// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. import { APIResource } from '../../resource'; import * as Core from '../../core'; import * as PrioritizeAPI from './prioritize'; import { Prioritize, PrioritizeUpdateParams } from './prioritize'; import * as CustomHostnamesAPI from '../custom-hostnames/custom-hostnames'; import * as KeylessCertificatesAPI from '../keyless-certificates/keyless-certificates'; import { SinglePage, V4PagePaginationArray, type V4PagePaginationArrayParams } from '../../pagination'; export class CustomCertificates extends APIResource { prioritize: PrioritizeAPI.Prioritize = new PrioritizeAPI.Prioritize(this._client); /** * Upload a new SSL certificate for a zone. * * @example * ```ts * const customCertificate = * await client.customCertificates.create({ * zone_id: '023e105f4ecef8ad9ca31a8372d0c353', * certificate: * '-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n', * }); * ``` */ create( params: CustomCertificateCreateParams, options?: Core.RequestOptions, ): Core.APIPromise { const { zone_id, ...body } = params; return ( this._client.post(`/zones/${zone_id}/custom_certificates`, { body, ...options }) as Core.APIPromise<{ result: CustomCertificate; }> )._thenUnwrap((obj) => obj.result); } /** * List, search, and filter all of your custom SSL certificates. The higher * priority will break ties across overlapping 'legacy_custom' certificates, but * 'legacy_custom' certificates will always supercede 'sni_custom' certificates. * * @example * ```ts * // Automatically fetches more pages as needed. * for await (const customCertificate of client.customCertificates.list( * { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, * )) { * // ... * } * ``` */ list( params: CustomCertificateListParams, options?: Core.RequestOptions, ): Core.PagePromise { const { zone_id, ...query } = params; return this._client.getAPIList( `/zones/${zone_id}/custom_certificates`, CustomCertificatesV4PagePaginationArray, { query, ...options }, ); } /** * Remove a SSL certificate from a zone. * * @example * ```ts * const customCertificate = * await client.customCertificates.delete( * '023e105f4ecef8ad9ca31a8372d0c353', * { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, * ); * ``` */ delete( customCertificateId: string, params: CustomCertificateDeleteParams, options?: Core.RequestOptions, ): Core.APIPromise { const { zone_id } = params; return ( this._client.delete( `/zones/${zone_id}/custom_certificates/${customCertificateId}`, options, ) as Core.APIPromise<{ result: CustomCertificateDeleteResponse }> )._thenUnwrap((obj) => obj.result); } /** * Upload a new private key and/or PEM/CRT for the SSL certificate. Note: PATCHing * a configuration for sni_custom certificates will result in a new resource id * being returned, and the previous one being deleted. * * @example * ```ts * const customCertificate = * await client.customCertificates.edit( * '023e105f4ecef8ad9ca31a8372d0c353', * { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, * ); * ``` */ edit( customCertificateId: string, params: CustomCertificateEditParams, options?: Core.RequestOptions, ): Core.APIPromise { const { zone_id, ...body } = params; return ( this._client.patch(`/zones/${zone_id}/custom_certificates/${customCertificateId}`, { body, ...options, }) as Core.APIPromise<{ result: CustomCertificate }> )._thenUnwrap((obj) => obj.result); } /** * Retrieves details for a specific custom SSL certificate, including certificate * metadata, bundle method, geographic restrictions, and associated keyless server * configuration. * * @example * ```ts * const customCertificate = * await client.customCertificates.get( * '023e105f4ecef8ad9ca31a8372d0c353', * { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, * ); * ``` */ get( customCertificateId: string, params: CustomCertificateGetParams, options?: Core.RequestOptions, ): Core.APIPromise { const { zone_id } = params; return ( this._client.get( `/zones/${zone_id}/custom_certificates/${customCertificateId}`, options, ) as Core.APIPromise<{ result: CustomCertificate }> )._thenUnwrap((obj) => obj.result); } } export class CustomCertificatesV4PagePaginationArray extends V4PagePaginationArray {} export class CustomCertificatesSinglePage extends SinglePage {} export interface CustomCertificate { /** * Identifier. */ id: string; /** * Identifier. */ zone_id: string; /** * A ubiquitous bundle has the highest probability of being verified everywhere, * even by clients using outdated or unusual trust stores. An optimal bundle uses * the shortest chain and newest intermediates. And the force bundle verifies the * chain, but does not otherwise modify it. */ bundle_method?: CustomHostnamesAPI.BundleMethod; /** * The identifier for the Custom CSR that was used. */ custom_csr_id?: string; /** * When the certificate