LogoCloudflare API

Zero Trust

zero_trust

Zero Trust

Access

zero_trust.access

Zero TrustAccess

Applications

zero_trust.access.applications

Methods

Add An Access Application -> Envelope<{ domain, type, id, 29 more... } | { id, allowed_idps, app_launcher_visible, 12 more... } | { domain, type, id, 29 more... } | 7 more...>
post/{accounts_or_zones}/{account_or_zone_id}/access/apps

Adds a new application to Access.

Delete An Access Application -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}

Deletes an application from Access.

Get An Access Application -> Envelope<{ domain, type, id, 29 more... } | { id, allowed_idps, app_launcher_visible, 12 more... } | { domain, type, id, 29 more... } | 7 more...>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}

Fetches information about an Access application.

List Access Applications -> V4PagePaginationArray<{ domain, type, id, 29 more... } | { id, allowed_idps, app_launcher_visible, 12 more... } | { domain, type, id, 29 more... } | 7 more...>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps

Lists all Access applications in an account or zone.

Revoke Application Tokens -> Envelope<unknown>
post/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/revoke_tokens

Revokes all tokens issued for an application.

Update An Access Application -> Envelope<{ domain, type, id, 29 more... } | { id, allowed_idps, app_launcher_visible, 12 more... } | { domain, type, id, 29 more... } | 7 more...>
put/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}

Updates an Access application.

Domain types

AllowedHeaders = string
AllowedIdPs = string

The identity providers selected for application.

AllowedMethods = "GET" | "POST" | "HEAD" | 6 more...
AllowedOrigins = string
AppID = string

Identifier.

Application = { domain, type, id, 20 more... } | { id, allowed_idps, app_launcher_visible, 9 more... } | { domain, type, id, 20 more... } | 5 more...
ApplicationPolicy = { id, approval_groups, approval_required, 11 more... }
ApplicationSCIMConfig = { idp_uid, remote_uri, authentication, 3 more... }

Configuration for provisioning to this application via SCIM. This is currently in closed beta.

ApplicationType = "self_hosted" | "saas" | "ssh" | 8 more...

The application type.

CORSHeaders = { allow_all_headers, allow_all_methods, allow_all_origins, 5 more... }
Decision = "allow" | "deny" | "non_identity" | 1 more...

The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action.

OIDCSaaSApp = { access_token_lifetime, allow_pkce_without_client_secret, app_launcher_url, 13 more... }
SaaSAppNameIDFormat = "id" | "email"

The format of the name identifier sent to the SaaS application.

SAMLSaaSApp = { auth_type, consumer_service_url, created_at, 10 more... }
SCIMConfigAuthenticationHTTPBasic = { password, scheme, user }

Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.

SCIMConfigAuthenticationOauth2 = { authorization_url, client_id, client_secret, 3 more... }

Attributes for configuring OAuth 2 authentication scheme for SCIM provisioning to an application.

SCIMConfigAuthenticationOAuthBearerToken = { token, scheme }

Attributes for configuring OAuth Bearer Token authentication scheme for SCIM provisioning to an application.

SCIMConfigMapping = { schema, enabled, filter, 3 more... }

Transformations and filters applied to resources before they are provisioned in the remote SCIM service.

SelfHostedDomains = string

A domain that Access will secure.

Zero TrustAccessApplications

CAs

zero_trust.access.applications.cas

Methods

Create A Short Lived Certificate CA -> Envelope<
CA
>
post/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/ca

Generates a new short-lived certificate CA and public key.

Delete A Short Lived Certificate CA -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/ca

Deletes a short-lived certificate CA.

Get A Short Lived Certificate CA -> Envelope<
CA
>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/ca

Fetches a short-lived certificate CA and its public key.

List Short Lived Certificate CAs -> V4PagePaginationArray<
CA
>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/ca

Lists short-lived certificate CAs and their public keys.

Domain types

CA = { id, aud, public_key }
Zero TrustAccessApplications

Policies

zero_trust.access.applications.policies

Methods

Create An Access Application Policy -> Envelope<{ id, approval_groups, approval_required, 12 more... }>
post/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies

Creates a policy applying exclusive to a single application that defines the users or groups who can reach it. We recommend creating a reusable policy instead and subsequently referencing its ID in the application's 'policies' array.

