Update an access rule
PATCH
/api/zones/{zoneId}/access-rules/{id}
Partially updates an access rule. Any subset of writable fields may be sent. Name uniqueness within the zone and condition validity are re-checked on every change.
Authorizations
ApiToken
Long-lived API token created via POST /api/api-tokens (returned once in plaintext).
Type
API Key (header: X-API-TOKEN)
or
JWT
JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer
Type
HTTP (bearer)
Parameters
Path Parameters
zoneId*
Zone identifier
Type
Requiredstring
id*
access-rule identifier
Type
Requiredstring
Request Body
application/merge-patch+json
JSON "name": "Block office IP range", "description": "Blocks traffic originating from the corporate office subnet.", "conditions": { "logic": "string", "conditions": [ { "field": "string", "operator": "string", "target": "X-Custom-Header", "value": "string" } ] }, "action": "block", "skipTargets": [ [ "waf", "rateLimiting" ] ], "order": 10, "enabled": true, "stopOnMatch": false
{
}
Responses
access-rule resource updated
JSON "@context": "string", "@id": "string", "@type": "string", "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "zone": "https://example.com/", "name": "Block office IP range", "description": "Blocks traffic originating from the corporate office subnet.", "conditions": { "logic": "string", "conditions": [ { "field": "string", "operator": "string", "target": "X-Custom-Header", "value": "string" } ] }, "action": "string", "skipTargets": [ ], "order": 10, "enabled": true, "stopOnMatch": false, "createdAt": "2026-01-15T09:30:00+00:00", "updatedAt": "2026-01-20T14:45:00+00:00"
{
}
