Skip to content

Access API examples

You can use the Cloudflare Access API to create policies, including individual rule blocks inside of group or policy bodies. For example, this policy allows all Cloudflare email account users to reach the application with the exception of one account:

{
"name": "allow cloudflare employees",
"decision": "allow",
"include": [
{
"email_domain": {
"domain": "cloudflare.com"
}
}
],
"exclude": [
{
"email": {
"email": "notthisperson@cloudflare.com"
}
}
],
"require": []
}

Example rule configurations

Any valid service token

The request will need to present the headers for any service token created for this account.

Azure® Group

Allow members of an Azure Group. The ID is the group UUID (id) in Azure.

Common name

The request will need to present a valid certificate with an expected common name.

Email

Allow a specific email address.

Service token

The request will need to present the correct service token headers.