Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Access
Applications
Policy Tests

Start Access policy test

client.ZeroTrust.Access.Applications.PolicyTests.New(ctx, params) (*AccessApplicationPolicyTestNewResponse, error)
POST/accounts/{account_id}/access/policy-tests

Starts an Access policy test.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Access: Policy Test Write
ParametersExpand Collapse
params AccessApplicationPolicyTestNewParams
AccountID param.Field[string]

Path param: Identifier.

maxLength32
Policies param.Field[[]AccessApplicationPolicyTestNewParamsPolicyUnion]Optional

Body param

type AccessApplicationPolicyTestNewParamsPoliciesObject struct{…}
Decision Decision

The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action.

One of the following:
const DecisionAllow Decision = "allow"
const DecisionDeny Decision = "deny"
const DecisionNonIdentity Decision = "non_identity"
const DecisionBypass Decision = "bypass"
Include []AccessRule

Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.

One of the following:
type GroupRule struct{…}

Matches an Access group.

Group GroupRuleGroup
ID string

The ID of a previously created Access group.

type AnyValidServiceTokenRule struct{…}

Matches any valid Access Service Token

AnyValidServiceToken AnyValidServiceTokenRuleAnyValidServiceToken

An empty object which matches on all service tokens.

type AccessRuleAccessAuthContextRule struct{…}

Matches an Azure Authentication Context. Requires an Azure identity provider.

AuthContext AccessRuleAccessAuthContextRuleAuthContext
ID string

The ID of an Authentication context.

AcID string

The ACID of an Authentication context.

IdentityProviderID string

The ID of your Azure identity provider.

type AuthenticationMethodRule struct{…}

Enforce different MFA options

AuthMethod AuthenticationMethodRuleAuthMethod
AuthMethod string

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

type AzureGroupRule struct{…}

Matches an Azure group. Requires an Azure identity provider.

AzureAD AzureGroupRuleAzureAD
ID string

The ID of an Azure group.

IdentityProviderID string

The ID of your Azure identity provider.

type CertificateRule struct{…}

Matches any valid client certificate.

Certificate CertificateRuleCertificate
type AccessRuleAccessCommonNameRule struct{…}

Matches a specific common name.

CommonName AccessRuleAccessCommonNameRuleCommonName
CommonName string

The common name to match.

type CountryRule struct{…}

Matches a specific country

Geo CountryRuleGeo
CountryCode string

The country code that should be matched.

type AccessDevicePostureRule struct{…}

Enforces a device posture rule has run successfully

DevicePosture AccessDevicePostureRuleDevicePosture
IntegrationUID string

The ID of a device posture integration.

type DomainRule struct{…}

Match an entire email domain.

EmailDomain DomainRuleEmailDomain
Domain string

The email domain to match.

type EmailListRule struct{…}

Matches an email address from a list.

EmailList EmailListRuleEmailList
ID string

The ID of a previously created email list.

type EmailRule struct{…}

Matches a specific email.

Email EmailRuleEmail
Email string

The email of the user.

formatemail
type EveryoneRule struct{…}

Matches everyone.

Everyone EveryoneRuleEveryone

An empty object which matches on all users.

type ExternalEvaluationRule struct{…}

Create Allow or Block policies which evaluate the user based on custom criteria.

ExternalEvaluation ExternalEvaluationRuleExternalEvaluation
EvaluateURL string

The API endpoint containing your business logic.

KeysURL string

The API endpoint containing the key that Access uses to verify that the response came from your API.

type GitHubOrganizationRule struct{…}

Matches a Github organization. Requires a Github identity provider.

GitHubOrganization GitHubOrganizationRuleGitHubOrganization
IdentityProviderID string

The ID of your Github identity provider.

Name string

The name of the organization.

Team stringOptional

The name of the team

type GSuiteGroupRule struct{…}

Matches a group in Google Workspace. Requires a Google Workspace identity provider.

GSuite GSuiteGroupRuleGSuite
Email string

The email of the Google Workspace group.

IdentityProviderID string

The ID of your Google Workspace identity provider.

type AccessRuleAccessLoginMethodRule struct{…}

Matches a specific identity provider id.

LoginMethod AccessRuleAccessLoginMethodRuleLoginMethod
ID string

The ID of an identity provider.

type IPListRule struct{…}

Matches an IP address from a list.

IPList IPListRuleIPList
ID string

The ID of a previously created IP list.

type IPRule struct{…}

Matches an IP address block.

