Update API examples to use the same workflow (check entry point, add rule)

pedrosousa · pedrosousa · commit 9af54e1bbd3d · 2024-10-08T18:22:59.000+01:00
diff --git a/src/content/docs/waf/managed-rules/reference/exposed-credentials-check.mdx b/src/content/docs/waf/managed-rules/reference/exposed-credentials-check.mdx
@@ -52,64 +52,38 @@ To enable the Cloudflare Exposed Credentials Check Managed Ruleset for a given z
 
 This example deploys the Cloudflare Exposed Credentials Check Managed Ruleset to the `http_request_firewall_managed` phase of a given zone (`{zone_id}`) by creating a rule that executes the managed ruleset. The rules in the managed ruleset are executed for all incoming requests.
 
-1.  Search for an existing [entry point ruleset](/ruleset-engine/about/rulesets/#entry-point-ruleset) for the `http_request_firewall_managed` phase using the [List zone rulesets](/api/operations/listZoneRulesets) operation and take note of the ruleset ID. This ruleset, if it exists, has the following properties: `"kind": "zone"` and `"phase": "http_request_firewall_managed"`.
+1.  Invoke the [Get a zone entry point ruleset](/api/operations/getZoneEntrypointRuleset) operation to obtain the definition of the entry point ruleset for the `http_request_firewall_managed` phase. You will need the [zone ID](/fundamentals/setup/find-account-and-zone-ids/) for this task.
 
     ```bash
-    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets" \
+    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/phases/http_request_firewall_managed/entrypoint" \
     --header "Authorization: Bearer <API_TOKEN>"
     ```
 
-    ```json output {5,9,12}
+    ```json output {4}
     {
-    	"result": [
-    		// ...
-    		{
-    			"id": "<RULESET_ID>",
-    			"name": "default",
-    			"description": "",
-    			"source": "firewall_managed",
-    			"kind": "zone",
-    			"version": "5",
-    			"last_updated": "2024-07-22T16:04:19.788697Z",
-    			"phase": "http_request_firewall_managed"
-    		}
-    		// ...
-    	],
+    	"result": {
+    		"description": "Zone-level phase entry point",
+    		"id": "<RULESET_ID>",
+    		"kind": "zone",
+    		"last_updated": "2024-03-16T15:40:08.202335Z",
+    		"name": "zone",
+    		"phase": "http_request_firewall_managed",
+    		"rules": [
+    			// ...
+    		],
+    		"source": "firewall_managed",
+    		"version": "10"
+    	},
     	"success": true,
     	"errors": [],
     	"messages": []
     }
     ```
 
-2.  If the entry point ruleset does not exist, create it using the [Create a zone ruleset](/api/operations/createZoneRuleset) operation. Include a single rule in the `rules` array that executes the [Cloudflare Exposed Credentials Check Managed Ruleset](/waf/managed-rules/reference/cloudflare-managed-ruleset/) (with ID <RuleID id="c2e184081120413c86c3ab7e14069605" />) for all incoming requests in the zone.
-
-    ```bash
-    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets" \
-    --header "Authorization: Bearer <API_TOKEN>" \
-    --header "Content-Type: application/json" \
-    --data '{
-      "name": "My ruleset",
-      "description": "Entry point ruleset for WAF managed rulesets",
-      "kind": "zone",
-      "phase": "http_request_firewall_managed",
-      "rules": [
-        {
-    			"action": "execute",
-    			"action_parameters": {
-    				"id": "c2e184081120413c86c3ab7e14069605"
-    			},
-    			"expression": "true",
-    			"description": "Execute the Cloudflare Exposed Credentials Check Managed Ruleset"
-    		}
-      ]
-    }'
-    ```
-
-    If the entry point ruleset already exists, add a rule to this ruleset (with ID `{ruleset_id}`) using the [Create a zone ruleset rule](/api/operations/createZoneRulesetRule) operation. This rule executes the Cloudflare Exposed Credentials Check Managed Ruleset (with ID <RuleID id="c2e184081120413c86c3ab7e14069605" />) for all incoming requests in the zone.
+2.  If the entry point ruleset already exists (that is, if you received a `200 OK` status code and the ruleset definition), take note of the ruleset ID in the response. Then, invoke the [Create a zone ruleset rule](/api/operations/createZoneRulesetRule) operation to add an `execute` rule to the existing ruleset deploying the [Cloudflare Exposed Credentials Check Managed Ruleset](/waf/managed-rules/reference/exposed-credentials-check/) (with ID <RuleID id="c2e184081120413c86c3ab7e14069605" />). By default, the rule will be added at the end of the list of rules already in the ruleset.
 
