Common API calls
The following sections contain example requests for common API calls. For a list of available API endpoints, refer to Endpoints.
Get Advanced TCP Protection status
This example obtains the current status of Advanced TCP Protection (enabled or disabled).
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_protection_status \
--header "Authorization: Bearer <API_TOKEN>"
Response{ "result": { "enabled": false }, "success": true, "errors": [], "messages": []
}
Enable Advanced TCP Protection
This example enables Advanced TCP Protection.
Requestcurl --request PATCH \https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_protection_status \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{ "enabled": true}'
Get existing prefixes
This example fetches all existing prefixes in Advanced TCP Protection.
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/prefixes \
--header "Authorization: Bearer <API_TOKEN>"
Response{ "result": [ { "prefix": "203.0.113/24", "comment": "My prefix", "excluded": false } ], "success": true, "errors": [], "messages": []
}
Add prefixes
This example POST
request adds two prefixes. The second prefix excludes a subset of the first prefix from Advanced TCP Protection.
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/prefixes/bulk \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '[ { "prefix": "192.0.2.0/24", "comment": "Game ranges", "excluded": false }, { "prefix": "192.0.2.2/26", "comment": "Range for a specific game", "excluded": true }]'
Response{ "result": [ { "id": "<PREFIX_1_ID>", "prefix": "192.0.2.0/24", "excluded": false, "comment": "Game ranges", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, { "id": "<PREFIX_2_ID>", "prefix": "192.0.2.2/26", "excluded": true, "comment": "Range for a specific game", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" } ], "success": true, "errors": [], "messages": []
}
Get all prefixes in allowlist
This example fetches all the prefixes in the allowlist.
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/allowlist \
--header "Authorization: Bearer <API_TOKEN>"
Response{ "result": [ { "id": "<ALLOWLIST_PREFIX_ID>", "prefix": "192.0.2.127", "comment": "Single IP address in allowlist", "enabled": true, "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" } ], "success": true, "errors": [], "messages": []
}
Add a prefix to the allowlist
This example POST
request adds a prefix to the allowlist of the account.
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/allowlist \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{ "prefix": "203.0.113.0/26", "comment": "Partner range", "enabled": true}'
Response{ "result": { "id": "<ALLOWLIST_PREFIX_1_ID>", "prefix": "203.0.113.0/26", "comment": "Partner range", "enabled": true, "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []
}
Create a SYN flood rule
This example POST
request creates a SYN flood rule with a regional scope (Western Europe) in monitoring mode.
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/syn_protection/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{ "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "medium", "burst_sensitivity": "medium"}'
Response{ "result": { "id": "<SYN_FLOOD_RULE_ID>", "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "medium", "burst_sensitivity": "medium", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []
}
Refer to JSON objects for more information on the fields in the JSON body.
Create an out-of-state TCP rule
This example POST
request creates an out-of-state TCP rule in monitoring mode, with a regional scope, and with low rate and burst sensitivities.
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_flow_protection/rules \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{ "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "low", "burst_sensitivity": "low"}'
Response{ "result": { "id": "<OOS_TCP_RULE_ID>", "scope": "region", "name": "WEUR", "mode": "monitoring", "rate_sensitivity": "low", "burst_sensitivity": "low", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []
}
Refer to JSON objects for more information on the fields in the JSON body.
Create a SYN flood filter
This example POST
request creates a SYN flood filter, setting SYN flood protection to monitoring mode for a specific range of destination IP addresses.
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/syn_protection/filters \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{ "expression": "ip.dst in { 192.0.2.0/24 }", "mode": "monitoring"}'
Response{ "result": { "id": "<SYN_FLOOD_FILTER_ID>", "expression": "ip.dst in { 192.0.2.0/24 }", "mode": "monitoring", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []
}
Refer to JSON objects for more information on the fields in the JSON body.
Create an out-of-state TCP filter
This example POST
request creates an out-of-state TCP filter, disabling out-of-state TCP protection for a specific range of destination IP addresses and ports.
Requestcurl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/advanced_tcp_protection/configs/tcp_flow_protection/filters \
--header "Authorization: Bearer <API_TOKEN>" \
--header "Content-Type: application/json" \
--data '{ "expression": "ip.dst in { 203.0.113.0/24 } and tcp.dstport in { 8000..8081 }", "mode": "disabled"}'
Response{ "result": { "id": "<OOS_TCP_FILTER_ID>", "expression": "ip.dst in { 203.0.113.0/24 } and tcp.dstport in { 8000..8081 }", "mode": "disabled", "created_on": "<TIMESTAMP>", "modified_on": "<TIMESTAMP>" }, "success": true, "errors": [], "messages": []
}
Refer to JSON objects for more information on the fields in the JSON body.