cloudflare · RebeccaTamachiro · May 16, 2025 · May 15, 2025 · May 16, 2025 · May 16, 2025
@@ -10,7 +10,7 @@ description: Cloudflare mTLS now supports client certificates that have not been
 
 ---
 
-import { Render } from "~/components"
+import { Render, APIRequest } from "~/components"
 
 This page explains how you can manage mTLS using client certificates that have not been issued by Cloudflare CA.
 
@@ -95,8 +95,10 @@ If you want to remove a CA that you have previously uploaded, you must first rem
 
 You can also use the [API](/api/resources/certificate_authorities/subresources/hostname_associations/methods/get/) to list the hostname associations. Make sure you include the query parameter `mtls_certificate_id`, where `mtls_certificate_id` is the certificate ID of the uploaded CA (step 2 above).
 
-```bash
-curl "https://api.cloudflare.com/client/v4/zones/zone_id/certificate_authorities/hostname_associations?mtls_certificate_id={id_from_step_2}"  \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>"
-```
+<APIRequest
+  path="/zones/{zone_id}/certificate_authorities/hostname_associations"
+  method="GET"
+  parameters={{
+		mtls_certificate_id: "ID_FROM_STEP_2"
+	}}
+/>
@@ -6,7 +6,7 @@ sidebar:
   label: Use the API
 ---
 
-import { Render, TabItem, Tabs } from "~/components";
+import { Render, TabItem, Tabs, APIRequest } from "~/components";
 
 <Render file="cipher-suites-definition" />
 
@@ -25,6 +25,10 @@ Note that:
 * If setting up a per-hostname cipher suite customization, make sure that the hostname is specified on the certificate (instead of being covered by a wildcard).
 * If you use Windows you might need to adjust the `curl` syntax, refer to [Making API calls on Windows](/fundamentals/api/how-to/make-api-calls/#making-api-calls-on-windows) for further guidance.
 
+:::note
+Updating the cipher suites will result in certificates being redeployed.
+:::
+
 ## Steps and API examples
 
 1. Decide which cipher suites you want to specify and which ones you want to disable (meaning they will not be included in your selection).
@@ -35,82 +39,69 @@ Note that:
 3. Get the Zone ID from the [Overview page](https://dash.cloudflare.com/?to=/:account/:zone/) of the domain you want to specify cipher suites for.
 4. Make an API call to either the [Edit zone setting](/api/resources/zones/subresources/settings/methods/edit/) endpoint or the [Edit TLS setting for hostname](/api/resources/hostnames/subresources/settings/subresources/tls/methods/update/) endpoint, specifying `ciphers` in the URL. List your array of chosen cipher suites in the `value` field.
 
-:::note
-Updating the cipher suites will result in certificates being redeployed.
-:::
-
 <Tabs> <TabItem label="modern">
 
-<Render file="ciphers-api-general-notes" />
-
-```bash
-# To configure cipher suites per hostname, replace the first two lines by the following
-# curl --request PUT \
-# "https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
-
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{"value": ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"]}'
-```
-
-</TabItem> <TabItem label="compatible">
+<APIRequest
+  path="/zones/{zone_id}/settings/{setting_id}"
+  method="PATCH"
+  json={{
+		"value": ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"]
+	}}
+	parameters={{
+		setting_id: "ciphers"
+	}}
+/>
 
 <Render file="ciphers-api-general-notes" />
 
-```bash
-# To configure cipher suites per hostname, replace the first two lines by the following
-# curl --request PUT \
-# "https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
-
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{"value": ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA384"]}'
-```
+</TabItem> <TabItem label="compatible">
 
-</TabItem> <TabItem label="pci dss">
+<APIRequest
+  path="/zones/{zone_id}/settings/{setting_id}"
+  method="PATCH"
+  json={{
+		"value": ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA384"]
+	}}
+	parameters={{
+		setting_id: "ciphers"
+	}}
+/>
 
