Skip to content

Create an access rule

POST
/api/zones/{zoneId}/access-rules

Creates a new access rule in the given zone. The rule name must be unique within the zone, and "conditions" must contain at least one condition describing when the rule applies. The "action" field determines what happens when the conditions match; when it is "skip", "skipTargets" lists the security features to bypass. The zone's configured access rule limit must not be exceeded.

Authorizations

ApiToken

Long-lived API token created via POST /api/api-tokens (returned once in plaintext).

Type
API Key (header: X-API-TOKEN)
or
JWT

JWT access token obtained via POST /api/auth/login. Send as: Authorization: Bearer .

Type
HTTP (bearer)

Parameters

Path Parameters

zoneId*

Zone identifier

Type
string
Required

Request Body

JSON
{
  
"name": "Block office IP range",
  
"description": "Blocks traffic originating from the corporate office subnet.",
  
"conditions": {
  
  
"logic": "string",
  
  
"conditions": [
  
  
  
{
  
  
  
  
"field": "string",
  
  
  
  
"operator": "string",
  
  
  
  
"target": "X-Custom-Header",
  
  
  
  
"value": "string"
  
  
  
}
  
  
]
  
},
  
"action": "block",
  
"skipTargets": [
  
  
[
  
  
  
"waf",
  
  
  
"rateLimiting"
  
  
]
  
],
  
"order": 10,
  
"enabled": true,
  
"stopOnMatch": false
}

Responses

access-rule resource created

JSON
{
  
"@context": "string",
  
"@id": "string",
  
"@type": "string",
  
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  
"zone": "https://example.com/",
  
"name": "Block office IP range",
  
"description": "Blocks traffic originating from the corporate office subnet.",
  
"conditions": {
  
  
"logic": "string",
  
  
"conditions": [
  
  
  
{
  
  
  
  
"field": "string",
  
  
  
  
"operator": "string",
  
  
  
  
"target": "X-Custom-Header",
  
  
  
  
"value": "string"
  
  
  
}
  
  
]
  
},
  
"action": "string",
  
"skipTargets": [
  
],
  
"order": 10,
  
"enabled": true,
  
"stopOnMatch": false,
  
"createdAt": "2026-01-15T09:30:00+00:00",
  
"updatedAt": "2026-01-20T14:45:00+00:00"
}

Playground

Authorization
Variables
Key
Value
Body

Samples

Powered by VitePress OpenAPI