LogoCloudflare API

Zero Trust

zero_trust

Zero Trust

Access

zero_trust.access

Zero TrustAccess

Applications

zero_trust.access.applications

Methods

Add An Access Application -> Envelope<{ domain, type, id, 29 more... } | { id, allowed_idps, app_launcher_visible, 12 more... } | { domain, type, id, 29 more... } | 7 more...>
post/{accounts_or_zones}/{account_or_zone_id}/access/apps

Adds a new application to Access.

Delete An Access Application -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}

Deletes an application from Access.

Get An Access Application -> Envelope<{ domain, type, id, 29 more... } | { id, allowed_idps, app_launcher_visible, 12 more... } | { domain, type, id, 29 more... } | 7 more...>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}

Fetches information about an Access application.

List Access Applications -> V4PagePaginationArray<{ domain, type, id, 29 more... } | { id, allowed_idps, app_launcher_visible, 12 more... } | { domain, type, id, 29 more... } | 7 more...>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps

Lists all Access applications in an account or zone.

Revoke Application Tokens -> Envelope<unknown>
post/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/revoke_tokens

Revokes all tokens issued for an application.

Update An Access Application -> Envelope<{ domain, type, id, 29 more... } | { id, allowed_idps, app_launcher_visible, 12 more... } | { domain, type, id, 29 more... } | 7 more...>
put/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}

Updates an Access application.

Domain types

AllowedHeaders = string
AllowedIdPs = string

The identity providers selected for application.

AllowedMethods = "GET" | "POST" | "HEAD" | 6 more...
AllowedOrigins = string
AppID = string

Identifier.

Application = { domain, type, id, 20 more... } | { id, allowed_idps, app_launcher_visible, 9 more... } | { domain, type, id, 20 more... } | 5 more...
ApplicationPolicy = { id, approval_groups, approval_required, 11 more... }
ApplicationSCIMConfig = { idp_uid, remote_uri, authentication, 3 more... }

Configuration for provisioning to this application via SCIM. This is currently in closed beta.

ApplicationType = "self_hosted" | "saas" | "ssh" | 8 more...

The application type.

CORSHeaders = { allow_all_headers, allow_all_methods, allow_all_origins, 5 more... }
Decision = "allow" | "deny" | "non_identity" | 1 more...

The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action.

OIDCSaaSApp = { access_token_lifetime, allow_pkce_without_client_secret, app_launcher_url, 13 more... }
SaaSAppNameIDFormat = "id" | "email"

The format of the name identifier sent to the SaaS application.

SAMLSaaSApp = { auth_type, consumer_service_url, created_at, 10 more... }
SCIMConfigAuthenticationHTTPBasic = { password, scheme, user }

Attributes for configuring HTTP Basic authentication scheme for SCIM provisioning to an application.

SCIMConfigAuthenticationOauth2 = { authorization_url, client_id, client_secret, 3 more... }

Attributes for configuring OAuth 2 authentication scheme for SCIM provisioning to an application.

SCIMConfigAuthenticationOAuthBearerToken = { token, scheme }

Attributes for configuring OAuth Bearer Token authentication scheme for SCIM provisioning to an application.

SCIMConfigMapping = { schema, enabled, filter, 3 more... }

Transformations and filters applied to resources before they are provisioned in the remote SCIM service.

SelfHostedDomains = string

A domain that Access will secure.

Zero TrustAccessApplications

CAs

zero_trust.access.applications.cas

Methods

Create A Short Lived Certificate CA -> Envelope<
CA
>
post/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/ca

Generates a new short-lived certificate CA and public key.

Delete A Short Lived Certificate CA -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/ca

Deletes a short-lived certificate CA.

Get A Short Lived Certificate CA -> Envelope<
CA
>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/ca

Fetches a short-lived certificate CA and its public key.

List Short Lived Certificate CAs -> V4PagePaginationArray<
CA
>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/ca

Lists short-lived certificate CAs and their public keys.

Domain types

CA = { id, aud, public_key }
Zero TrustAccessApplications

Policies

zero_trust.access.applications.policies

Methods

Create An Access Application Policy -> Envelope<{ id, approval_groups, approval_required, 12 more... }>
post/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies

Creates a policy applying exclusive to a single application that defines the users or groups who can reach it. We recommend creating a reusable policy instead and subsequently referencing its ID in the application's 'policies' array.