IP IPRuleIP
IP string

An IPv4 or IPv6 CIDR block.

type OktaGroupRule struct{…}

Matches an Okta group. Requires an Okta identity provider.

Okta OktaGroupRuleOkta
IdentityProviderID string

The ID of your Okta identity provider.

Name string

The name of the Okta group.

type SAMLGroupRule struct{…}

Matches a SAML group. Requires a SAML identity provider.

SAML SAMLGroupRuleSAML
AttributeName string

The name of the SAML attribute.

AttributeValue string

The SAML attribute value to look for.

IdentityProviderID string

The ID of your SAML identity provider.

type AccessRuleAccessOIDCClaimRule struct{…}

Matches an OIDC claim. Requires an OIDC identity provider.

OIDC AccessRuleAccessOIDCClaimRuleOIDC
ClaimName string

The name of the OIDC claim.

ClaimValue string

The OIDC claim value to look for.

IdentityProviderID string

The ID of your OIDC identity provider.

type ServiceTokenRule struct{…}

Matches a specific Access Service Token

ServiceToken ServiceTokenRuleServiceToken
TokenID string

The ID of a Service Token.

type AccessRuleAccessLinkedAppTokenRule struct{…}

Matches OAuth 2.0 access tokens issued by the specified Access OIDC SaaS application. Only compatible with non_identity and bypass decisions.

LinkedAppToken AccessRuleAccessLinkedAppTokenRuleLinkedAppToken
AppUID string

The ID of an Access OIDC SaaS application

type AccessRuleAccessUserRiskScoreRule struct{…}

Matches a user’s risk score.

UserRiskScore AccessRuleAccessUserRiskScoreRuleUserRiskScore
UserRiskScore []AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore

A list of risk score levels to match. Values can be low, medium, high, or unscored.

One of the following:
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreLow AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "low"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreMedium AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "medium"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreHigh AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "high"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreUnscored AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "unscored"
type AccessRuleAccessCloudflareAccountMemberRule struct{…}

Matches users who are members of a specific Cloudflare account. Requires a Cloudflare identity provider.

CloudflareAccountMember AccessRuleAccessCloudflareAccountMemberRuleCloudflareAccountMember
AccountID stringOptional

Identifier.

maxLength32
Name string

The name of the Access policy.

ApprovalGroups []ApprovalGroupOptional

Administrators who can approve a temporary authentication request.

ApprovalsNeeded float64

The number of approvals needed to obtain access.

minimum0
EmailAddresses []stringOptional

A list of emails that can approve the access request.

EmailListUUID stringOptional

The UUID of an re-usable email list.

ApprovalRequired boolOptional

Requires the user to request access from an administrator at the start of each session.

ConnectionRules AccessApplicationPolicyTestNewParamsPoliciesObjectConnectionRulesOptional

The rules that define how users may connect to targets secured by your application.

RDP AccessApplicationPolicyTestNewParamsPoliciesObjectConnectionRulesRDPOptional

The RDP-specific rules that define clipboard behavior for RDP connections.

AllowedClipboardLocalToRemoteFormats []AccessApplicationPolicyTestNewParamsPoliciesObjectConnectionRulesRDPAllowedClipboardLocalToRemoteFormatOptional

Clipboard formats allowed when copying from local machine to remote RDP session.

AllowedClipboardRemoteToLocalFormats []AccessApplicationPolicyTestNewParamsPoliciesObjectConnectionRulesRDPAllowedClipboardRemoteToLocalFormatOptional

Clipboard formats allowed when copying from remote RDP session to local machine.

Exclude []AccessRuleOptional

Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.

One of the following:
type GroupRule struct{…}

Matches an Access group.

Group GroupRuleGroup
ID string

The ID of a previously created Access group.

type AnyValidServiceTokenRule struct{…}

Matches any valid Access Service Token

AnyValidServiceToken AnyValidServiceTokenRuleAnyValidServiceToken

An empty object which matches on all service tokens.

type AccessRuleAccessAuthContextRule struct{…}

Matches an Azure Authentication Context. Requires an Azure identity provider.

AuthContext AccessRuleAccessAuthContextRuleAuthContext
ID string

The ID of an Authentication context.

AcID string

The ACID of an Authentication context.

IdentityProviderID string

The ID of your Azure identity provider.

type AuthenticationMethodRule struct{…}

Enforce different MFA options

AuthMethod AuthenticationMethodRuleAuthMethod
AuthMethod string

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

type AzureGroupRule struct{…}

Matches an Azure group. Requires an Azure identity provider.