 <Render file="ciphers-api-general-notes" />
 
-```bash
-# To configure cipher suites per hostname, replace the first two lines by the following
-# curl --request PUT \
-# "https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
-
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{"value": ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305"]}'
-```
-
-:::caution
+</TabItem> <TabItem label="pci dss">
 
+:::note
 For compliance with PCI DSS, also [enable TLS 1.3](/ssl/edge-certificates/additional-options/tls-13/#enable-tls-13) on your zone and make sure to up your [Minimum TLS version](/ssl/edge-certificates/additional-options/minimum-tls/) to `1.2`.
 :::
 
-</TabItem> <TabItem label="fips-140-2">
+<APIRequest
+  path="/zones/{zone_id}/settings/{setting_id}"
+  method="PATCH"
+  json={{
+		"value": ["ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305"]
+	}}
+	parameters={{
+		setting_id: "ciphers"
+	}}
+/>
 
 <Render file="ciphers-api-general-notes" />
 
-```bash
-# To configure cipher suites per hostname, replace the first two lines by the following
-# curl --request PUT \
-# "https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
+</TabItem> <TabItem label="fips-140-2">
+
+<APIRequest
+  path="/zones/{zone_id}/settings/{setting_id}"
+  method="PATCH"
+  json={{
+		"value": ["AES128-GCM-SHA256", "AES128-SHA", "AES128-SHA256", "AES256-SHA", "AES256-SHA256", "DES-CBC3-SHA", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES128-SHA256", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-SHA", "ECDHE-RSA-AES256-SHA384"]
+	}}
+	parameters={{
+		setting_id: "ciphers"
+	}}
+/>
 
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{"value":["AES128-GCM-SHA256", "AES128-SHA", "AES128-SHA256", "AES256-SHA", "AES256-SHA256", "DES-CBC3-SHA", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES128-SHA256", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-SHA", "ECDHE-RSA-AES256-SHA384"]}'
-```
+<Render file="ciphers-api-general-notes" />
 
 </TabItem> </Tabs>
 
@@ -120,26 +111,29 @@ curl --request PATCH \
 
 To reset to the default cipher suites at zone level, use the [Edit zone setting](/api/resources/zones/subresources/settings/methods/edit/) endpoint, specifying `ciphers` as the setting name in the URL, and send an empty array in the `value` field.
 
-```bash
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ciphers" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{"value": []}'
-```
+<APIRequest
+  path="/zones/{zone_id}/settings/{setting_id}"
+  method="PATCH"
+  json={{
+		"value": []
+	}}
+	parameters={{
+		setting_id: "ciphers"
+	}}
+/>
+
 
 </TabItem> <TabItem label="per-hostname">
 
 For specific hostname settings, use the [Delete TLS setting for hostname](/api/resources/hostnames/subresources/settings/subresources/tls/methods/delete/) endpoint.
 
-```bash
-curl --request DELETE \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/ciphers/{hostname}" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header 'Content-Type: application/json' \
-```
+<APIRequest
+  path="/zones/{zone_id}/hostnames/settings/{setting_id}/{hostname}"
+  method="DELETE"
+	parameters={{
+		setting_id: "ciphers"
+	}}
+/>
 
 </TabItem> </Tabs>
 

@@ -5,7 +5,7 @@ sidebar:
   order: 13
 ---
 
-import { FeatureTable, TabItem, Tabs } from "~/components";
+import { FeatureTable, TabItem, Tabs, APIRequest } from "~/components";
 
 Minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer.
 
@@ -54,16 +54,17 @@ Use the [Edit zone setting](/api/resources/zones/subresources/settings/methods/e
 
 In the following example, the minimum TLS version for the zone will be set to `1.2`. Replace the zone ID and API token placeholders with your information, and adjust the `value` field with your chosen TLS version.
 
