Adjust related content for custom ciphers via API

RebeccaTamachiro · RebeccaTamachiro · commit fa43b9074ea1 · 2025-05-16T10:13:37.000+01:00
diff --git a/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/api.mdx b/src/content/docs/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/api.mdx
@@ -25,6 +25,10 @@ Note that:
 * If setting up a per-hostname cipher suite customization, make sure that the hostname is specified on the certificate (instead of being covered by a wildcard).
 * If you use Windows you might need to adjust the `curl` syntax, refer to [Making API calls on Windows](/fundamentals/api/how-to/make-api-calls/#making-api-calls-on-windows) for further guidance.
 
+:::note
+Updating the cipher suites will result in certificates being redeployed.
+:::
+
 ## Steps and API examples
 
 1. Decide which cipher suites you want to specify and which ones you want to disable (meaning they will not be included in your selection).
@@ -35,19 +39,9 @@ Note that:
 3. Get the Zone ID from the [Overview page](https://dash.cloudflare.com/?to=/:account/:zone/) of the domain you want to specify cipher suites for.
 4. Make an API call to either the [Edit zone setting](/api/resources/zones/subresources/settings/methods/edit/) endpoint or the [Edit TLS setting for hostname](/api/resources/hostnames/subresources/settings/subresources/tls/methods/update/) endpoint, specifying `ciphers` in the URL. List your array of chosen cipher suites in the `value` field.
 
-:::note
-Updating the cipher suites will result in certificates being redeployed.
-:::
-
 <Tabs> <TabItem label="modern">
 
-<Render file="ciphers-api-general-notes" />
-
 ```bash
-# To configure cipher suites per hostname, replace the first two lines by the following
-# curl --request PUT \
-# "https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
-
 curl --request PATCH \
 "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
 --header "X-Auth-Email: <EMAIL>" \
@@ -67,16 +61,11 @@ curl --request PATCH \
 	}}
 />
 
+<Render file="ciphers-api-general-notes" />
 
 </TabItem> <TabItem label="compatible">
 
-<Render file="ciphers-api-general-notes" />
-
 ```bash
-# To configure cipher suites per hostname, replace the first two lines by the following
-# curl --request PUT \
-# "https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
-
 curl --request PATCH \
 "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
 --header "X-Auth-Email: <EMAIL>" \
@@ -96,15 +85,16 @@ curl --request PATCH \
 	}}
 />
 
-</TabItem> <TabItem label="pci dss">
 
 <Render file="ciphers-api-general-notes" />
 
-```bash
-# To configure cipher suites per hostname, replace the first two lines by the following
-# curl --request PUT \
-# "https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
+</TabItem> <TabItem label="pci dss">
+
+:::note
+For compliance with PCI DSS, also [enable TLS 1.3](/ssl/edge-certificates/additional-options/tls-13/#enable-tls-13) on your zone and make sure to up your [Minimum TLS version](/ssl/edge-certificates/additional-options/minimum-tls/) to `1.2`.
+:::
 
+```bash
 curl --request PATCH \
 "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
 --header "X-Auth-Email: <EMAIL>" \
@@ -124,20 +114,11 @@ curl --request PATCH \
 	}}
 />
 
-:::caution
-
-For compliance with PCI DSS, also [enable TLS 1.3](/ssl/edge-certificates/additional-options/tls-13/#enable-tls-13) on your zone and make sure to up your [Minimum TLS version](/ssl/edge-certificates/additional-options/minimum-tls/) to `1.2`.
-:::
+<Render file="ciphers-api-general-notes" />
 
 </TabItem> <TabItem label="fips-140-2">
 
-<Render file="ciphers-api-general-notes" />
-
 ```bash
-# To configure cipher suites per hostname, replace the first two lines by the following
-# curl --request PUT \
-# "https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
-
 curl --request PATCH \
 "https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
 --header "X-Auth-Email: <EMAIL>" \
@@ -157,6 +138,7 @@ curl --request PATCH \
 	}}
 />
 
+<Render file="ciphers-api-general-notes" />
 
 </TabItem> </Tabs>
 
diff --git a/src/content/partials/ssl/ciphers-api-general-notes.mdx b/src/content/partials/ssl/ciphers-api-general-notes.mdx
@@ -2,7 +2,9 @@
 {}
 
 ---
+To configure cipher suites per hostname, replace the first two lines by the following:
 
-Make the following API call with the appropriate `{zone_id}`, `<EMAIL>`, and `<API_KEY>`.
-
-If you [choose to use a token](/fundamentals/api/get-started/), you will not need an email nor an API key. You will instead replace the `X-Auth-Email` and `X-Auth-Key` headers by `--header "Authorization: Bearer <API_TOKEN>" \`.
+```bash
+curl --request PUT \
+"https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
+```