Delete An Access Application Policy -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies/{policy_id}

Deletes an Access policy specific to an application. To delete a reusable policy, use the /account or zones/{account or zone_id}/policies/{uid} endpoint.

Get An Access Application Policy -> Envelope<{ id, approval_groups, approval_required, 12 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies/{policy_id}

Fetches a single Access policy configured for an application. Returns both exclusively owned and reusable policies used by the application.

List Access Application Policies -> V4PagePaginationArray<{ id, approval_groups, approval_required, 12 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies

Lists Access policies configured for an application. Returns both exclusively scoped and reusable policies used by the application.

Update An Access Application Policy -> Envelope<{ id, approval_groups, approval_required, 12 more... }>
put/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/policies/{policy_id}

Updates an Access policy specific to an application. To update a reusable policy, use the /account or zones/{account or zone_id}/policies/{uid} endpoint.

Domain types

AccessDevicePostureRule = { device_posture }

Enforces a device posture rule has run successfully

AccessRule =
GroupRule
|
AnyValidServiceTokenRule
| { auth_context } | 21 more...

Matches an Access group.

AnyValidServiceTokenRule = { any_valid_service_token }

Matches any valid Access Service Token

AuthenticationMethodRule = { auth_method }

Enforce different MFA options

AzureGroupRule = { azureAD }

Matches an Azure group. Requires an Azure identity provider.

CertificateRule = { certificate }

Matches any valid client certificate.

CountryRule = { geo }

Matches a specific country

DomainRule = { email_domain }

Match an entire email domain.

EmailListRule = { email_list }

Matches an email address from a list.

EmailRule = { email }

Matches a specific email.

EveryoneRule = { everyone }

Matches everyone.

ExternalEvaluationRule = { external_evaluation }

Create Allow or Block policies which evaluate the user based on custom criteria.

GitHubOrganizationRule = { github-organization }

Matches a Github organization. Requires a Github identity provider.

GroupRule = { group }

Matches an Access group.

GSuiteGroupRule = { gsuite }

Matches a group in Google Workspace. Requires a Google Workspace identity provider.

IPListRule = { ip_list }

Matches an IP address from a list.

IPRule = { ip }

Matches an IP address block.

OktaGroupRule = { okta }

Matches an Okta group. Requires an Okta identity provider.

SAMLGroupRule = { saml }

Matches a SAML group. Requires a SAML identity provider.

ServiceTokenRule = { service_token }

Matches a specific Access Service Token

Zero TrustAccessApplications

Policy Tests

zero_trust.access.applications.policy_tests

Methods

Start Access Policy Test -> Envelope<{ id, status }>
post/accounts/{account_id}/access/policy-tests

Starts an Access policy test.

Get The Current Status Of A Given Access Policy Test -> Envelope<{ id, percent_approved, percent_blocked, 7 more... }>
get/accounts/{account_id}/access/policy-tests/{policy_test_id}

Fetches the current status of a given Access policy test.

Zero TrustAccessApplicationsPolicy Tests

Users

zero_trust.access.applications.policy_tests.users

Methods

Get An Access Policy Test Users Page -> V4PagePaginationArray<{ id, email, name, 1 more... }>
get/accounts/{account_id}/access/policy-tests/{policy_test_id}/users

Fetches a single page of user results from an Access policy test.

Zero TrustAccessApplications

Settings

zero_trust.access.applications.settings

Methods

Update Access Application Settings -> Envelope<{ allow_iframe, skip_interstitial }>
patch/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/settings

Updates Access application settings.

Update Access Application Settings -> Envelope<{ allow_iframe, skip_interstitial }>
put/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/settings

Updates Access application settings.

Zero TrustAccessApplications

User Policy Checks

zero_trust.access.applications.user_policy_checks

Methods

Test Access Policies -> Envelope<{ app_state, user_identity }>
get/{accounts_or_zones}/{account_or_zone_id}/access/apps/{app_id}/user_policy_checks

Tests if a specific user has permission to access an application.

