Skip to main content
The API Gateway API provides comprehensive API security and management features including API discovery, schema validation, operation management, and user-defined schemas.

Initialize the API Gateway resource

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env.CLOUDFLARE_API_TOKEN,
});

const apiGateway = client.apiGateway;

Configurations

Manage API Gateway configurations for your zone.

Get configuration

Retrieve the current API Gateway configuration. 
const config = await client.apiGateway.configurations.get({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

Update configuration

Update API Gateway configuration settings. 
const config = await client.apiGateway.configurations.update({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  auth_id_characteristics: [
    {
      name: 'authorization',
      type: 'header',
    },
  ],
});

Discovery

Automatically discover API operations from your traffic.

Get discovery status

Retrieve the status of API discovery for your zone. 
const discovery = await client.apiGateway.discovery.get({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

Discovery operations

List discovered API operations. 
const operations = await client.apiGateway.discovery.operations.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

Operations

Manage API operations and endpoints.

Create operation

Add a new API operation. 
const operation = await client.apiGateway.operations.create({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  endpoint: '/api/users',
  host: 'api.example.com',
  method: 'GET',
});
zone_id
string
required
Zone identifier
endpoint
string
required
API endpoint path
host
string
required
API host
method
string
required
HTTP method (GET, POST, PUT, DELETE, etc.)

List operations

List all API operations for your zone. 
// Automatically fetches more pages as needed
for await (const operation of client.apiGateway.operations.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(operation.method, operation.endpoint);
}
direction
string
Direction to order operations. Options: asc, desc
endpoint
string
Filter by endpoint path
feature
string[]
Filter by features
host
string[]
Filter by hosts
method
string[]
Filter by HTTP methods
order
string
Field to order by. Options: method, host, endpoint, thresholds.$key
page
number
Page number of paginated results
per_page
number
Number of items per page (default: 25)

Get operation

Retrieve details about a specific operation. 
const operation = await client.apiGateway.operations.get(
  'operation_id',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }
);

Delete operation

Remove an API operation. 
await client.apiGateway.operations.delete(
  'operation_id',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }
);

Bulk create operations

Create multiple operations at once. 
const operations = await client.apiGateway.operations.bulkCreate({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  body: [
    {
      endpoint: '/api/users',
      host: 'api.example.com',
      method: 'GET',
    },
    {
      endpoint: '/api/users',
      host: 'api.example.com',
      method: 'POST',
    },
  ],
});

Bulk delete operations

Delete multiple operations at once. 
await client.apiGateway.operations.bulkDelete({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  body: {
    operation_ids: ['op1', 'op2', 'op3'],
  },
});

Schemas

Manage OpenAPI schemas for your APIs.

List schemas

List all schemas for your zone. 
const schemas = await client.apiGateway.schemas.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
});
omit_source
boolean
Omit the source data of schemas in the response
page
number
Page number
per_page
number
Number of items per page
validation_enabled
boolean
Filter by validation enabled status

User schemas

Manage user-defined API schemas.

Create user schema

Upload a user-defined OpenAPI schema. 
const schema = await client.apiGateway.userSchemas.create({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
  kind: 'openapi_v3',
  name: 'My API Schema',
  source: '<OpenAPI schema content>',
  validation_enabled: true,
});
kind
string
required
Schema kind. Currently only openapi_v3 is supported.
name
string
required
Schema name
source
string
required
OpenAPI schema content
validation_enabled
boolean
Enable schema validation

List user schemas

List all user-defined schemas. 
// Automatically fetches more pages as needed
for await (const schema of client.apiGateway.userSchemas.list({
  zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(schema.name);
}

Get user schema

Retrieve a specific user schema. 
const schema = await client.apiGateway.userSchemas.get(
  'schema_id',
  {
    zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
    omit_source: false,
  }
);

Edit user schema

Update a user-defined schema. 
const schema = await client.apiGateway.userSchemas.edit(
  'schema_id',
  {
    zone_id: '023e105f4ecef8ad9ca31a8372d0c353',
    validation_enabled: true,
  }
);

Delete user schema

Remove a user-defined schema. 
await client.apiGateway.userSchemas.delete(
  'schema_id',
  { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }
);

Settings

Manage API Gateway settings including schema validation. 
const settings = client.apiGateway.settings;

Expression templates

Manage expression templates for API routing and filtering. 
const expressionTemplate = client.apiGateway.expressionTemplate;

Response types

APIShield (Operation)

Represents an API operation.
operation_id
string
required
Operation identifier
method
string
required
HTTP method
endpoint
string
required
API endpoint path
host
string
required
API host

DiscoveryOperation

Represents a discovered API operation.
id
string
Operation identifier
method
string
HTTP method
endpoint
string
API endpoint path
host
string
API host
origin
string
How the operation was discovered

Configuration

API Gateway configuration settings.
auth_id_characteristics
array
Characteristics used to identify authenticated requests

OldPublicSchema (User Schema)

User-defined API schema.
schema_id
string
Schema identifier
name
string
Schema name
kind
string
Schema kind (openapi_v3)
source
string
OpenAPI schema content
validation_enabled
boolean
Whether validation is enabled
created_at
string
When the schema was created

Build docs developers (and LLMs) love

Get started for freeTalk to us