PUT /accounts/{account_id}/gateway/configuration
Updates the current Zero Trust account configuration.
Servers
- https://api.cloudflare.com/client/v4
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
account_id |
String | Yes |
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
settings |
Object | No |
Account settings |
settings.custom_certificate |
Object | No |
Custom certificate settings for BYO-PKI. (deprecated and replaced by |
settings.custom_certificate.id |
String | No |
UUID of certificate (ID from MTLS certificate store). |
settings.custom_certificate.enabled |
Boolean | Yes |
Enable use of custom certificate authority for signing Gateway traffic. Default value: false |
settings.custom_certificate.binding_status |
String | No |
Certificate status (internal). |
settings.custom_certificate.updated_at |
String | No | |
settings.tls_decrypt |
Object | No |
TLS interception settings. |
settings.tls_decrypt.enabled |
Boolean | No |
Enable inspecting encrypted HTTP traffic. Default value: true |
settings.browser_isolation |
Object | No |
Browser isolation settings. |
settings.browser_isolation.non_identity_enabled |
Boolean | No |
Enable non-identity onramp support for Browser Isolation. Default value: false |
settings.browser_isolation.url_browser_isolation_enabled |
Boolean | No |
Enable Clientless Browser Isolation. Default value: false |
settings.antivirus |
Object | No |
Anti-virus settings. |
settings.antivirus.enabled_upload_phase |
Boolean | No |
Enable anti-virus scanning on uploads. Default value: false |
settings.antivirus.fail_closed |
Boolean | No |
Block requests for files that cannot be scanned. Default value: false |
settings.antivirus.enabled_download_phase |
Boolean | No |
Enable anti-virus scanning on downloads. Default value: false |
settings.antivirus.notification_settings |
Object | No |
Configure a message to display on the user's device when an antivirus search is performed. |
settings.antivirus.notification_settings.msg |
String | No |
Customize the message shown in the notification. |
settings.antivirus.notification_settings.include_context |
Boolean | No |
If true, context information will be passed as query parameters Default value: false |
settings.antivirus.notification_settings.support_url |
String | No |
Optional URL to direct users to additional information. If not set, the notification will open a block page. |
settings.antivirus.notification_settings.enabled |
Boolean | No |
Set notification on Default value: false |
settings.protocol_detection |
Object | No |
Protocol Detection settings. |
settings.protocol_detection.enabled |
Boolean | No |
Enable detecting protocol on initial bytes of client traffic. Default value: false |
settings.activity_log |
Object | No |
Activity log settings. |
settings.activity_log.enabled |
Boolean | No |
Enable activity logging. Default value: true |
settings.certificate |
Object | No |
Certificate settings for Gateway TLS interception. If not specified, the Cloudflare Root CA will be used. |
settings.certificate.id |
String | Yes |
UUID of certificate to be used for interception. Certificate must be available (previously called 'active') on the edge. A nil UUID will indicate the Cloudflare Root CA should be used. |
settings.sandbox |
Object | No |
Sandbox settings. |
settings.sandbox.enabled |
Boolean | No |
Enable sandbox. Default value: false |
settings.sandbox.fallback_action |
String | No |
Action to take when the file cannot be scanned. Possible values:
|
settings.fips |
Object | No |
FIPS settings. |
settings.fips.tls |
Boolean | No |
Enable only cipher suites and TLS versions compliant with FIPS 140-2. Default value: false |
settings.extended_email_matching |
Object | No |
Extended e-mail matching settings. |
settings.extended_email_matching.enabled |
Boolean | No |
Enable matching all variants of user emails (with + or . modifiers) used as criteria in Firewall policies. Default value: false |
settings.block_page |
Object | No |
Block page layout settings. |
settings.block_page.header_text |
String | No |
If mode is customized_block_page: block page header text. |
settings.block_page.background_color |
String | No |
If mode is customized_block_page: block page background color in #rrggbb format. |
settings.block_page.logo_path |
String | No |
If mode is customized_block_page: full URL to the logo file. |
settings.block_page.name |
String | No |
If mode is customized_block_page: block page title. |
settings.block_page.suppress_footer |
Boolean | No |
If mode is customized_block_page: suppress detailed info at the bottom of the block page. Default value: false |
settings.block_page.target_uri |
String | No |
If mode is redirect_uri: URI to which the user should be redirected. |
settings.block_page.include_context |
Boolean | No |
If mode is redirect_uri: when enabled, context will be appended to target_uri as query parameters. Default value: false |
settings.block_page.enabled |
Boolean | No |
Enable only cipher suites and TLS versions compliant with FIPS 140-2. Default value: false |
settings.block_page.mailto_address |
String | No |
If mode is customized_block_page: admin email for users to contact. |
settings.block_page.mode |
String | No |
Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI. Possible values:
Default value: "customized_block_page" |
settings.block_page.footer_text |
String | No |
If mode is customized_block_page: block page footer text. |
settings.block_page.mailto_subject |
String | No |
If mode is customized_block_page: subject line for emails created from block page. |
settings.body_scanning |
Object | No |
DLP body scanning settings. |
settings.body_scanning.inspection_mode |
String | No |
Set the inspection mode to either |
settings.host_selector |
Object | No |
Setting to enable host selector in egress policies. |
settings.host_selector.enabled |
Boolean | No |
Enable filtering via hosts for egress policies. |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.