Delete An Access Application Policy -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies/{policy_id}

Deletes an Access policy specific to an application. To delete a reusable policy, use the /account or zones/{account or zone_id}/policies/{uid} endpoint.

Get An Access Application Policy -> Envelope<{ id, approval_groups, approval_required, 12 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies/{policy_id}

Fetches a single Access policy configured for an application. Returns both exclusively owned and reusable policies used by the application.

List Access Application Policies -> V4PagePaginationArray<{ id, approval_groups, approval_required, 12 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies

Lists Access policies configured for an application. Returns both exclusively scoped and reusable policies used by the application.

Update An Access Application Policy -> Envelope<{ id, approval_groups, approval_required, 12 more... }>
put/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies/{policy_id}

Updates an Access policy specific to an application. To update a reusable policy, use the /account or zones/{account or zone_id}/policies/{uid} endpoint.

Domain types

AccessDevicePostureRule = { device_posture }

Enforces a device posture rule has run successfully

AccessRule =
GroupRule
|
AnyValidServiceTokenRule
| { auth_context } | 21 more...

Matches an Access group.

AnyValidServiceTokenRule = { any_valid_service_token }

Matches any valid Access Service Token

AuthenticationMethodRule = { auth_method }

Enforce different MFA options

AzureGroupRule = { azureAD }

Matches an Azure group. Requires an Azure identity provider.

CertificateRule = { certificate }

Matches any valid client certificate.

CountryRule = { geo }

Matches a specific country

DomainRule = { email_domain }

Match an entire email domain.

EmailListRule = { email_list }

Matches an email address from a list.

EmailRule = { email }

Matches a specific email.

EveryoneRule = { everyone }

Matches everyone.

ExternalEvaluationRule = { external_evaluation }

Create Allow or Block policies which evaluate the user based on custom criteria.

GitHubOrganizationRule = { github-organization }

Matches a Github organization. Requires a Github identity provider.

GroupRule = { group }

Matches an Access group.

GSuiteGroupRule = { gsuite }

Matches a group in Google Workspace. Requires a Google Workspace identity provider.

IPListRule = { ip_list }

Matches an IP address from a list.

IPRule = { ip }

Matches an IP address block.

OktaGroupRule = { okta }

Matches an Okta group. Requires an Okta identity provider.

SAMLGroupRule = { saml }

Matches a SAML group. Requires a SAML identity provider.

ServiceTokenRule = { service_token }

Matches a specific Access Service Token

Zero TrustAccessApplications

Policy Tests

zero_trust.access.applications.policy_tests

Methods

Start Access Policy Test -> Envelope<{ id, status }>
post/accounts/{account_id}/access/policy-tests

Starts an Access policy test.

Get The Current Status Of A Given Access Policy Test -> Envelope<{ id, percent_approved, percent_blocked, 7 more... }>
get/accounts/{account_id}/access/policy-tests/{policy_test_id}

Fetches the current status of a given Access policy test.

Zero TrustAccessApplicationsPolicy Tests

Users

zero_trust.access.applications.policy_tests.users

Methods

Get An Access Policy Test Users Page -> V4PagePaginationArray<{ id, email, name, 1 more... }>
get/accounts/{account_id}/access/policy-tests/{policy_test_id}/users

Fetches a single page of user results from an Access policy test.

Zero TrustAccessApplications

Settings

zero_trust.access.applications.settings

Methods

Update Access Application Settings -> Envelope<{ allow_iframe, skip_interstitial }>
patch/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/settings

Updates Access application settings.

Update Access Application Settings -> Envelope<{ allow_iframe, skip_interstitial }>
put/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/settings

Updates Access application settings.

Zero TrustAccessApplications

User Policy Checks

zero_trust.access.applications.user_policy_checks

Methods

Test Access Policies -> Envelope<{ app_state, user_identity }>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/user_policy_checks

Tests if a specific user has permission to access an application.

