Common API calls

Required API token permissions

The API token used in API requests to manage WAF content scanning and custom scan expressions must have one of the following permissions:

Zone WAF Edit
Account WAF Edit

General operations

The following API examples cover basic operations such as enabling and disabling WAF content scanning.

Enable WAF content scanning

To enable content scanning, use a POST request similar to the following:

Example requestcurl --request POST \
"https://api.cloudflare.com/client/v4/zones/{zone_id}/content-upload-scan/enable" \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>"

Disable WAF content scanning

To disable content scanning, use a POST request similar to the following:

Example requestcurl --request POST \
"https://api.cloudflare.com/client/v4/zones/{zone_id}/content-upload-scan/disable" \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>"

Get WAF content scanning status

To obtain the current status of the content scanning feature, use a GET request similar to the following:

Example requestcurl "https://api.cloudflare.com/client/v4/zones/{zone_id}/content-upload-scan/settings" \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>"

Custom expression operations

The following API examples cover operations on custom scan expressions for content scanning.

Get existing custom scan expressions

To get a list of existing custom scan expressions, use a GET request similar to the following:

Example requestcurl "https://api.cloudflare.com/client/v4/zones/{zone_id}/content-upload-scan/payloads" \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>"

Example response{  "result": [    {      "id": "<EXPRESSION_ID>",      "payload": "lookup_json_string(http.request.body.raw, \"file\")"    }  ],  "success": true,  "errors": [],  "messages": []
}

Add a custom scan expression

Use a POST request similar to the following:

Example requestcurl "https://api.cloudflare.com/client/v4/zones/{zone_id}/content-upload-scan/payloads" \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>" \
--header "Content-Type: application/json" \
--data '[  {    "payload": "lookup_json_string(http.request.body.raw, \"file\")"  }]'

Delete a custom scan expression

Use a DELETE request similar to the following:

Example requestcurl --request DELETE \
"https://api.cloudflare.com/client/v4/zones/{zone_id}/content-upload-scan/payloads/{expression_id}" \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>"

Common API calls

​​ Required API token permissions

​​ General operations

​​ Enable WAF content scanning

​​ Disable WAF content scanning

​​ Get WAF content scanning status

​​ Custom expression operations

​​ Get existing custom scan expressions

​​ Add a custom scan expression

​​ Delete a custom scan expression