[ZT] Implement APIRequest for Access, WARP, Tunnel (cloudflare#23143)

* dash SSO

* dash sso permission

* infra ssh

* device info only mode

* tunnel token

* create remote tunnel

* OTP

* entra id

* generic oidc

* audit logs

* convert legacy policy

* egress ips with vnets

* mtls cert

* access groups

* add missing component

* add missing component

* fix components

Author: ranbel

src/content/docs/cloudflare-one/applications/configure-apps/dash-sso-apps.mdx

@@ -5,7 +5,7 @@ sidebar:
   order: 4
 ---
 
-import { FeatureTable } from "~/components";
+import { FeatureTable, APIRequest } from "~/components";
 
 By adding a Cloudflare Dashboard SSO application to your Cloudflare Zero Trust account, you can enforce single sign-on (SSO) to the Cloudflare dashboard with the identity provider (IdP) of your choice. SSO will be enforced for every user in your email domain.
 
@@ -114,15 +114,14 @@ If there is an issue with your SSO IdP provider, you can add an alternate IdP us
 
 1. [Add](/api/resources/zero_trust/subresources/identity_providers/methods/create/) one-time PIN login:
 
-```bash title="cURL command"
-curl 'https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/identity_providers' \
---header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
---header "Content-Type: application/json" \
---data '{
-  "type": "onetimepin",
-  "config": {}
-}'
-```
+<APIRequest
+  path="/accounts/{account_id}/access/identity_providers"
+  method="POST"
+  json={{
+    type: "onetimepin",
+    config: {},
+  }}
+/>
 
 2. [Get](/api/resources/zero_trust/subresources/access/subresources/applications/methods/list/) the `id` of the `dash_sso` Access application. You can use [`jq`](https://jqlang.github.io/jq/download/) to quickly find the correct application:
 
@@ -142,20 +141,24 @@ curl 'https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/apps' \
 }
 ```
 
-3. Using the `id` obtained above, [update](/api/resources/zero_trust/subresources/access/subresources/applications/methods/update/) **SSO App** to accept all identity providers:
-
-```bash title="cURL command"
-curl --request PUT \
-'https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/apps/3537a672-e4d8-4d89-aab9-26cb622918a1' \
---header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
---header "Content-Type: application/json" \
---data '{
-  "id": "3537a672-e4d8-4d89-aab9-26cb622918a1",
-  ...
-  "allowed_idps": [],
-  ...
-}'
-```
+3. Using the `id` obtained above, [update](/api/resources/zero_trust/subresources/access/subresources/applications/methods/update/) **SSO App** to accept all identity providers. To avoid overwriting your existing configuration, the PUT request body should contain all fields returned by the previous GET request.
+
+<APIRequest
+  path="/accounts/{account_id}/access/apps/{app_id}"
+  method="PUT"
+  parameters={{ app_id: "3537a672-e4d8-4d89-aab9-26cb622918a1" }}
+  json={{
+    id: "3537a672-e4d8-4d89-aab9-26cb622918a1",
+		uid: "3537a672-e4d8-4d89-aab9-26cb622918a1",
+		type: "dash_sso",
+		name: "SSO App",
+    allowed_idps: [],
+    // ... (other existing properties)
+  }}
+	code={{
+		mark: [9]
+	}}
+/>
 
 Users will now have the option to log in using a one-time PIN.
 
@@ -192,8 +195,7 @@ curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/sso/v2/connectors
 ```bash title="cURL command"
 curl --request PATCH \
 'https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/sso/v2/connectors/2828' \
---header "X-Auth-Email: $CLOUDFLARE_EMAIL" \
---header "X-Auth-Key: $CLOUDFLARE_API_KEY" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --header "Content-Type: application/json" \
 --data '{
   "sso_connector_status": "DIS"

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/device-information-only.mdx

@@ -6,7 +6,7 @@ sidebar:
 
 ---
 
-import { TabItem, Tabs, Details, Width } from "~/components"
+import { TabItem, Tabs, Details, Width, APIRequest } from "~/components"
 
 <Details header="Feature availability">
 
@@ -27,14 +27,13 @@ Device Information Only mode allows you to enforce device posture rules when a u
 
 Using the API, enable client certificate provisioning for [your zone](/fundamentals/account/find-account-and-zone-ids/):
 
-   ```bash
-   curl --request PATCH \
-   "https://api.cloudflare.com/client/v4/zones/{zone_id}/devices/policy/certificates" \
-   --header "X-Auth-Email: <EMAIL>" \
-   --header "X-Auth-Key: <API_KEY>" \
-   --header "Content-Type: application/json" \
-   --data '{"enabled": true}'
-   ```
+<APIRequest
+  path="/zones/{zone_id}/devices/policy/certificates"
+  method="PATCH"
+  json={{
+    enabled: true,
+  }}
+/>
 
 ## 2. Configure the WARP client
 

src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx

@@ -5,7 +5,7 @@ sidebar:
   order: 10
 ---
 
-import { TabItem, Tabs, Render } from "~/components";
+import { TabItem, Tabs, Render, APIRequest } from "~/components";
 
 A remotely-managed tunnel only requires the tunnel token to run. Anyone with access to the token will be able to run the tunnel.
 