Domain types

UserPolicyCheckGeo = { country }
Zero TrustAccess

Bookmarks

zero_trust.access.bookmarks

Methods

Create A Bookmark Application -> Envelope<
Bookmark
>
Deprecated
post/accounts/{account_id}/access/bookmarks/{bookmark_id}

Create a new Bookmark application.

Delete A Bookmark Application -> Envelope<{ id }>
Deprecated
delete/accounts/{account_id}/access/bookmarks/{bookmark_id}

Deletes a Bookmark application.

Get A Bookmark Application -> Envelope<
Bookmark
>
Deprecated
get/accounts/{account_id}/access/bookmarks/{bookmark_id}

Fetches a single Bookmark application.

List Bookmark Applications -> SinglePage<
Bookmark
>
Deprecated
get/accounts/{account_id}/access/bookmarks

Lists Bookmark applications.

Update A Bookmark Application -> Envelope<
Bookmark
>
Deprecated
put/accounts/{account_id}/access/bookmarks/{bookmark_id}

Updates a configured Bookmark application.

Domain types

Bookmark = { id, app_launcher_visible, created_at, 4 more... }
Zero TrustAccess

Certificates

zero_trust.access.certificates

Methods

Add An M TLS Certificate -> Envelope<
Certificate
>
post/{accounts_or_zones}/{account_or_zone_id}/access/certificates

Adds a new mTLS root certificate to Access.

Delete An M TLS Certificate -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}

Deletes an mTLS certificate.

Get An M TLS Certificate -> Envelope<
Certificate
>
get/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}

Fetches a single mTLS certificate.

List M TLS Certificates -> V4PagePaginationArray<
Certificate
>
get/{accounts_or_zones}/{account_or_zone_id}/access/certificates

Lists all mTLS root certificates.

Update An M TLS Certificate -> Envelope<
Certificate
>
put/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}

Updates a configured mTLS certificate.

Domain types

AssociatedHostnames = string

A fully-qualified domain name (FQDN).

Certificate = { id, associated_hostnames, created_at, 4 more... }
Zero TrustAccessCertificates

Settings

zero_trust.access.certificates.settings

Methods

List All M TLS Hostname Settings -> SinglePage<
CertificateSettings
>
get/{accounts_or_zones}/{account_or_zone_id}/access/certificates/settings

List all mTLS hostname settings for this account or zone.

Update An M TLS Certificate S Hostname Settings -> SinglePage<
CertificateSettings
>
put/{accounts_or_zones}/{account_or_zone_id}/access/certificates/settings

Updates an mTLS certificate's hostname settings.

Domain types

CertificateSettings = { china_network, client_certificate_forwarding, hostname }
Zero TrustAccess

Custom Pages

zero_trust.access.custom_pages

Methods

Create A Custom Page -> Envelope<
CustomPageWithoutHTML
>
post/accounts/{account_id}/access/custom_pages

Create a custom page

Delete A Custom Page -> Envelope<{ id }>
delete/accounts/{account_id}/access/custom_pages/{custom_page_id}

Delete a custom page

Get A Custom Page -> Envelope<
CustomPage
>
get/accounts/{account_id}/access/custom_pages/{custom_page_id}

Fetches a custom page and also returns its HTML.

List Custom Pages -> V4PagePaginationArray<
CustomPageWithoutHTML
>
get/accounts/{account_id}/access/custom_pages

List custom pages

Update A Custom Page -> Envelope<
CustomPageWithoutHTML
>
put/accounts/{account_id}/access/custom_pages/{custom_page_id}

Update a custom page

Domain types

CustomPage = { custom_html, name, type, 4 more... }
CustomPageWithoutHTML = { name, type, app_count, 3 more... }
Zero TrustAccess

Gateway CA

zero_trust.access.gateway_ca

Methods

Add A New SSH Certificate Authority CA -> Envelope<{ id, public_key }>
post/accounts/{account_id}/access/gateway_ca

Adds a new SSH Certificate Authority (CA).

Delete An SSH Certificate Authority CA -> Envelope<{ id }>
delete/accounts/{account_id}/access/gateway_ca/{certificate_id}

Deletes an SSH Certificate Authority.

