Common API calls
The following sections contain example requests for common API calls. For a list of available API endpoints, refer to Endpoints.
This example obtains the current status of Advanced TCP Protection (enabled or disabled).
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_protection_status \--header "Authorization: Bearer <API_TOKEN>"{ "result": { "enabled": false }, "success": true, "errors": [], "messages": []}This example enables Advanced TCP Protection.
curl --request PATCH \https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_protection_status \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '{ "enabled": true}'This example fetches all existing prefixes in Advanced TCP Protection.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/prefixes \--header "Authorization: Bearer <API_TOKEN>"{ "result": [ { "prefix": "203.0.113/24", "comment": "My prefix", "excluded": false } ], "success": true, "errors": [], "messages": []}This example POST request adds two prefixes. The second prefix excludes a subset of the first prefix from Advanced TCP Protection.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/prefixes/bulk \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '[ { "prefix": "192.0.2.0/24", "comment": "Game ranges", "excluded": false }, { "prefix": "192.0.2.2/26", "comment": "Range for a specific game", "excluded": true }]'{ "result": [ { "id": "<PREFIX_1_ID>", "prefix": "192.0.2.0/24", "excluded": false, "comment": "Game ranges", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, { "id": "<PREFIX_2_ID>", "prefix": "192.0.2.2/26", "excluded": true, "comment": "Range for a specific game", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" } ], "success": true, "errors": [], "messages": []}This example fetches all the prefixes in the allowlist.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/allowlist \--header "Authorization: Bearer <API_TOKEN>"{ "result": [ { "id": "<ALLOWLIST_PREFIX_ID>", "prefix": "192.0.2.127", "comment": "Single IP address in allowlist", "enabled": true, "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" } ], "success": true, "errors": [], "messages": []}This example POST request adds a prefix to the allowlist of the account.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/allowlist \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '{ "prefix": "203.0.113.0/26", "comment": "Partner range", "enabled": true}'{ "result": { "id": "<ALLOWLIST_PREFIX_1_ID>", "prefix": "203.0.113.0/26", "comment": "Partner range", "enabled": true, "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []}This example POST request creates a SYN flood rule with a regional scope (Western Europe) in monitoring mode.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/syn_protection/rules \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '{ "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "medium", "burst_sensitivity": "medium"}'{ "result": { "id": "<SYN_FLOOD_RULE_ID>", "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "medium", "burst_sensitivity": "medium", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []}Refer to JSON objects for more information on the fields in the JSON body.
This example POST request creates an out-of-state TCP rule in monitoring mode, with a regional scope, and with low rate and burst sensitivities.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_flow_protection/rules \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '{ "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "low", "burst_sensitivity": "low"}'{ "result": { "id": "<OOS_TCP_RULE_ID>", "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "low", "burst_sensitivity": "low", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []}Refer to JSON objects for more information on the fields in the JSON body.
This example POST request creates a SYN flood filter, setting SYN flood protection to monitoring mode for a specific range of destination IP addresses.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/syn_protection/filters \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '{ "expression": "ip.dst in { 192.0.2.0/24 }", "mode": "monitoring"}'{ "result": { "id": "<SYN_FLOOD_FILTER_ID>", "expression": "ip.dst in { 192.0.2.0/24 }", "mode": "monitoring", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []}Refer to JSON objects for more information on the fields in the JSON body.
This example POST request creates an out-of-state TCP filter, disabling out-of-state TCP protection for a specific range of destination IP addresses and ports.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_flow_protection/filters \--header "Authorization: Bearer <API_TOKEN>" \--header "Content-Type: application/json" \--data '{ "expression": "ip.dst in { 203.0.113.0/24 } and tcp.dstport in { 8000..8081 }", "mode": "disabled"}'{ "result": { "id": "<OOS_TCP_FILTER_ID>", "expression": "ip.dst in { 203.0.113.0/24 } and tcp.dstport in { 8000..8081 }", "mode": "disabled", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []}Refer to JSON objects for more information on the fields in the JSON body.