@@ -23,7 +23,12 @@ To get the token for a remotely-managed tunnel:
 </TabItem>
 <TabItem label="API">
 
-Make a `GET` request to the [Cloudflare Tunnel token](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/subresources/token/methods/get/) endpoint. The token value can be found in the `result`:
+Make a `GET` request to the [Cloudflare Tunnel token](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/subresources/token/methods/get/) endpoint:
+
+<APIRequest
+  path="/accounts/{account_id}/cfd_tunnel/{tunnel_id}/token"
+  method="GET"
+/>
 
 ```sh output
 {
@@ -34,6 +39,8 @@ Make a `GET` request to the [Cloudflare Tunnel token](/api/resources/zero_trust/
 }
 ```
 
+The token value can be found in the `result`.
+
 </TabItem>
 
 <TabItem label="Terraform (v5)">
@@ -73,16 +80,15 @@ To rotate a tunnel token:
 		```
 
 	2. Make a `PATCH` request to the [Cloudflare Tunnel](/api/resources/zero_trust/subresources/tunnels/methods/edit/) endpoint:
-		```sh
-		curl --request PATCH \
-		https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/$TUNNEL_ID \
-		--header 'Content-Type: application/json' \
-		--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-		--data '{
-			"name": "Example tunnel",
-			"tunnel_secret": "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="
-		}'
-		```
+
+		<APIRequest
+			path="/accounts/{account_id}/cfd_tunnel/{tunnel_id}"
+			method="PATCH"
+			json={{
+				name: "Example tunnel",
+				tunnel_secret: "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg=",
+			}}
+		/>
 
 		```sh output {18}
 		{
@@ -144,11 +150,11 @@ If your tunnel token is compromised, we recommend taking the following steps:
 
 1. Refresh the token using the dashboard or API. Refer to Step 1 of [Rotate a token without service disruption](#rotate-a-token-without-service-disruption).
 2. [Delete all connections](/api/resources/zero_trust/subresources/tunnels/subresources/connections/methods/delete/) between `cloudflared` and Cloudflare:
-	```sh
-	curl --request DELETE \
-	https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/$TUNNEL_ID/connections \
-	--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
-	```
+
+	<APIRequest
+		path="/accounts/{account_id}/cfd_tunnel/{tunnel_id}/connections"
+		method="DELETE"
+	/>
 
 	This will clean up any unauthorized connections and prevent users from connecting to your network.
 

src/content/docs/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api.mdx

@@ -5,11 +5,11 @@ sidebar:
   order: 2
 ---
 
-import { Render } from "~/components";
+import { Render, APIRequest } from "~/components";
 
 Follow this guide to set up a Cloudflare Tunnel using the API.
 
-## 1. Create an API token
+## Create an API token
 
 [Create an API token](/fundamentals/api/get-started/create-token/) with the following permissions:
 
@@ -22,15 +22,14 @@ Follow this guide to set up a Cloudflare Tunnel using the API.
 
 Make a `POST` request to the [Cloudflare Tunnel](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/methods/create/) endpoint:
 
-```sh
-curl 'https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel' \
---header 'Content-Type: application/json' \
---header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
---data '{
-  "name": "api-tunnel",
-  "config_src": "cloudflare"
-}'
-```
+<APIRequest
+  path="/accounts/{account_id}/cfd_tunnel"
+  method="POST"
+  json={{
+    name: "api-tunnel",
+    config_src: "cloudflare",
+  }}
+/>
 
 ```sh output
 {
@@ -76,27 +75,24 @@ Follow these steps to connect an application through your tunnel. If you are loo
 
 1. Make a [`PUT` request](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/subresources/configurations/methods/update/) to route your local service URL to a public hostname. For example,
 
