Client-side security API
You can enable and disable client-side security's resource monitoring, configure settings, and fetch information about detected scripts and connections using the client-side security API (formerly known as Page Shield API).
To authenticate API requests you need an API token. For more information on the required API token permissions, refer to Roles and permissions.
You can obtain the complete endpoint by appending the client-side security API endpoints to the Cloudflare API base URL:
https://api.cloudflare.com/client/v4The {zone_id} argument is the zone ID (a hexadecimal string). You can find this value in the Cloudflare dashboard or using the Cloudflare API's /zones endpoint.
The {script_id} argument is the script ID (a hexadecimal string). This value is included in the response of the List client-side security scripts operation for every detected script.
The {connection_id} argument is the connection ID (a hexadecimal string). This value is included in the response of the List client-side security connections API operation for every detected connection.
The following table summarizes the available operations:
| Operation | Method + URL stub | Notes |
|---|---|---|
| Get client-side security settings | GET zones/{zone_id}/page_shield | Fetch client-side security settings (including the status). |
| Update client-side security settings | PUT zones/{zone_id}/page_shield | Update client-side security settings. |
| List client-side security scripts | GET zones/{zone_id}/page_shield/scripts | Fetch a list of detected scripts. |
| Get a client-side security script | GET zones/{zone_id}/page_shield/scripts/{script_id} | Fetch the details of a script. |
| List client-side security connections | GET zones/{zone_id}/page_shield/connections | Fetch a list of detected connections. |
| Get a client-side security connection | GET zones/{zone_id}/page_shield/connections/{connection_id} | Fetch the details of a connection. |
| List client-side security cookies | GET zones/{zone_id}/page_shield/cookies | Fetch a list of detected cookies. |
| Get a client-side security cookie | GET zones/{zone_id}/page_shield/cookies/{cookie_id} | Fetch the details of a cookie. |
| List content security rules | GET zones/{zone_id}/page_shield/policies | Fetch a list of all configured content security rules. |
| Get a content security rule | GET zones/{zone_id}/page_shield/policies/{policy_id} | Fetch the details of a content security rule. |
| Create a content security rule | POST zones/{zone_id}/page_shield/policies | Creates a content security rule with the provided configuration. |
| Update a content security rule | PUT zones/{zone_id}/page_shield/policies/{policy_id} | Updates an existing content security rule. |
| Delete a content security rule | DELETE zones/{zone_id}/page_shield/policies/{policy_id} | Deletes an existing content security rule. |
The malicious script classification (Malicious or Not malicious) is not directly available in the API. To determine this classification, compare the script's js_integrity_score value with the classification threshold, which is currently set to 10. Scripts with a score value lower than the threshold are considered malicious.
This example obtains the current settings of Cloudflare's client-side security, including the status (enabled/disabled).
Required API token permissions
At least one of the following token permissions
is required:
Page ShieldDomain Page Shield ReadDomain Page ShieldPage Shield ReadZone Settings WriteZone Settings Read
curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/page_shield" \ --request GET \ --header "X-Auth-Email: $CLOUDFLARE_EMAIL" \ --header "X-Auth-Key: $CLOUDFLARE_API_KEY"{ "result": { "enabled": true, "updated_at": "2023-05-14T11:47:55.677555Z", "use_cloudflare_reporting_endpoint": true, "use_connection_url_path": false }, "success": true, "errors": [], "messages": []}This example enables Cloudflare's client-side security in the specified zone.
Required API token permissions
At least one of the following token permissions
is required:
Page ShieldDomain Page ShieldZone Settings Write
curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/page_shield" \ --request PUT \ --header "X-Auth-Email: $CLOUDFLARE_EMAIL" \ --header "X-Auth-Key: $CLOUDFLARE_API_KEY" \ --json '{