AzureAD AzureGroupRuleAzureAD
ID string

The ID of an Azure group.

IdentityProviderID string

The ID of your Azure identity provider.

type CertificateRule struct{…}

Matches any valid client certificate.

Certificate CertificateRuleCertificate
type AccessRuleAccessCommonNameRule struct{…}

Matches a specific common name.

CommonName AccessRuleAccessCommonNameRuleCommonName
CommonName string

The common name to match.

type CountryRule struct{…}

Matches a specific country

Geo CountryRuleGeo
CountryCode string

The country code that should be matched.

type AccessDevicePostureRule struct{…}

Enforces a device posture rule has run successfully

DevicePosture AccessDevicePostureRuleDevicePosture
IntegrationUID string

The ID of a device posture integration.

type DomainRule struct{…}

Match an entire email domain.

EmailDomain DomainRuleEmailDomain
Domain string

The email domain to match.

type EmailListRule struct{…}

Matches an email address from a list.

EmailList EmailListRuleEmailList
ID string

The ID of a previously created email list.

type EmailRule struct{…}

Matches a specific email.

Email EmailRuleEmail
Email string

The email of the user.

formatemail
type EveryoneRule struct{…}

Matches everyone.

Everyone EveryoneRuleEveryone

An empty object which matches on all users.

type ExternalEvaluationRule struct{…}

Create Allow or Block policies which evaluate the user based on custom criteria.

ExternalEvaluation ExternalEvaluationRuleExternalEvaluation
EvaluateURL string

The API endpoint containing your business logic.

KeysURL string

The API endpoint containing the key that Access uses to verify that the response came from your API.

type GitHubOrganizationRule struct{…}

Matches a Github organization. Requires a Github identity provider.

GitHubOrganization GitHubOrganizationRuleGitHubOrganization
IdentityProviderID string

The ID of your Github identity provider.

Name string

The name of the organization.

Team stringOptional

The name of the team

type GSuiteGroupRule struct{…}

Matches a group in Google Workspace. Requires a Google Workspace identity provider.

GSuite GSuiteGroupRuleGSuite
Email string

The email of the Google Workspace group.

IdentityProviderID string

The ID of your Google Workspace identity provider.

type AccessRuleAccessLoginMethodRule struct{…}

Matches a specific identity provider id.

LoginMethod AccessRuleAccessLoginMethodRuleLoginMethod
ID string

The ID of an identity provider.

type IPListRule struct{…}

Matches an IP address from a list.

IPList IPListRuleIPList
ID string

The ID of a previously created IP list.

type IPRule struct{…}

Matches an IP address block.

IP IPRuleIP
IP string

An IPv4 or IPv6 CIDR block.

type OktaGroupRule struct{…}

Matches an Okta group. Requires an Okta identity provider.

Okta OktaGroupRuleOkta
IdentityProviderID string

The ID of your Okta identity provider.

Name string

The name of the Okta group.

type SAMLGroupRule struct{…}

Matches a SAML group. Requires a SAML identity provider.

SAML SAMLGroupRuleSAML
AttributeName string

The name of the SAML attribute.

AttributeValue string

The SAML attribute value to look for.

IdentityProviderID string

The ID of your SAML identity provider.

type AccessRuleAccessOIDCClaimRule struct{…}

Matches an OIDC claim. Requires an OIDC identity provider.

OIDC AccessRuleAccessOIDCClaimRuleOIDC
ClaimName string

The name of the OIDC claim.

ClaimValue string

The OIDC claim value to look for.

IdentityProviderID string

The ID of your OIDC identity provider.

type ServiceTokenRule struct{…}

Matches a specific Access Service Token

ServiceToken ServiceTokenRuleServiceToken
TokenID string

The ID of a Service Token.

type AccessRuleAccessLinkedAppTokenRule struct{…}

Matches OAuth 2.0 access tokens issued by the specified Access OIDC SaaS application. Only compatible with non_identity and bypass decisions.

LinkedAppToken AccessRuleAccessLinkedAppTokenRuleLinkedAppToken
AppUID string

The ID of an Access OIDC SaaS application

type AccessRuleAccessUserRiskScoreRule struct{…}

Matches a user’s risk score.

UserRiskScore AccessRuleAccessUserRiskScoreRuleUserRiskScore
UserRiskScore []AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore

A list of risk score levels to match. Values can be low, medium, high, or unscored.