List SSH Certificate Authorities CA -> SinglePage<{ id, public_key }>
get/accounts/{account_id}/access/gateway_ca

Lists SSH Certificate Authorities (CA).

Zero TrustAccess

Groups

zero_trust.access.groups

Methods

Create An Access Group -> Envelope<{ id, created_at, exclude, 5 more... }>
post/{accounts_or_zones}/{account_or_zone_id}/access/groups

Creates a new Access group.

Delete An Access Group -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/groups/{group_id}

Deletes an Access group.

Get An Access Group -> Envelope<{ id, created_at, exclude, 5 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/access/groups/{group_id}

Fetches a single Access group.

List Access Groups -> V4PagePaginationArray<{ id, created_at, exclude, 5 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/access/groups

Lists all Access groups.

Update An Access Group -> Envelope<{ id, created_at, exclude, 5 more... }>
put/{accounts_or_zones}/{account_or_zone_id}/access/groups/{group_id}

Updates a configured Access group.

Domain types

ZeroTrustGroup = { id, displayName, externalId, 2 more... }
Zero TrustAccess

Infrastructure

zero_trust.access.infrastructure

Zero TrustAccessInfrastructure

Targets

zero_trust.access.infrastructure.targets

Methods

Delete Targets Deprecated ->
Deprecated
delete/accounts/{account_id}/infrastructure/targets/batch

Removes one or more targets.

Delete Targets ->
post/accounts/{account_id}/infrastructure/targets/batch_delete

Removes one or more targets.

Create New Targets -> SinglePage<{ id, created_at, hostname, 2 more... }>
put/accounts/{account_id}/infrastructure/targets/batch

Adds one or more targets.

Create New Target -> Envelope<{ id, created_at, hostname, 2 more... }>
post/accounts/{account_id}/infrastructure/targets

Create new target

Delete Target ->
delete/accounts/{account_id}/infrastructure/targets/{target_id}

Delete target

Get Target -> Envelope<{ id, created_at, hostname, 2 more... }>
get/accounts/{account_id}/infrastructure/targets/{target_id}

Get target

List All Targets -> V4PagePaginationArray<{ id, created_at, hostname, 2 more... }>
get/accounts/{account_id}/infrastructure/targets

Lists and sorts an account’s targets. Filters are optional and are ANDed together.

Update Target -> Envelope<{ id, created_at, hostname, 2 more... }>
put/accounts/{account_id}/infrastructure/targets/{target_id}

Update target

Zero TrustAccess

Keys

zero_trust.access.keys

Methods

Get The Access Key Configuration -> Envelope<{ days_until_next_rotation, key_rotation_interval_days, last_key_rotation_at }>
get/accounts/{account_id}/access/keys

Gets the Access key rotation settings for an account.

Rotate Access Keys -> Envelope<{ days_until_next_rotation, key_rotation_interval_days, last_key_rotation_at }>
post/accounts/{account_id}/access/keys/rotate

Perfoms a key rotation for an account.

Update The Access Key Configuration -> Envelope<{ days_until_next_rotation, key_rotation_interval_days, last_key_rotation_at }>
put/accounts/{account_id}/access/keys

Updates the Access key rotation settings for an account.

Zero TrustAccess

Logs

zero_trust.access.logs

Zero TrustAccessLogs

Access Requests

zero_trust.access.logs.access_requests

Methods

Get Access Authentication Logs -> Envelope<Array<
AccessRequest
>>
get/accounts/{account_id}/access/logs/access_requests

Gets a list of Access authentication audit logs for an account.

Zero TrustAccessLogs

SCIM

zero_trust.access.logs.scim

Domain types

AccessRequest = { action, allowed, app_domain, 6 more... }
Zero TrustAccessLogsSCIM

Updates

zero_trust.access.logs.scim.updates

Methods

List Access SCIM Update Logs -> V4PagePaginationArray<{ cf_resource_id, error_description, idp_id, 8 more... }>
get/accounts/{account_id}/access/logs/scim/updates

Lists Access SCIM update logs that maintain a record of updates made to User and Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM).