-   ```sh
-   curl --request PUT \
-   'https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/c1744f8b-faa1-48a4-9e5c-02ac921467fa/configurations' \
-   --header 'Content-Type: application/json' \
-   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-   --data '{
-   	"config": {
-   		"ingress": [
-   			{
-   				"hostname": "app.example.com",
-   				"service": "http://localhost:8001",
-   				"originRequest": {}
-   			},
-   			{
-   				"service": "http_status:404"
-   			}
-   		]
-   	}
-   }'
-   ```
-
+		<APIRequest
+			path="/accounts/{account_id}/cfd_tunnel/{tunnel_id}/configurations"
+			method="PUT"
+			json={{
+				config: {
+					ingress: [
+						{
+							hostname: "app.example.com",
+							service: "http://localhost:8001",
+							originRequest: {},
+						},
+						{
+							service: "http_status:404",
+						},
+					],
+				},
+			}}
+		/>
    :::note
    If you add a multi-level subdomain (more than one level of subdomain), you must [order an Advanced Certificate for the hostname](/cloudflare-one/faq/troubleshooting/#i-see-this-site-cant-provide-a-secure-connection).
    :::
@@ -105,17 +101,16 @@ Follow these steps to connect an application through your tunnel. If you are loo
 
 2. [Create a DNS record](/api/resources/dns/subresources/records/methods/create/) for your application:
 
-   ```sh
-   curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records \
-   --header 'Content-Type: application/json' \
-   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-   --data '{
-   	"type": "CNAME",
-   	"proxied": true,
-   	"name": "app.example.com",
-   	"content": "c1744f8b-faa1-48a4-9e5c-02ac921467fa.cfargotunnel.com"
-   }'
-   ```
+		<APIRequest
+			path="/zones/{zone_id}/dns_records"
+			method="POST"
+			json={{
+				type: "CNAME",
+				proxied: true,
+				name: "app.example.com",
+				content: "c1744f8b-faa1-48a4-9e5c-02ac921467fa.cfargotunnel.com",
+			}}
+		/>
 
    This DNS record allows Cloudflare to proxy `app.example.com` traffic to your Cloudflare Tunnel (`<tunnel-id>.cfargotunnel.com`).
 
@@ -125,16 +120,15 @@ This application will be publicly available on the Internet once you [run the tu
 
 To connect a private network through your tunnel, [add a tunnel route](/api/resources/zero_trust/subresources/networks/subresources/routes/methods/create/):
 
-```sh
-curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/teamnet/routes \
---header 'Content-Type: application/json' \
---header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
---data '{
-  "network": "172.16.0.0/16",
-  "tunnel_id": "c1744f8b-faa1-48a4-9e5c-02ac921467fa",
-  "comment": "Example private network route"
-}'
-```
+<APIRequest
+  path="/accounts/{account_id}/teamnet/routes"
+  method="POST"
+  json={{
+    network: "172.16.0.0/16",
+    tunnel_id: "c1744f8b-faa1-48a4-9e5c-02ac921467fa",
+    comment: "Example private network route",
+  }}
+/>
 
 To configure Zero Trust policies and connect as a user, refer to [Connect private networks](/cloudflare-one/connections/connect-networks/private-net/cloudflared/).
 
@@ -148,11 +142,13 @@ Install `cloudflared` on your server and run the tunnel using the `token` value
 
 To check if the tunnel is serving traffic:
 
-```sh
-curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/c1744f8b-faa1-48a4-9e5c-02ac921467fa \
---header 'Content-Type: application/json' \
---header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
-```
+<APIRequest
+  path="/accounts/{account_id}/cfd_tunnel/{tunnel_id}"
+  method="GET"
+  parameters={{
+    tunnel_id: "c1744f8b-faa1-48a4-9e5c-02ac921467fa",
+  }}
+/>
 
 ```sh output
 {

src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx

@@ -6,7 +6,7 @@ sidebar:
   label: SSH with Access for Infrastructure
 ---
 
-import { Tabs, TabItem, Badge, Render } from "~/components";
+import { Tabs, TabItem, Badge, Render, APIRequest } from "~/components";
 
 [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/) provides granular control over how users can connect to your SSH servers. This feature uses the same deployment model as [WARP-to-Tunnel](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-warp-to-tunnel/) but unlocks more policy options and command logging functionality.
 
@@ -121,13 +121,13 @@ Cloudflare will stop logging SSH commands to your targets, as well as any comman
 
 To delete the SSH encryption public key using the [API](/api/resources/zero_trust/subresources/gateway/subresources/audit_ssh_settings/methods/update/):
 
-```sh
-curl --request PUT https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/audit_ssh_settings \
---header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
---data '{
-  "public_key": ""
-}'
-```
+<APIRequest
+  path="/accounts/{account_id}/gateway/audit_ssh_settings"
+  method="PUT"
+  json={{
+    public_key: "",
+  }}
+/>
 
 </TabItem>
 </Tabs>