PATCH /accounts/{account_id}/gateway/configuration
Update (PATCH) a single subcollection of settings such as antivirus, tls_decrypt, activity_log, block_page, browser_isolation, fips, body_scanning, or certificate without updating the entire configuration object. This endpoint returns an error if any settings collection lacks proper configuration.
Servers
- https://api.cloudflare.com/client/v4
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
account_id |
String | Yes |
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
settings |
Object | No |
Specify account settings. |
settings.custom_certificate |
Object | No |
Specify custom certificate settings for BYO-PKI. This field is deprecated; use |
settings.custom_certificate.id |
String | No |
Specify the UUID of the certificate (ID from MTLS certificate store). |
settings.custom_certificate.enabled |
Boolean | Yes |
Specify whether to enable a custom certificate authority for signing Gateway traffic. |
settings.custom_certificate.binding_status |
String | No |
Indicate the internal certificate status. |
settings.custom_certificate.updated_at |
String | No | |
settings.inspection |
Object | No |
Define the proxy inspection mode. |
settings.inspection.mode |
String | No |
Define the proxy inspection mode. 1. static: Gateway applies static inspection to HTTP on TCP(80). With TLS decryption on, Gateway inspects HTTPS traffic on TCP(443) and UDP(443). 2. dynamic: Gateway applies protocol detection to inspect HTTP and HTTPS traffic on any port. TLS decryption must remain on to inspect HTTPS traffic. Valid values:
|
settings.tls_decrypt |
Object | No |
Specify whether to inspect encrypted HTTP traffic. |
settings.tls_decrypt.enabled |
Boolean | No |
Specify whether to inspect encrypted HTTP traffic. |
settings.browser_isolation |
Object | No |
Specify Clientless Browser Isolation settings. |
settings.browser_isolation.non_identity_enabled |
Boolean | No |
Specify whether to enable non-identity onramp support for Browser Isolation. |
settings.browser_isolation.url_browser_isolation_enabled |
Boolean | No |
Specify whether to enable Clientless Browser Isolation. |
settings.antivirus |
Object | No |
Specify anti-virus settings. |
settings.antivirus.enabled_upload_phase |
Boolean | No |
Specify whether to enable anti-virus scanning on uploads. |
settings.antivirus.fail_closed |
Boolean | No |
Specify whether to block requests for unscannable files. |
settings.antivirus.enabled_download_phase |
Boolean | No |
Specify whether to enable anti-virus scanning on downloads. |
settings.antivirus.notification_settings |
Object | No |
Configure the message the user's device shows during an antivirus scan. |
settings.antivirus.notification_settings.msg |
String | No |
Specify the message to show in the notification. |
settings.antivirus.notification_settings.include_context |
Boolean | No |
Specify whether to include context information as query parameters. |
settings.antivirus.notification_settings.support_url |
String | No |
Specify a URL that directs users to more information. If unset, the notification opens a block page. |
settings.antivirus.notification_settings.enabled |
Boolean | No |
Specify whether to enable notifications. |
settings.protocol_detection |
Object | No |
Specify whether to detect protocols from the initial bytes of client traffic. |
settings.protocol_detection.enabled |
Boolean | No |
Specify whether to detect protocols from the initial bytes of client traffic. |
settings.activity_log |
Object | No |
Specify activity log settings. |
settings.activity_log.enabled |
Boolean | No |
Specify whether to log activity. |
settings.certificate |
Object | No |
Specify certificate settings for Gateway TLS interception. If unset, the Cloudflare Root CA handles interception. |
settings.certificate.id |
String | Yes |
Specify the UUID of the certificate used for interception. Ensure the certificate is available at the edge(previously called 'active'). A nil UUID directs Cloudflare to use the Root CA. |
settings.sandbox |
Object | No |
Specify whether to enable the sandbox. |
settings.sandbox.enabled |
Boolean | No |
Specify whether to enable the sandbox. |
settings.sandbox.fallback_action |
String | No |
Specify the action to take when the system cannot scan the file. Valid values:
|
settings.fips |
Object | No |
Specify FIPS settings. |
settings.fips.tls |
Boolean | No |
Enforce cipher suites and TLS versions compliant with FIPS 140-2. |
settings.extended_email_matching |
Object | No |
Specify user email settings for the firewall policies. When this is enabled, we standardize the email addresses in the identity part of the rule, so that they match the extended email variants in the firewall policies. When this setting is turned off, the email addresses in the identity part of the rule will be matched exactly as provided. If your email has |
settings.extended_email_matching.version |
Integer | No |
Indicate the version number of the setting. |
settings.extended_email_matching.enabled |
Boolean | No |
Specify whether to match all variants of user emails (with + or . modifiers) used as criteria in Firewall policies. |
settings.extended_email_matching.read_only |
Boolean | No |
Indicate that this setting was shared via the Orgs API and read only for the current account. |
settings.extended_email_matching.source_account |
String | No |
Indicate the account tag of the account that shared this setting. |
settings.block_page |
Object | No |
Specify block page layout settings. |
settings.block_page.header_text |
String | No |
Specify the block page header text when the mode is customized_block_page. |
settings.block_page.background_color |
String | No |
Specify the block page background color in |
settings.block_page.suppress_footer |
Boolean | No |
Specify whether to suppress detailed information at the bottom of the block page when the mode is customized_block_page. |
settings.block_page.include_context |
Boolean | No |
Specify whether to append context to target_uri as query parameters. This applies only when the mode is redirect_uri. |
settings.block_page.read_only |
Boolean | No |
Indicate that this setting was shared via the Orgs API and read only for the current account. |
settings.block_page.mode |
String | No |
Specify whether to redirect users to a Cloudflare-hosted block page or a customer-provided URI. Valid values:
|
settings.block_page.mailto_subject |
String | No |
Specify the subject line for emails created from the block page when the mode is customized_block_page. |
settings.block_page.logo_path |
String | No |
Specify the full URL to the logo file when the mode is customized_block_page. |
settings.block_page.name |
String | No |
Specify the block page title when the mode is customized_block_page. |
settings.block_page.target_uri |
String | No |
Specify the URI to redirect users to when the mode is redirect_uri. |
settings.block_page.version |
Integer | No |
Indicate the version number of the setting. |
settings.block_page.enabled |
Boolean | No |
Specify whether to enable the custom block page. |
settings.block_page.mailto_address |
String | No |
Specify the admin email for users to contact when the mode is customized_block_page. |
settings.block_page.footer_text |
String | No |
Specify the block page footer text when the mode is customized_block_page. |
settings.block_page.source_account |
String | No |
Indicate the account tag of the account that shared this setting. |
settings.body_scanning |
Object | No |
Specify the DLP inspection mode. |
settings.body_scanning.inspection_mode |
String | No |
Specify the inspection mode as either Valid values:
|
settings.host_selector |
Object | No |
Enable host selection in egress policies. |
settings.host_selector.enabled |
Boolean | No |
Specify whether to enable filtering via hosts for egress policies. |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.