Domain types

UserPolicyCheckGeo = { country }
Zero TrustAccess

Bookmarks

zero_trust.access.bookmarks

Methods

Create A Bookmark Application -> Envelope<
Bookmark
>
Deprecated
post/accounts/{account_id}/access/bookmarks/{bookmark_id}

Create a new Bookmark application.

Delete A Bookmark Application -> Envelope<{ id }>
Deprecated
delete/accounts/{account_id}/access/bookmarks/{bookmark_id}

Deletes a Bookmark application.

Get A Bookmark Application -> Envelope<
Bookmark
>
Deprecated
get/accounts/{account_id}/access/bookmarks/{bookmark_id}

Fetches a single Bookmark application.

List Bookmark Applications -> SinglePage<
Bookmark
>
Deprecated
get/accounts/{account_id}/access/bookmarks

Lists Bookmark applications.

Update A Bookmark Application -> Envelope<
Bookmark
>
Deprecated
put/accounts/{account_id}/access/bookmarks/{bookmark_id}

Updates a configured Bookmark application.

Domain types

Bookmark = { id, app_launcher_visible, created_at, 4 more... }
Zero TrustAccess

Certificates

zero_trust.access.certificates

Methods

Add An M TLS Certificate -> Envelope<
Certificate
>
post/{accounts_or_zones}/{account_or_zone_id}/access/certificates

Adds a new mTLS root certificate to Access.

Delete An M TLS Certificate -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}

Deletes an mTLS certificate.

Get An M TLS Certificate -> Envelope<
Certificate
>
get/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}

Fetches a single mTLS certificate.

List M TLS Certificates -> V4PagePaginationArray<
Certificate
>
get/{accounts_or_zones}/{account_or_zone_id}/access/certificates

Lists all mTLS root certificates.

Update An M TLS Certificate -> Envelope<
Certificate
>
put/{accounts_or_zones}/{account_or_zone_id}/access/certificates/{certificate_id}

Updates a configured mTLS certificate.

Domain types

AssociatedHostnames = string

A fully-qualified domain name (FQDN).

Certificate = { id, associated_hostnames, created_at, 4 more... }
Zero TrustAccessCertificates

Settings

zero_trust.access.certificates.settings

Methods

List All M TLS Hostname Settings -> SinglePage<
CertificateSettings
>
get/{accounts_or_zones}/{account_or_zone_id}/access/certificates/settings

List all mTLS hostname settings for this account or zone.

Update An M TLS Certificate S Hostname Settings -> SinglePage<
CertificateSettings
>
put/{accounts_or_zones}/{account_or_zone_id}/access/certificates/settings

Updates an mTLS certificate's hostname settings.

Domain types

CertificateSettings = { china_network, client_certificate_forwarding, hostname }
Zero TrustAccess

Custom Pages

zero_trust.access.custom_pages

Methods

Create A Custom Page -> Envelope<
CustomPageWithoutHTML
>
post/accounts/{account_id}/access/custom_pages

Create a custom page

Delete A Custom Page -> Envelope<{ id }>
delete/accounts/{account_id}/access/custom_pages/{custom_page_id}

Delete a custom page

Get A Custom Page -> Envelope<
CustomPage
>
get/accounts/{account_id}/access/custom_pages/{custom_page_id}

Fetches a custom page and also returns its HTML.

List Custom Pages -> V4PagePaginationArray<
CustomPageWithoutHTML
>
get/accounts/{account_id}/access/custom_pages

List custom pages

Update A Custom Page -> Envelope<
CustomPageWithoutHTML
>
put/accounts/{account_id}/access/custom_pages/{custom_page_id}

Update a custom page

Domain types

CustomPage = { custom_html, name, type, 4 more... }
CustomPageWithoutHTML = { name, type, app_count, 3 more... }
Zero TrustAccess

Gateway CA

zero_trust.access.gateway_ca

Methods

Add A New SSH Certificate Authority CA -> Envelope<{ id, public_key }>
post/accounts/{account_id}/access/gateway_ca

Adds a new SSH Certificate Authority (CA).

Delete An SSH Certificate Authority CA -> Envelope<{ id }>
delete/accounts/{account_id}/access/gateway_ca/{certificate_id}

Deletes an SSH Certificate Authority.

List SSH Certificate Authorities CA -> SinglePage<{ id, public_key }>
get/accounts/{account_id}/access/gateway_ca

Lists SSH Certificate Authorities (CA).

