PUT /accounts/{account_id}/cfd_tunnel/{tunnel_id}/configurations

Adds or updates the configuration for a remotely-managed tunnel.

Servers

https://api.cloudflare.com/client/v4

Path parameters

Name	Type	Required	Description
`tunnel_id`	String	Yes
`account_id`	String	Yes

Request headers

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"

Request body fields

Name	Type	Required	Description
`config`	Object	No	The tunnel configuration and ingress rules.
`config.originRequest`	Object	No	Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
`config.originRequest.disableChunkedEncoding`	Boolean	No	Disables chunked transfer encoding. Useful if you are running a WSGI server.
`config.originRequest.caPool`	String	No	Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
`config.originRequest.connectTimeout`	Integer	No	Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout. Default value: 10
`config.originRequest.noHappyEyeballs`	Boolean	No	Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Default value: false
`config.originRequest.tlsTimeout`	Integer	No	Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Default value: 10
`config.originRequest.tcpKeepAlive`	Integer	No	The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Default value: 30
`config.originRequest.keepAliveTimeout`	Integer	No	Timeout after which an idle keepalive connection can be discarded. Default value: 90
`config.originRequest.http2Origin`	Boolean	No	Attempt to connect to origin using HTTP2. Origin must be configured as https.
`config.originRequest.originServerName`	String	No	Hostname that cloudflared should expect from your origin server certificate.
`config.originRequest.keepAliveConnections`	Integer	No	Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Default value: 100
`config.originRequest.noTLSVerify`	Boolean	No	Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Default value: false
`config.originRequest.proxyType`	String	No	cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
`config.originRequest.access`	Object	No	For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
`config.originRequest.access.required`	Boolean	No	Deny traffic that has not fulfilled Access authorization. Default value: false
`config.originRequest.access.teamName`	String	Yes	Default value: "Your Zero Trust organization name."
`config.originRequest.access.audTag[]`	Array	Yes	Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
`config.originRequest.httpHostHeader`	String	No	Sets the HTTP Host header on requests sent to the local service.
`config.warp-routing`	Object	No	Enable private network access from WARP users to private network routes. This is enabled if the tunnel has an assigned route.
`config.warp-routing.enabled`	Boolean	No	Default value: false
`config.ingress[]`	Array	No	List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
`config.ingress[].originRequest`	Object	No	Configuration parameters for the public hostname specific connection settings between cloudflared and origin server.
`config.ingress[].originRequest.disableChunkedEncoding`	Boolean	No	Disables chunked transfer encoding. Useful if you are running a WSGI server.
`config.ingress[].originRequest.caPool`	String	No	Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
`config.ingress[].originRequest.connectTimeout`	Integer	No	Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout. Default value: 10
`config.ingress[].originRequest.noHappyEyeballs`	Boolean	No	Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. Default value: false
`config.ingress[].originRequest.tlsTimeout`	Integer	No	Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. Default value: 10
`config.ingress[].originRequest.tcpKeepAlive`	Integer	No	The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. Default value: 30
`config.ingress[].originRequest.keepAliveTimeout`	Integer	No	Timeout after which an idle keepalive connection can be discarded. Default value: 90
`config.ingress[].originRequest.http2Origin`	Boolean	No	Attempt to connect to origin using HTTP2. Origin must be configured as https.
`config.ingress[].originRequest.originServerName`	String	No	Hostname that cloudflared should expect from your origin server certificate.
`config.ingress[].originRequest.keepAliveConnections`	Integer	No	Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. Default value: 100
`config.ingress[].originRequest.noTLSVerify`	Boolean	No	Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. Default value: false
`config.ingress[].originRequest.proxyType`	String	No	cloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: "" for the regular proxy and "socks" for a SOCKS5 proxy.
`config.ingress[].originRequest.access`	Object	No	For all L7 requests to this hostname, cloudflared will validate each request's Cf-Access-Jwt-Assertion request header.
`config.ingress[].originRequest.access.required`	Boolean	No	Deny traffic that has not fulfilled Access authorization. Default value: false
`config.ingress[].originRequest.access.teamName`	String	Yes	Default value: "Your Zero Trust organization name."
`config.ingress[].originRequest.access.audTag[]`	Array	Yes	Access applications that are allowed to reach this hostname for this Tunnel. Audience tags can be identified in the dashboard or via the List Access policies API.
`config.ingress[].originRequest.httpHostHeader`	String	No	Sets the HTTP Host header on requests sent to the local service.
`config.ingress[].hostname`	String	Yes	Public hostname for this service.
`config.ingress[].service`	String	Yes	Protocol and address of destination server. Supported protocols: http://, https://, unix://, tcp://, ssh://, rdp://, unix+tls://, smb://. Alternatively can return a HTTP status code http_status:[code] e.g. 'http_status:404'.
`config.ingress[].path`	String	No	Requests with this path route to this public hostname.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.