     ```bash
-    curl --request PUT \
-    "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules" \
+    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules" \
     --header "Authorization: Bearer <API_TOKEN>" \
     --header "Content-Type: application/json" \
     --data '{
@@ -129,7 +103,7 @@ This example deploys the Cloudflare Exposed Credentials Check Managed Ruleset to
     		"name": "Zone-level phase entry point",
     		"description": "",
     		"kind": "zone",
-    		"version": "3",
+    		"version": "11",
     		"rules": [
     			// ... any existing rules
     			{
@@ -156,6 +130,30 @@ This example deploys the Cloudflare Exposed Credentials Check Managed Ruleset to
     }
     ```
 
+3.  If the entry point ruleset does not exist (that is, if you received a `404 Not Found` status code in step 1), create it using the [Create a zone ruleset](/api/operations/createZoneRuleset) operation. Include a single rule in the `rules` array that executes the [Cloudflare Exposed Credentials Check Managed Ruleset](/waf/managed-rules/reference/exposed-credentials-check/) (with ID <RuleID id="c2e184081120413c86c3ab7e14069605" />) for all incoming requests in the zone.
+
+    ```bash
+    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets" \
+    --header "Authorization: Bearer <API_TOKEN>" \
+    --header "Content-Type: application/json" \
+    --data '{
+      "name": "My ruleset",
+      "description": "Entry point ruleset for WAF managed rulesets",
+      "kind": "zone",
+      "phase": "http_request_firewall_managed",
+      "rules": [
+        {
+    			"action": "execute",
+    			"action_parameters": {
+    				"id": "c2e184081120413c86c3ab7e14069605"
+    			},
+    			"expression": "true",
+    			"description": "Execute the Cloudflare Exposed Credentials Check Managed Ruleset"
+    		}
+      ]
+    }'
+    ```
+
 ### Next steps
 
 To configure the Exposed Credentials Check Managed Ruleset via API, create [overrides](/ruleset-engine/managed-rulesets/override-managed-ruleset/) using the Rulesets API. You can perform the following configurations:
diff --git a/src/content/docs/waf/managed-rules/reference/sensitive-data-detection.mdx b/src/content/docs/waf/managed-rules/reference/sensitive-data-detection.mdx
@@ -48,64 +48,38 @@ To enable Cloudflare Sensitive Data Detection for a given zone using the API, cr
 
 This example deploys the Cloudflare Sensitive Data Detection managed ruleset to the `http_response_firewall_managed` phase of a given zone (`{zone_id}`) by creating a rule that executes the managed ruleset. The rules in the managed ruleset are executed for all incoming requests.
 
-1.  Search for an existing [entry point ruleset](/ruleset-engine/about/rulesets/#entry-point-ruleset) for the `http_response_firewall_managed` phase using the [List zone rulesets](/api/operations/listZoneRulesets) operation and take note of the ruleset ID. This ruleset, if it exists, has the following properties: `"kind": "zone"` and `"phase": "http_response_firewall_managed"`.
+1.  Invoke the [Get a zone entry point ruleset](/api/operations/getZoneEntrypointRuleset) operation to obtain the definition of the entry point ruleset for the `http_response_firewall_managed` phase. You will need the [zone ID](/fundamentals/setup/find-account-and-zone-ids/) for this task.
 
     ```bash
-    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets" \
+    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/phases/http_response_firewall_managed/entrypoint" \
     --header "Authorization: Bearer <API_TOKEN>"
     ```
 
-    ```json output {5,9,12}
+    ```json output {4}
     {
-    	"result": [
-    		// ...
-    		{
-    			"id": "<RULESET_ID>",
-    			"name": "default",
-    			"description": "",
-    			"source": "firewall_managed",
-    			"kind": "zone",
-    			"version": "5",
-    			"last_updated": "2024-07-22T16:04:19.788697Z",
-    			"phase": "http_response_firewall_managed"
-    		}
-    		// ...
-    	],
+    	"result": {
+    		"description": "Zone-level phase entry point (response)",
+    		"id": "<RULESET_ID>",
+    		"kind": "zone",
+    		"last_updated": "2024-03-16T15:40:08.202335Z",
+    		"name": "zone",
+    		"phase": "http_response_firewall_managed",
+    		"rules": [
+    			// ...
+    		],
+    		"source": "firewall_managed",
+    		"version": "10"
+    	},
     	"success": true,
     	"errors": [],
     	"messages": []
     }
     ```
 