Zero TrustAccess

Groups

zero_trust.access.groups

Methods

Create An Access Group -> Envelope<{ id, created_at, exclude, 5 more... }>
post/{accounts_or_zones}/{account_or_zone_id}/access/groups

Creates a new Access group.

Delete An Access Group -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/access/groups/{group_id}

Deletes an Access group.

Get An Access Group -> Envelope<{ id, created_at, exclude, 5 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/access/groups/{group_id}

Fetches a single Access group.

List Access Groups -> V4PagePaginationArray<{ id, created_at, exclude, 5 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/access/groups

Lists all Access groups.

Update An Access Group -> Envelope<{ id, created_at, exclude, 5 more... }>
put/{accounts_or_zones}/{account_or_zone_id}/access/groups/{group_id}

Updates a configured Access group.

Domain types

ZeroTrustGroup = { id, displayName, externalId, 2 more... }
Zero TrustAccess

Infrastructure

zero_trust.access.infrastructure

Zero TrustAccessInfrastructure

Targets

zero_trust.access.infrastructure.targets

Methods

Delete Targets Deprecated ->
Deprecated
delete/accounts/{account_id}/infrastructure/targets/batch

Removes one or more targets.

Delete Targets ->
post/accounts/{account_id}/infrastructure/targets/batch_delete

Removes one or more targets.

Create New Targets -> SinglePage<{ id, created_at, hostname, 2 more... }>
put/accounts/{account_id}/infrastructure/targets/batch

Adds one or more targets.

Create New Target -> Envelope<{ id, created_at, hostname, 2 more... }>
post/accounts/{account_id}/infrastructure/targets

Create new target

Delete Target ->
delete/accounts/{account_id}/infrastructure/targets/{target_id}

Delete target

Get Target -> Envelope<{ id, created_at, hostname, 2 more... }>
get/accounts/{account_id}/infrastructure/targets/{target_id}

Get target

List All Targets -> V4PagePaginationArray<{ id, created_at, hostname, 2 more... }>
get/accounts/{account_id}/infrastructure/targets

Lists and sorts an account’s targets. Filters are optional and are ANDed together.

Update Target -> Envelope<{ id, created_at, hostname, 2 more... }>
put/accounts/{account_id}/infrastructure/targets/{target_id}

Update target

Zero TrustAccess

Keys

zero_trust.access.keys

Methods

Get The Access Key Configuration -> Envelope<{ days_until_next_rotation, key_rotation_interval_days, last_key_rotation_at }>
get/accounts/{account_id}/access/keys

Gets the Access key rotation settings for an account.

Rotate Access Keys -> Envelope<{ days_until_next_rotation, key_rotation_interval_days, last_key_rotation_at }>
post/accounts/{account_id}/access/keys/rotate

Perfoms a key rotation for an account.

Update The Access Key Configuration -> Envelope<{ days_until_next_rotation, key_rotation_interval_days, last_key_rotation_at }>
put/accounts/{account_id}/access/keys

Updates the Access key rotation settings for an account.

Zero TrustAccess

Logs

zero_trust.access.logs

Zero TrustAccessLogs

Access Requests

zero_trust.access.logs.access_requests

Methods

Get Access Authentication Logs -> Envelope<Array<
AccessRequest
>>
get/accounts/{account_id}/access/logs/access_requests

Gets a list of Access authentication audit logs for an account.

Zero TrustAccessLogs

SCIM

zero_trust.access.logs.scim

Domain types

AccessRequest = { action, allowed, app_domain, 6 more... }
Zero TrustAccessLogsSCIM

Updates

zero_trust.access.logs.scim.updates

Methods

List Access SCIM Update Logs -> V4PagePaginationArray<{ cf_resource_id, error_description, idp_id, 8 more... }>
get/accounts/{account_id}/access/logs/scim/updates

Lists Access SCIM update logs that maintain a record of updates made to User and Group resources synced to Cloudflare via the System for Cross-domain Identity Management (SCIM).

Zero TrustAccess

Policies

zero_trust.access.policies

Methods

Create An Access Reusable Policy -> Envelope<{ id, app_count, approval_groups, 13 more... }>
post/accounts/{account_id}/access/policies

Creates a new Access reusable policy.