Zero TrustAccess

Policies

zero_trust.access.policies

Methods

Create An Access Reusable Policy -> Envelope<{ id, app_count, approval_groups, 13 more... }>
post/accounts/{account_id}/access/policies

Creates a new Access reusable policy.

Delete An Access Reusable Policy -> Envelope<{ id }>
delete/accounts/{account_id}/access/policies/{policy_id}

Deletes an Access reusable policy.

Get An Access Reusable Policy -> Envelope<{ id, app_count, approval_groups, 13 more... }>
get/accounts/{account_id}/access/policies/{policy_id}

Fetches a single Access reusable policy.

List Access Reusable Policies -> V4PagePaginationArray<{ id, app_count, approval_groups, 13 more... }>
get/accounts/{account_id}/access/policies

Lists Access reusable policies.

Update An Access Reusable Policy -> Envelope<{ id, app_count, approval_groups, 13 more... }>
put/accounts/{account_id}/access/policies/{policy_id}

Updates a Access reusable policy.

Domain types

ApprovalGroup = { approvals_needed, email_addresses, email_list_uuid }

A group of email addresses that can approve a temporary authentication request.

Policy = { id, approval_groups, approval_required, 11 more... }
Zero TrustAccess

Service Tokens

zero_trust.access.service_tokens

Methods

Create A Service Token -> Envelope<{ id, client_id, client_secret, 4 more... }>
post/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens

Generates a new service token. Note: This is the only time you can get the Client Secret. If you lose the Client Secret, you will have to rotate the Client Secret or create a new service token.

Delete A Service Token -> Envelope<
ServiceToken
>
delete/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens/{service_token_id}

Deletes a service token.

Get A Service Token -> Envelope<
ServiceToken
>
get/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens/{service_token_id}

Fetches a single service token.

List Service Tokens -> V4PagePaginationArray<
ServiceToken
>
get/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens

Lists all service tokens.

Refresh A Service Token -> Envelope<
ServiceToken
>
post/accounts/{account_id}/access/service_tokens/{service_token_id}/refresh

Refreshes the expiration of a service token.

Rotate A Service Token -> Envelope<{ id, client_id, client_secret, 4 more... }>
post/accounts/{account_id}/access/service_tokens/{service_token_id}/rotate

Generates a new Client Secret for a service token and revokes the old one.

Update A Service Token -> Envelope<
ServiceToken
>
put/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens/{service_token_id}

Updates a configured service token.

Domain types

ServiceToken = { id, client_id, created_at, 5 more... }
Zero TrustAccess

Tags

zero_trust.access.tags

Methods

Create A Tag -> Envelope<
Tag
>
post/accounts/{account_id}/access/tags

Create a tag

Delete A Tag -> Envelope<{ name }>
delete/accounts/{account_id}/access/tags/{tag_name}

Delete a tag

Get A Tag -> Envelope<
Tag
>
get/accounts/{account_id}/access/tags/{tag_name}

Get a tag

List Tags -> V4PagePaginationArray<
Tag
>
get/accounts/{account_id}/access/tags

List tags

Update A Tag -> Envelope<
Tag
>
put/accounts/{account_id}/access/tags/{tag_name}

Update a tag

Domain types

Tag = { name, app_count, created_at, 1 more... }

A tag

Zero TrustAccess

Users

zero_trust.access.users

Methods

Get Users -> V4PagePaginationArray<{ id, access_seat, active_device_count, 8 more... }>
get/accounts/{account_id}/access/users

Gets a list of users for an account.

Domain types

AccessUser = { id, active, displayName, 4 more... }
Zero TrustAccessUsers

Active Sessions

zero_trust.access.users.active_sessions

Methods

Get Single Active Session -> Envelope<{ account_id, auth_status, common_name, 16 more... }>
get/accounts/{account_id}/access/users/{user_id}/active_sessions/{nonce}

Get an active session for a single user.

Get Active Sessions -> SinglePage<{ expiration, metadata, name }>
get/accounts/{account_id}/access/users/{user_id}/active_sessions

Get active sessions for a single user.

Zero TrustAccessUsers

Failed Logins

zero_trust.access.users.failed_logins

Methods

Get Failed Logins -> SinglePage<{ expiration, metadata }>
get/accounts/{account_id}/access/users/{user_id}/failed_logins

Get all failed login attempts for a single user.

Zero TrustAccessUsers

Last Seen Identity

zero_trust.access.users.last_seen_identity

Methods

Get Last Seen Identity -> Envelope<
Identity
>
get/accounts/{account_id}/access/users/{user_id}/last_seen_identity

Get last seen identity for a single user.

Domain types

Identity = { account_id, auth_status, common_name, 15 more... }
Zero Trust

Connectivity Settings

zero_trust.connectivity_settings

Methods

Updates The Zero Trust Connectivity Settings -> Envelope<{ icmp_proxy_enabled, offramp_warp_enabled }>
patch/accounts/{account_id}/zerotrust/connectivity_settings

Updates the Zero Trust Connectivity Settings for the given account.

Get Zero Trust Connectivity Settings -> Envelope<{ icmp_proxy_enabled, offramp_warp_enabled }>
get/accounts/{account_id}/zerotrust/connectivity_settings

Gets the Zero Trust Connectivity Settings for the given account.

Zero Trust

Devices

zero_trust.devices

Methods

Get Device Deprecated -> Envelope<{ id, account, created, 16 more... }>
Deprecated
get/accounts/{account_id}/devices/{device_id}

Fetches a single WARP device. Not supported when multi-user mode is enabled for the account.

Deprecated: please use one of the following endpoints instead:

  • GET /accounts/{account_id}/devices/physical-devices/{device_id}
  • GET /accounts/{account_id}/devices/registrations/{registration_id}
List Devices Deprecated -> SinglePage<
Device
>
Deprecated
get/accounts/{account_id}/devices

List WARP devices. Not supported when multi-user mode is enabled for the account.

Deprecated: please use one of the following endpoints instead:

  • GET /accounts/{account_id}/devices/physical-devices
  • GET /accounts/{account_id}/devices/registrations

Domain types

Device = { id, created, deleted, 17 more... }
Zero TrustDevices

Devices

zero_trust.devices.devices

Methods

Delete Device -> Envelope<unknown>
delete/accounts/{account_id}/devices/physical-devices/{device_id}

Deletes a WARP device.

Get Device -> Envelope<{ id, active_registrations, created_at, 15 more... }>
get/accounts/{account_id}/devices/physical-devices/{device_id}

Fetches a single WARP device.

List Devices -> CursorPagination<{ id, active_registrations, created_at, 15 more... }>
get/accounts/{account_id}/devices/physical-devices

Lists WARP devices.

Revoke Device Registrations -> Envelope<unknown>
post/accounts/{account_id}/devices/physical-devices/{device_id}/revoke

Revokes all WARP registrations associated with the specified device.

Zero TrustDevices

DEX Tests

zero_trust.devices.dex_tests

Methods

Create Device DEX Test -> Envelope<{ data, enabled, interval, 5 more... }>
post/accounts/{account_id}/dex/devices/dex_tests

Create a DEX test.

Delete Device DEX Test -> Envelope<{ dex_tests }>
delete/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}

Delete a Device DEX test. Returns the remaining device dex tests for the account.

Get Device DEX Test -> Envelope<{ data, enabled, interval, 5 more... }>
get/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}

Fetch a single DEX test.

List Device DEX Tests -> SinglePage<{ data, enabled, interval, 5 more... }>
get/accounts/{account_id}/dex/devices/dex_tests

Fetch all DEX tests

Update Device DEX Test -> Envelope<{ data, enabled, interval, 5 more... }>
put/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}

Update a DEX test.

Domain types

SchemaData = { host, kind, method }

The configuration object which contains the details for the WARP client to conduct the test.