-2.  If the entry point ruleset does not exist, create it using the [Create a zone ruleset](/api/operations/createZoneRuleset) operation. Include a single rule in the `rules` array that executes the [Cloudflare Sensitive Data Detection managed ruleset](/waf/managed-rules/reference/cloudflare-managed-ruleset/) (with ID <RuleID id="e22d83c647c64a3eae91b71b499d988e" />) for all incoming requests in the zone.
-
-    ```bash
-    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets" \
-    --header "Authorization: Bearer <API_TOKEN>" \
-    --header "Content-Type: application/json" \
-    --data '{
-      "name": "My ruleset",
-      "description": "Entry point ruleset for WAF managed rulesets (response)",
-      "kind": "zone",
-      "phase": "http_response_firewall_managed",
-      "rules": [
-        {
-    			"action": "execute",
-    			"action_parameters": {
-    				"id": "e22d83c647c64a3eae91b71b499d988e"
-    			},
-    			"expression": "true",
-    			"description": "Execute the Cloudflare Sensitive Data Detection managed ruleset"
-    		}
-      ]
-    }'
-    ```
-
-    If the entry point ruleset already exists, add a rule to this ruleset (with ID `{ruleset_id}`) using the [Create a zone ruleset rule](/api/operations/createZoneRulesetRule) operation. This rule executes the Cloudflare Sensitive Data Detection managed ruleset (with ID <RuleID id="e22d83c647c64a3eae91b71b499d988e" />) for all incoming requests in the zone.
+2.  If the entry point ruleset already exists (that is, if you received a `200 OK` status code and the ruleset definition), take note of the ruleset ID in the response. Then, invoke the [Create a zone ruleset rule](/api/operations/createZoneRulesetRule) operation to add an `execute` rule to the existing ruleset deploying the [Cloudflare Sensitive Data Detection managed ruleset](/waf/managed-rules/reference/sensitive-data-detection/) (with ID <RuleID id="e22d83c647c64a3eae91b71b499d988e" />). By default, the rule will be added at the end of the list of rules already in the ruleset.
 
     ```bash
-    curl --request PUT \
-    "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules" \
+    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/{ruleset_id}/rules" \
     --header "Authorization: Bearer <API_TOKEN>" \
     --header "Content-Type: application/json" \
     --data '{
@@ -122,10 +96,10 @@ This example deploys the Cloudflare Sensitive Data Detection managed ruleset to
     {
     	"result": {
     		"id": "<RULESET_ID>",
-    		"name": "Zone-level phase entry point",
+    		"name": "Zone-level phase entry point (response)",
     		"description": "",
     		"kind": "zone",
-    		"version": "3",
+    		"version": "11",
     		"rules": [
     			// ... any existing rules
     			{
@@ -152,6 +126,30 @@ This example deploys the Cloudflare Sensitive Data Detection managed ruleset to
     }
     ```
 
+3.  If the entry point ruleset does not exist (that is, if you received a `404 Not Found` status code in step 1), create it using the [Create a zone ruleset](/api/operations/createZoneRuleset) operation. Include a single rule in the `rules` array that executes the [Cloudflare Sensitive Data Detection managed ruleset](/waf/managed-rules/reference/sensitive-data-detection/) (with ID <RuleID id="e22d83c647c64a3eae91b71b499d988e" />) for all incoming requests in the zone.
+
+    ```bash
+    curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets" \
+    --header "Authorization: Bearer <API_TOKEN>" \
+    --header "Content-Type: application/json" \
+    --data '{
+      "name": "My ruleset",
+      "description": "Entry point ruleset for WAF managed rulesets (response)",
+      "kind": "zone",
+      "phase": "http_response_firewall_managed",
+      "rules": [
+        {
+    			"action": "execute",
+    			"action_parameters": {
+    				"id": "e22d83c647c64a3eae91b71b499d988e"
+    			},
+    			"expression": "true",
+    			"description": "Execute the Cloudflare Sensitive Data Detection managed ruleset"
+    		}
+      ]
+    }'
+    ```
+
 ### Next steps
 
 To configure Cloudflare Sensitive Data Detection using the API, create [overrides](/ruleset-engine/managed-rulesets/override-managed-ruleset/) using the Rulesets API. You can perform the following configurations:
