Zero Trust

The Zero Trust API provides comprehensive access control and security features for your organization, including device management, identity providers, secure access policies, and gateway configurations.

Initialize the Zero Trust resource

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env.CLOUDFLARE_API_TOKEN,
});

const zeroTrust = client.zeroTrust;

Sub-resources

The Zero Trust API provides access to several specialized resources:

Devices

Manage devices that connect to your Zero Trust network.

// List devices
const devices = await client.zeroTrust.devices.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

// Get device details
const device = await client.zeroTrust.devices.get(
  'device_id',
  { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }
);

Identity providers

Configure identity providers for authentication.

// List identity providers
const providers = await client.zeroTrust.identityProviders.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

// Create Azure AD provider
const provider = await client.zeroTrust.identityProviders.create({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  name: 'Azure AD',
  type: 'azureAD',
  config: {
    client_id: 'your-client-id',
    client_secret: 'your-client-secret',
    directory_id: 'your-directory-id',
  },
});

Organizations

Manage your Zero Trust organization settings.

// Create organization
const org = await client.zeroTrust.organizations.create({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  name: 'My Organization',
  auth_domain: 'example.cloudflareaccess.com',
});

// Update organization
const updated = await client.zeroTrust.organizations.update({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  name: 'Updated Organization Name',
});

Seats

Manage user seats in your Zero Trust organization.

// Edit seats
const seats = await client.zeroTrust.seats.edit({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  body: [
    {
      seat_uid: 'seat-id',
      access_seat: false,
      gateway_seat: true,
    },
  ],
});

Access

Manage access policies, applications, and groups.

// Access applications, policies, and groups
const access = client.zeroTrust.access;

Gateway

Configure secure web gateway policies.

// Create gateway configuration
const gateway = await client.zeroTrust.gateway.create({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  name: 'My Gateway',
});

// List gateway configurations
const gateways = await client.zeroTrust.gateway.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

Tunnels

Manage Cloudflare Tunnels for secure access to private networks.

// List tunnels
const tunnels = await client.zeroTrust.tunnels.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

DEX (Digital Experience Monitoring)

Monitor digital experience metrics.

const dex = client.zeroTrust.dex;

DLP (Data Loss Prevention)

Configure data loss prevention policies.

const dlp = client.zeroTrust.dlp;

Networks

Manage Zero Trust network configurations.

const networks = client.zeroTrust.networks;

Connectivity settings

Configure connectivity settings for Zero Trust.

// Get connectivity settings
const settings = await client.zeroTrust.connectivitySettings.get({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

// Edit connectivity settings
const updated = await client.zeroTrust.connectivitySettings.edit({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
  icmp_proxy_enabled: true,
});

Risk scoring

Manage risk scoring for user behavior analytics.

// Get risk scoring configuration
const riskScoring = await client.zeroTrust.riskScoring.get({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

// Reset risk scoring
const reset = await client.zeroTrust.riskScoring.reset({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

Types

Device

Represents a device in your Zero Trust network.

string

required

Device identifier

key

string

Device key

device_type

string

Type of device (e.g., ‘windows’, ‘mac’, ‘linux’, ‘ios’, ‘android’)

name

string

Device name

user

object

User associated with the device

IdentityProvider

Configuration for an identity provider.

string

Identity provider identifier

name

string

required

Provider name

type

string

required

Provider type (e.g., ‘azureAD’, ‘okta’, ‘google’, ‘saml’)

config

object

required

Provider-specific configuration

Organization

Your Zero Trust organization settings.

name

string

required

Organization name

auth_domain

string

required

Authentication domain

Customization for the login page

Core Resources

Workers & Serverless

Application Services

Security & Access

Network Services

Developer Platform

Management & Monitoring

Initialize the Zero Trust resource

Sub-resources

Devices

Identity providers

Organizations

Seats

Access

Gateway

Tunnels

DEX (Digital Experience Monitoring)

DLP (Data Loss Prevention)

Networks

Connectivity settings

Risk scoring

Types

Device

IdentityProvider

Organization

Build docs developers (and LLMs) love

Core Resources

Workers & Serverless

Application Services

Security & Access

Network Services

Developer Platform

Management & Monitoring

​Initialize the Zero Trust resource

​Sub-resources

​Devices

​Identity providers

​Organizations

​Seats

​Access

​Gateway

​Tunnels

​DEX (Digital Experience Monitoring)

​DLP (Data Loss Prevention)

​Networks

​Connectivity settings

​Risk scoring

​Types

​Device

​IdentityProvider

​Organization

​Related resources

Build docs developers (and LLMs) love

Initialize the Zero Trust resource

Sub-resources

Devices

Identity providers

Organizations

Seats

Access

Gateway

Tunnels

DEX (Digital Experience Monitoring)

DLP (Data Loss Prevention)

Networks

Connectivity settings

Risk scoring

Types

Device

IdentityProvider

Organization

Related resources