from the authority expires. */ expires_on?: string; /** * Specify the region where your private key can be held locally for optimal TLS * performance. HTTPS connections to any excluded data center will still be fully * encrypted, but will incur some latency while Keyless SSL is used to complete the * handshake with the nearest allowed data center. Options allow distribution to * only to U.S. data centers, only to E.U. data centers, or only to highest * security data centers. Default distribution is to all Cloudflare datacenters, * for optimal performance. */ geo_restrictions?: GeoRestrictions; hosts?: Array; /** * The certificate authority that issued the certificate. */ issuer?: string; keyless_server?: KeylessCertificatesAPI.KeylessCertificate; /** * When the certificate was last modified. */ modified_on?: string; /** * The policy restrictions returned by the API. This field is returned in responses * when a policy has been set. The API accepts the "policy" field in requests but * returns this field as "policy_restrictions" in responses. * * Specifies the region(s) where your private key can be held locally for optimal * TLS performance. Format is a boolean expression, for example: "(country: US) or * (region: EU)" */ policy_restrictions?: string; /** * The order/priority in which the certificate will be used in a request. The * higher priority will break ties across overlapping 'legacy_custom' certificates, * but 'legacy_custom' certificates will always supercede 'sni_custom' * certificates. */ priority?: number; /** * The type of hash used for the certificate. */ signature?: string; /** * Status of the zone's custom SSL. */ status?: 'active' | 'expired' | 'deleted' | 'pending' | 'initializing'; /** * When the certificate was uploaded to Cloudflare. */ uploaded_on?: string; } /** * Specify the region where your private key can be held locally for optimal TLS * performance. HTTPS connections to any excluded data center will still be fully * encrypted, but will incur some latency while Keyless SSL is used to complete the * handshake with the nearest allowed data center. Options allow distribution to * only to U.S. data centers, only to E.U. data centers, or only to highest * security data centers. Default distribution is to all Cloudflare datacenters, * for optimal performance. */ export interface GeoRestrictions { label?: 'us' | 'eu' | 'highest_security'; } /** * Specify the region where your private key can be held locally for optimal TLS * performance. HTTPS connections to any excluded data center will still be fully * encrypted, but will incur some latency while Keyless SSL is used to complete the * handshake with the nearest allowed data center. Options allow distribution to * only to U.S. data centers, only to E.U. data centers, or only to highest * security data centers. Default distribution is to all Cloudflare datacenters, * for optimal performance. */ export interface GeoRestrictionsParam { label?: 'us' | 'eu' | 'highest_security'; } /** * Client Certificates may be active or revoked, and the pending_reactivation or * pending_revocation represent in-progress asynchronous transitions */ export type Status = 'active' | 'pending_reactivation' | 'pending_revocation' | 'revoked'; export interface CustomCertificateDeleteResponse { /** * Identifier. */ id?: string; } export interface CustomCertificateCreateParams { /** * Path param: Identifier. */ zone_id: string; /** * Body param: The zone's SSL certificate or certificate and the intermediate(s). */ certificate: string; /** * Body param: A ubiquitous bundle has the highest probability of being verified * everywhere, even by clients using outdated or unusual trust stores. An optimal * bundle uses the shortest chain and newest intermediates. And the force bundle * verifies the chain, but does not otherwise modify it. */ bundle_method?: CustomHostnamesAPI.BundleMethodParam; /** * Body param: The identifier for the Custom CSR that was used. */ custom_csr_id?: string; /** * Body param: The environment to deploy the certificate to, defaults to production */ deploy?: 'staging' | 'production'; /** * Body param: Specify the region where your private key can be held locally for * optimal TLS performance. HTTPS connections to any excluded data center will * still be fully encrypted, but will incur some latency while Keyless SSL is used * to complete the handshake with the nearest allowed data center. Options allow * distribution to only to U.S. data centers, only to E.U. data centers, or only to * highest security data centers. Default distribution is to all Cloudflare * datacenters, for optimal performance. */ geo_restrictions?: GeoRestrictionsParam; /** * Body param: Specify the policy that determines the region where your private key * will be held locally. HTTPS connections