exponent

kid: string

Key ID

kty: "RSA"

Key Type

n: string

RSA modulus

APIShieldCredentialsJWTKeyEcEs256 { alg, crv, kid, 3 more }

JSON representation of an ES256 key

alg: "ES256"

Algorithm

crv: "P-256"

Curve

kid: string

Key ID

kty: "EC"

Key Type

x: string

X EC coordinate

y: string

Y EC coordinate

APIShieldCredentialsJWTKeyEcEs384 { alg, crv, kid, 3 more }

JSON representation of an ES384 key

alg: "ES384"

Algorithm

crv: "P-384"

Curve

kid: string

Key ID

kty: "EC"

Key Type

x: string

X EC coordinate

y: string

Y EC coordinate

messages: Message { code, message, documentation_url, source }

success: true

Whether the API call was successful.

Token ValidationRules

List token validation rules

GET/zones/{zone_id}/token_validation/rules

Create a token validation rule

POST/zones/{zone_id}/token_validation/rules

Bulk create token validation rules

POST/zones/{zone_id}/token_validation/rules/bulk

Bulk edit token validation rules

PATCH/zones/{zone_id}/token_validation/rules/bulk

Get a zone token validation rule

GET/zones/{zone_id}/token_validation/rules/{rule_id}

Delete a zone token validation rule

DELETE/zones/{zone_id}/token_validation/rules/{rule_id}

Edit a zone token validation rule

PATCH/zones/{zone_id}/token_validation/rules/{rule_id}

ModelsExpand Collapse

TokenValidationRule { action, description, enabled, 6 more }

A Token Validation rule that can enforce security policies using JWT Tokens.

action: "log" or "block"

Action to take on requests that match operations included in selector and fail expression.

One of the following:

"log"

"block"

description: string

A human-readable description that gives more details than title.

maxLength500

enabled: boolean

Toggle rule on or off.

expression: string

Rule expression. Requests that fail to match this expression will be subject to action.

For details on expressions, see the Cloudflare Docs.

selector: { exclude, include }

Select operations covered by this rule.

For details on selectors, see the Cloudflare Docs.

exclude: optional array of { operation_ids }

Ignore operations that were otherwise included by include.

operation_ids: optional array of string

Excluded operation IDs.

include: optional array of { host }

Select all matching operations.

host: optional array of string

Included hostnames.

title: string

A human-readable name for the rule.

maxLength50

id: optional string

UUID.

maxLength36

minLength36

created_at: optional string

formatdate-time

last_updated: optional string

formatdate-time

RuleDeleteResponse = unknown