-```bash
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/min_tls_version" \
---header "Authorization: Bearer <API_TOKEN>" \
---header "Content-Type: application/json" \
---data '{
-    "id": "min_tls_version",
-    "value": "1.2"
-  }'
-```
+<APIRequest
+  path="/zones/{zone_id}/settings/{setting_id}"
+  method="PATCH"
+  json={{
+		"id": "min_tls_version",
+		"value": "1.2",
+	}}
+	parameters={{
+		setting_id: "min_tls_version"
+	}}
+/>
 
 </TabItem> </Tabs>
 
@@ -78,17 +79,18 @@ This is currently only available via the API:
 
 Cloudflare uses the [hostname priority logic](/ssl/reference/certificate-and-hostname-priority/) to determine which setting to apply.
 
-In the following example, the minimum TLS version for a specific hostname will be set to `1.2`. Replace the zone ID, hostname, and API token placeholders with your information, and adjust the `value` field with your chosen TLS version.
-
-```bash
-curl --request PUT \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/hostnames/settings/min_tls_version/{hostname}" \
---header "Authorization: Bearer <API_TOKEN>" \
---header "Content-Type: application/json" \
---data '{
-    "value": "1.2"
-  }'
-```
+In the following example, the minimum TLS version for a specific hostname will be set to `1.2`. Replace the zone ID, hostname, and authentication placeholders with your information, and adjust the `value` field with your chosen TLS version.
+
+<APIRequest
+  path="/zones/{zone_id}/hostnames/settings/{setting_id}/{hostname}"
+  method="PUT"
+  json={{
+		"value": "1.2"
+	}}
+	parameters={{
+		setting_id: "min_tls_version"
+	}}
+/>
 
 ## Test supported TLS versions
 

@@ -5,7 +5,7 @@ sidebar:
   order: 2
 ---
 
-import { Details, GlossaryTooltip, Render, TabItem, Tabs } from "~/components";
+import { Details, GlossaryTooltip, Render, TabItem, Tabs, APIRequest } from "~/components";
 
 This page lists Cloudflare requirements for custom certificates and explains how to upload and update these certificates using Cloudflare dashboard or API.
 
@@ -148,7 +148,6 @@ curl https://api.cloudflare.com/client/v4/zones/{zone_id}/custom_certificates \
 --header "Content-Type: application/json" \
 --data "$request_body"
 ```
-
 3. (Optional) Add a CAA record.
 
 <Render file="caa-records-definition" />

@@ -10,7 +10,7 @@ description: Learn how to set up Geo Key Manager and choose the geographical
   boundaries of where your private encryption keys are stored.
 ---
 
-import { Render, TabItem, Tabs, InlineBadge } from "~/components";
+import { Render, TabItem, Tabs, InlineBadge, APIRequest, Example } from "~/components";
 
 ## Geo Key Manager v2 <InlineBadge preset="beta" />
 
@@ -36,31 +36,38 @@ You also have access to the `geo_restrictions` parameter, which is mutually excl
 
 ### Examples
 
-```bash title="Store private keys in the E.U. and the U.S."
-curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/custom_certificates" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "certificate":"certificate",
-  "private_key":"<PRIVATE_KEY>",
-  "policy":"(country: US) and (region: EU)",
-  "type": "sni_custom"
-}'
-```
-
-```bash title="Store private keys in the E.U., but not in France"
-curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/custom_certificates" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "certificate":"certificate",
-  "private_key":"<PRIVATE_KEY>",
-  "policy":"(region: EU) and (not country: FR)",
-  "type": "sni_custom"
-}'
-```
+<Example>
+
+Store private keys in the E.U. and the U.S.
+
+<APIRequest
+  path="/zones/{zone_id}/custom_certificates"
+  method="POST"
+  json={{
+		"certificate":"certificate",
+		"private_key":"<PRIVATE_KEY>",
+		"policy":"(country: US) and (region: EU)",
+		"type": "sni_custom"
+	}}
+/>
+
+</Example>
+
+<Example>
+Store private keys in the E.U., but not in France
+
+<APIRequest
+  path="/zones/{zone_id}/custom_certificates"
+  method="POST"
+  json={{
+		  "certificate":"certificate",
+			"private_key":"<PRIVATE_KEY>",
+			"policy":"(region: EU) and (not country: FR)",
+			"type": "sni_custom"
+	}}
+/>
+
+</Example>
 
 :::note