Delete An Access Reusable Policy -> Envelope<{ id }>
delete/accounts/{account_id}/access/policies/{policy_id}

Deletes an Access reusable policy.

Get An Access Reusable Policy -> Envelope<{ id, app_count, approval_groups, 13 more... }>
get/accounts/{account_id}/access/policies/{policy_id}

Fetches a single Access reusable policy.

List Access Reusable Policies -> V4PagePaginationArray<{ id, app_count, approval_groups, 13 more... }>
get/accounts/{account_id}/access/policies

Lists Access reusable policies.

Update An Access Reusable Policy -> Envelope<{ id, app_count, approval_groups, 13 more... }>
put/accounts/{account_id}/access/policies/{policy_id}

Updates a Access reusable policy.

Domain types

ApprovalGroup = { approvals_needed, email_addresses, email_list_uuid }

A group of email addresses that can approve a temporary authentication request.

Policy = { id, approval_groups, approval_required, 11 more... }
Zero TrustAccess

Service Tokens

zero_trust.access.service_tokens

Methods

Create A Service Token -> Envelope<{ id, client_id, client_secret, 4 more... }>
post/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens

Generates a new service token. Note: This is the only time you can get the Client Secret. If you lose the Client Secret, you will have to rotate the Client Secret or create a new service token.

Delete A Service Token -> Envelope<
ServiceToken
>
delete/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens/{service_token_id}

Deletes a service token.

Get A Service Token -> Envelope<
ServiceToken
>
get/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens/{service_token_id}

Fetches a single service token.

List Service Tokens -> V4PagePaginationArray<
ServiceToken
>
get/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens

Lists all service tokens.

Refresh A Service Token -> Envelope<
ServiceToken
>
post/accounts/{account_id}/access/service_tokens/{service_token_id}/refresh

Refreshes the expiration of a service token.

Rotate A Service Token -> Envelope<{ id, client_id, client_secret, 4 more... }>
post/accounts/{account_id}/access/service_tokens/{service_token_id}/rotate

Generates a new Client Secret for a service token and revokes the old one.

Update A Service Token -> Envelope<
ServiceToken
>
put/{accounts_or_zones}/{account_or_zone_id}/access/service_tokens/{service_token_id}

Updates a configured service token.

Domain types

ServiceToken = { id, client_id, created_at, 5 more... }
Zero TrustAccess

Tags

zero_trust.access.tags

Methods

Create A Tag -> Envelope<
Tag
>
post/accounts/{account_id}/access/tags

Create a tag

Delete A Tag -> Envelope<{ name }>
delete/accounts/{account_id}/access/tags/{tag_name}

Delete a tag

Get A Tag -> Envelope<
Tag
>
get/accounts/{account_id}/access/tags/{tag_name}

Get a tag

List Tags -> V4PagePaginationArray<
Tag
>
get/accounts/{account_id}/access/tags

List tags

Update A Tag -> Envelope<
Tag
>
put/accounts/{account_id}/access/tags/{tag_name}

Update a tag

Domain types

Tag = { name, app_count, created_at, 1 more... }

A tag

Zero TrustAccess

Users

zero_trust.access.users

Methods

Get Users -> V4PagePaginationArray<{ id, access_seat, active_device_count, 8 more... }>
get/accounts/{account_id}/access/users

Gets a list of users for an account.

Domain types

AccessUser = { id, active, displayName, 4 more... }
Zero TrustAccessUsers

Active Sessions

zero_trust.access.users.active_sessions

Methods

Get Single Active Session -> Envelope<{ account_id, auth_status, common_name, 16 more... }>
get/accounts/{account_id}/access/users/{user_id}/active_sessions/{nonce}

Get an active session for a single user.

Get Active Sessions -> SinglePage<{ expiration, metadata, name }>
get/accounts/{account_id}/access/users/{user_id}/active_sessions

Get active sessions for a single user.

Zero TrustAccessUsers

Failed Logins

zero_trust.access.users.failed_logins

Methods

Get Failed Logins -> SinglePage<{ expiration, metadata }>
get/accounts/{account_id}/access/users/{user_id}/failed_logins

Get all failed login attempts for a single user.

Zero TrustAccessUsers

Last Seen Identity

zero_trust.access.users.last_seen_identity

Methods

Get Last Seen Identity -> Envelope<
Identity
>
get/accounts/{account_id}/access/users/{user_id}/last_seen_identity

Get last seen identity for a single user.

Domain types

Identity = { account_id, auth_status, common_name, 15 more... }
Zero Trust

Connectivity Settings

zero_trust.connectivity_settings

Methods

Updates The Zero Trust Connectivity Settings -> Envelope<{ icmp_proxy_enabled, offramp_warp_enabled }>
patch/accounts/{account_id}/zerotrust/connectivity_settings

Updates the Zero Trust Connectivity Settings for the given account.

Get Zero Trust Connectivity Settings -> Envelope<{ icmp_proxy_enabled, offramp_warp_enabled }>
get/accounts/{account_id}/zerotrust/connectivity_settings

Gets the Zero Trust Connectivity Settings for the given account.

Zero Trust

Devices

zero_trust.devices

Methods

Get Device Deprecated -> Envelope<{ id, account, created, 16 more... }>
Deprecated
get/accounts/{account_id}/devices/{device_id}

Fetches a single WARP device. Not supported when multi-user mode is enabled for the account.

Deprecated: please use one of the following endpoints instead:

  • GET /accounts/{account_id}/devices/physical-devices/{device_id}
  • GET /accounts/{account_id}/devices/registrations/{registration_id}
List Devices Deprecated -> SinglePage<
Device
>
Deprecated
get/accounts/{account_id}/devices

List WARP devices. Not supported when multi-user mode is enabled for the account.

Deprecated: please use one of the following endpoints instead:

  • GET /accounts/{account_id}/devices/physical-devices
  • GET /accounts/{account_id}/devices/registrations

Domain types

Device = { id, created, deleted, 17 more... }
Zero TrustDevices

Devices

zero_trust.devices.devices

Methods

Delete Device -> Envelope<unknown>
delete/accounts/{account_id}/devices/physical-devices/{device_id}

Deletes a WARP device.

Get Device -> Envelope<{ id, active_registrations, created_at, 15 more... }>
get/accounts/{account_id}/devices/physical-devices/{device_id}

Fetches a single WARP device.

List Devices -> CursorPagination<{ id, active_registrations, created_at, 15 more... }>
get/accounts/{account_id}/devices/physical-devices

Lists WARP devices.

Revoke Device Registrations -> Envelope<unknown>
post/accounts/{account_id}/devices/physical-devices/{device_id}/revoke

Revokes all WARP registrations associated with the specified device.

Zero TrustDevices

DEX Tests

zero_trust.devices.dex_tests

Methods

Create Device DEX Test -> Envelope<{ data, enabled, interval, 5 more... }>
post/accounts/{account_id}/dex/devices/dex_tests

Create a DEX test.

Delete Device DEX Test -> Envelope<{ dex_tests }>
delete/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}

Delete a Device DEX test. Returns the remaining device dex tests for the account.

Get Device DEX Test -> Envelope<{ data, enabled, interval, 5 more... }>
get/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}

Fetch a single DEX test.

List Device DEX Tests -> SinglePage<{ data, enabled, interval, 5 more... }>
get/accounts/{account_id}/dex/devices/dex_tests

Fetch all DEX tests

Update Device DEX Test -> Envelope<{ data, enabled, interval, 5 more... }>
put/accounts/{account_id}/dex/devices/dex_tests/{dex_test_id}

Update a DEX test.

Domain types

SchemaData = { host, kind, method }

The configuration object which contains the details for the WARP client to conduct the test.

SchemaHTTP = { data, enabled, interval, 5 more... }
Zero TrustDevices

Fleet Status

zero_trust.devices.fleet_status

Methods

Get The Live Status Of A Latest Device -> { colo, deviceId, mode, 35 more... }
get/accounts/{account_id}/dex/devices/{device_id}/fleet-status/live

Get the live status of a latest device given device_id from the device_state table

Zero TrustDevices

Networks

zero_trust.devices.networks

Methods

Create A Device Managed Network -> Envelope<
DeviceNetwork
>
post/accounts/{account_id}/devices/networks

Creates a new device managed network.

Delete A Device Managed Network -> SinglePage<
DeviceNetwork
>
delete/accounts/{account_id}/devices/networks/{network_id}

Deletes a device managed network and fetches a list of the remaining device managed networks for an account.

Get Device Managed Network Details -> Envelope<
DeviceNetwork
>
get/accounts/{account_id}/devices/networks/{network_id}

Fetches details for a single managed network.

List Your Device Managed Networks -> SinglePage<
DeviceNetwork
>
get/accounts/{account_id}/devices/networks

Fetches a list of managed networks for an account.

Update A Device Managed Network -> Envelope<
DeviceNetwork
>
put/accounts/{account_id}/devices/networks/{network_id}

Updates a configured device managed network.

Domain types

DeviceNetwork = { config, name, network_id, 1 more... }
Zero TrustDevices

Override Codes

zero_trust.devices.override_codes

Methods

Get Override Codes -> Envelope<{ disable_for_time }>
get/accounts/{account_id}/devices/registrations/{registration_id}/override_codes

Fetches one-time use admin override codes for a registration. This relies on the Admin Override setting being enabled in your device configuration.

Get Override Codes Deprecated -> SinglePage<unknown>
Deprecated
get/accounts/{account_id}/devices/{device_id}/override_codes

Fetches a one-time use admin override code for a device. This relies on the Admin Override setting being enabled in your device configuration. Not supported when multi-user mode is enabled for the account. Deprecated: please use GET /accounts/{account_id}/devices/registrations/{registration_id}/override_codes instead.

Zero TrustDevices

Policies

zero_trust.devices.policies

Domain types

DevicePolicyCertificates = { enabled }
FallbackDomain = { suffix, description, dns_server }
FallbackDomainPolicy = Array<
FallbackDomain
>
SettingsPolicy = { allow_mode_switch, allow_updates, allowed_to_leave, 24 more... }
SplitTunnelExclude = { address, description } | { host, description }
SplitTunnelInclude = { address, description } | { host, description }
Zero TrustDevicesPolicies

Custom

zero_trust.devices.policies.custom

Methods

Create A Device Settings Profile -> Envelope<
SettingsPolicy
>
post/accounts/{account_id}/devices/policy

Creates a device settings profile to be applied to certain devices matching the criteria.

Delete A Device Settings Profile -> SinglePage<
SettingsPolicy
>
delete/accounts/{account_id}/devices/policy/{policy_id}

Deletes a device settings profile and fetches a list of the remaining profiles for an account.

Update A Device Settings Profile -> Envelope<
SettingsPolicy
>
patch/accounts/{account_id}/devices/policy/{policy_id}

Updates a configured device settings profile.

Get Device Settings Profile By ID -> Envelope<
SettingsPolicy
>
get/accounts/{account_id}/devices/policy/{policy_id}

Fetches a device settings profile by ID.

List Device Settings Profiles -> SinglePage<
SettingsPolicy
>
get/accounts/{account_id}/devices/policies

Fetches a list of the device settings profiles for an account.

Zero TrustDevicesPoliciesCustom

Excludes

zero_trust.devices.policies.custom.excludes

Methods

Get The Split Tunnel Exclude List For A Device Settings Profile -> SinglePage<
SplitTunnelExclude
>
get/accounts/{account_id}/devices/policy/{policy_id}/exclude

Fetches the list of routes excluded from the WARP client's tunnel for a specific device settings profile.

Set The Split Tunnel Exclude List For A Device Settings Profile -> SinglePage<
SplitTunnelExclude
>
put/accounts/{account_id}/devices/policy/{policy_id}/exclude

Sets the list of routes excluded from the WARP client's tunnel for a specific device settings profile.

Zero TrustDevicesPoliciesCustom

Fallback Domains

zero_trust.devices.policies.custom.fallback_domains

Methods

Get The Local Domain Fallback List For A Device Settings Profile -> SinglePage<
FallbackDomain
>
get/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains

Fetches the list of domains to bypass Gateway DNS resolution from a specified device settings profile. These domains will use the specified local DNS resolver instead.

Set The Local Domain Fallback List For A Device Settings Profile -> SinglePage<
FallbackDomain
>
put/accounts/{account_id}/devices/policy/{policy_id}/fallback_domains

Sets the list of domains to bypass Gateway DNS resolution. These domains will use the specified local DNS resolver instead. This will only apply to the specified device settings profile.