SchemaHTTP = { data, enabled, interval, 5 more... }
Zero TrustDevices

Fleet Status

zero_trust.devices.fleet_status

Methods

Get The Live Status Of A Latest Device -> { colo, deviceId, mode, 35 more... }
get/accounts/{account_id}/dex/devices/{device_id}/fleet-status/live

Get the live status of a latest device given device_id from the device_state table

Zero TrustDevices

Networks

zero_trust.devices.networks

Methods

Create A Device Managed Network -> Envelope<
DeviceNetwork
>
post/accounts/{account_id}/devices/networks

Creates a new device managed network.

Delete A Device Managed Network -> SinglePage<
DeviceNetwork
>
delete/accounts/{account_id}/devices/networks/{network_id}

Deletes a device managed network and fetches a list of the remaining device managed networks for an account.

Get Device Managed Network Details -> Envelope<
DeviceNetwork
>
get/accounts/{account_id}/devices/networks/{network_id}

Fetches details for a single managed network.

List Your Device Managed Networks -> SinglePage<
DeviceNetwork
>
get/accounts/{account_id}/devices/networks

Fetches a list of managed networks for an account.

Update A Device Managed Network -> Envelope<
DeviceNetwork
>
put/accounts/{account_id}/devices/networks/{network_id}

Updates a configured device managed network.

Domain types

DeviceNetwork = { config, name, network_id, 1 more... }
Zero TrustDevices

Override Codes

zero_trust.devices.override_codes

Methods

Get Override Codes -> Envelope<{ disable_for_time }>
get/accounts/{account_id}/devices/registrations/{registration_id}/override_codes

Fetches one-time use admin override codes for a registration. This relies on the Admin Override setting being enabled in your device configuration.

Get Override Codes Deprecated -> SinglePage<unknown>
Deprecated
get/accounts/{account_id}/devices/{device_id}/override_codes

Fetches a one-time use admin override code for a device. This relies on the Admin Override setting being enabled in your device configuration. Not supported when multi-user mode is enabled for the account. Deprecated: please use GET /accounts/{account_id}/devices/registrations/{registration_id}/override_codes instead.

Zero TrustDevices

Policies

zero_trust.devices.policies

Domain types

DevicePolicyCertificates = { enabled }
FallbackDomain = { suffix, description, dns_server }
FallbackDomainPolicy = Array<
FallbackDomain
>
SettingsPolicy = { allow_mode_switch, allow_updates, allowed_to_leave, 24 more... }
SplitTunnelExclude = { address, description } | { host, description }
SplitTunnelInclude = { address, description } | { host, description }
Zero TrustDevicesPolicies

Custom

zero_trust.devices.policies.custom

Methods

Create A Device Settings Profile -> Envelope<
SettingsPolicy
>
post/accounts/{account_id}/devices/policy

Creates a device settings profile to be applied to certain devices matching the criteria.

Delete A Device Settings Profile -> SinglePage<
SettingsPolicy
>
delete/accounts/{account_id}/devices/policy/{policy_id}

Deletes a device settings profile and fetches a list of the remaining profiles for an account.

Update A Device Settings Profile -> Envelope<
SettingsPolicy
>
patch/accounts/{account_id}/devices/policy/{policy_id}

Updates a configured device settings profile.

Get Device Settings Profile By ID -> Envelope<
SettingsPolicy
>
get/accounts/{account_id}/devices/policy/{policy_id}

Fetches a device settings profile by ID.

List Device Settings Profiles -> SinglePage<
SettingsPolicy
>
get/accounts/{account_id}/devices/policies

Fetches a list of the device settings profiles for an account.

Zero TrustDevicesPoliciesCustom

Excludes

zero_trust.devices.policies.custom.excludes

Methods

Get The Split Tunnel Exclude List For A Device Settings Profile -> SinglePage<
SplitTunnelExclude
>
get/accounts/{account_id}/devices/policy/{policy_id}/exclude

Fetches the list of routes excluded from the WARP client's tunnel for a specific device settings profile.

Set The Split Tunnel Exclude List For A Device Settings Profile -> SinglePage<
SplitTunnelExclude
>
put/accounts/{account_id}/devices/policy/{policy_id}/exclude

Sets the list of routes excluded from the WARP client's tunnel for a specific device settings profile.