to any excluded data center will still * be fully encrypted, but will incur some latency while Keyless SSL is used to * complete the handshake with the nearest allowed data center. Any combination of * countries, specified by their two letter country code * (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements) * can be chosen, such as 'country: IN', as well as 'region: EU' which refers to * the EU region. If there are too few data centers satisfying the policy, it will * be rejected. Note: The API accepts this field as either "policy" or * "policy_restrictions" in requests. Responses return this field as * "policy_restrictions". */ policy?: string; /** * Body param: The zone's private key. Not required if custom_csr_id is provided, * in which case the private key is retrieved from the CSR record held by * Cloudflare. */ private_key?: string; /** * Body param: The type 'legacy_custom' enables support for legacy clients which do * not include SNI in the TLS handshake. */ type?: 'legacy_custom' | 'sni_custom'; } export interface CustomCertificateListParams extends V4PagePaginationArrayParams { /** * Path param: Identifier. */ zone_id: string; /** * Query param: Whether to match all search requirements or at least one (any). */ match?: 'any' | 'all'; /** * Query param: Status of the zone's custom SSL. */ status?: 'active' | 'expired' | 'deleted' | 'pending' | 'initializing'; } export interface CustomCertificateDeleteParams { /** * Identifier. */ zone_id: string; } export interface CustomCertificateEditParams { /** * Path param: Identifier. */ zone_id: string; /** * Body param: A ubiquitous bundle has the highest probability of being verified * everywhere, even by clients using outdated or unusual trust stores. An optimal * bundle uses the shortest chain and newest intermediates. And the force bundle * verifies the chain, but does not otherwise modify it. */ bundle_method?: CustomHostnamesAPI.BundleMethodParam; /** * Body param: The zone's SSL certificate or certificate and the intermediate(s). */ certificate?: string; /** * Body param: The identifier for the Custom CSR that was used. */ custom_csr_id?: string; /** * Body param: The environment to deploy the certificate to, defaults to production */ deploy?: 'staging' | 'production'; /** * Body param: Specify the region where your private key can be held locally for * optimal TLS performance. HTTPS connections to any excluded data center will * still be fully encrypted, but will incur some latency while Keyless SSL is used * to complete the handshake with the nearest allowed data center. Options allow * distribution to only to U.S. data centers, only to E.U. data centers, or only to * highest security data centers. Default distribution is to all Cloudflare * datacenters, for optimal performance. */ geo_restrictions?: GeoRestrictionsParam; /** * Body param: Specify the policy that determines the region where your private key * will be held locally. HTTPS connections to any excluded data center will still * be fully encrypted, but will incur some latency while Keyless SSL is used to * complete the handshake with the nearest allowed data center. Any combination of * countries, specified by their two letter country code * (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements) * can be chosen, such as 'country: IN', as well as 'region: EU' which refers to * the EU region. If there are too few data centers satisfying the policy, it will * be rejected. Note: The API accepts this field as either "policy" or * "policy_restrictions" in requests. Responses return this field as * "policy_restrictions". */ policy?: string; /** * Body param: The zone's private key. Not required if custom_csr_id is provided, * in which case the private key is retrieved from the CSR record held by * Cloudflare. */ private_key?: string; } export interface CustomCertificateGetParams { /** * Identifier. */ zone_id: string; } CustomCertificates.CustomCertificatesV4PagePaginationArray = CustomCertificatesV4PagePaginationArray; CustomCertificates.Prioritize = Prioritize; export declare namespace CustomCertificates { export { type CustomCertificate as CustomCertificate, type GeoRestrictions as GeoRestrictions, type Status as Status, type CustomCertificateDeleteResponse as CustomCertificateDeleteResponse, CustomCertificatesV4PagePaginationArray as CustomCertificatesV4PagePaginationArray, type CustomCertificateCreateParams as CustomCertificateCreateParams, type CustomCertificateListParams as CustomCertificateListParams, type CustomCertificateDeleteParams as CustomCertificateDeleteParams, type CustomCertificateEditParams as CustomCertificateEditParams, type CustomCertificateGetParams as CustomCertificateGetParams, }; export { Prioritize as Prioritize, type PrioritizeUpdateParams as PrioritizeUpdateParams }; }