One of the following:
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreLow AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "low"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreMedium AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "medium"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreHigh AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "high"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreUnscored AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "unscored"
type AccessRuleAccessCloudflareAccountMemberRule struct{…}

Matches users who are members of a specific Cloudflare account. Requires a Cloudflare identity provider.

CloudflareAccountMember AccessRuleAccessCloudflareAccountMemberRuleCloudflareAccountMember
AccountID stringOptional

Identifier.

maxLength32
IsolationRequired boolOptional

Require this application to be served in an isolated browser for users matching this policy. ‘Client Web Isolation’ must be on for the account in order to use this feature.

MfaConfig AccessApplicationPolicyTestNewParamsPoliciesObjectMfaConfigOptional

Configures multi-factor authentication (MFA) settings.

AllowedAuthenticators []AccessApplicationPolicyTestNewParamsPoliciesObjectMfaConfigAllowedAuthenticatorOptional

Lists the MFA methods that users can authenticate with.

One of the following:
const AccessApplicationPolicyTestNewParamsPoliciesObjectMfaConfigAllowedAuthenticatorTotp AccessApplicationPolicyTestNewParamsPoliciesObjectMfaConfigAllowedAuthenticator = "totp"
const AccessApplicationPolicyTestNewParamsPoliciesObjectMfaConfigAllowedAuthenticatorBiometrics AccessApplicationPolicyTestNewParamsPoliciesObjectMfaConfigAllowedAuthenticator = "biometrics"
const AccessApplicationPolicyTestNewParamsPoliciesObjectMfaConfigAllowedAuthenticatorSecurityKey AccessApplicationPolicyTestNewParamsPoliciesObjectMfaConfigAllowedAuthenticator = "security_key"
MfaDisabled boolOptional

Indicates whether to disable MFA for this resource. This option is available at the application and policy level.

SessionDuration stringOptional

Defines the duration of an MFA session. Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days). Examples:5m or 24h.

PurposeJustificationPrompt stringOptional

A custom message that will appear on the purpose justification screen.

PurposeJustificationRequired boolOptional

Require users to enter a justification when they log in to the application.

Require []AccessRuleOptional

Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.

One of the following:
type GroupRule struct{…}

Matches an Access group.

Group GroupRuleGroup
ID string

The ID of a previously created Access group.

type AnyValidServiceTokenRule struct{…}

Matches any valid Access Service Token

AnyValidServiceToken AnyValidServiceTokenRuleAnyValidServiceToken

An empty object which matches on all service tokens.

type AccessRuleAccessAuthContextRule struct{…}

Matches an Azure Authentication Context. Requires an Azure identity provider.

AuthContext AccessRuleAccessAuthContextRuleAuthContext
ID string

The ID of an Authentication context.

AcID string

The ACID of an Authentication context.

IdentityProviderID string

The ID of your Azure identity provider.

type AuthenticationMethodRule struct{…}

Enforce different MFA options

AuthMethod AuthenticationMethodRuleAuthMethod
AuthMethod string

The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2.

type AzureGroupRule struct{…}

Matches an Azure group. Requires an Azure identity provider.

AzureAD AzureGroupRuleAzureAD
ID string

The ID of an Azure group.

IdentityProviderID string

The ID of your Azure identity provider.

type CertificateRule struct{…}

Matches any valid client certificate.

Certificate CertificateRuleCertificate
type AccessRuleAccessCommonNameRule struct{…}

Matches a specific common name.

CommonName AccessRuleAccessCommonNameRuleCommonName
CommonName string

The common name to match.

type CountryRule struct{…}

Matches a specific country

Geo CountryRuleGeo
CountryCode string

The country code that should be matched.

type AccessDevicePostureRule struct{…}

Enforces a device posture rule has run successfully

DevicePosture AccessDevicePostureRuleDevicePosture
IntegrationUID string

The ID of a device posture integration.

type DomainRule struct{…}

Match an entire email domain.

EmailDomain DomainRuleEmailDomain
Domain string

The email domain to match.

type EmailListRule struct{…}

Matches an email address from a list.

EmailList EmailListRuleEmailList
ID string

The ID of a previously created email list.

type EmailRule struct{…}

Matches a specific email.

Email EmailRuleEmail
Email string

The email of the user.

formatemail
type EveryoneRule struct{…}

Matches everyone.

Everyone EveryoneRuleEveryone

An empty object which matches on all users.

type ExternalEvaluationRule struct{…}

Create Allow or Block policies which evaluate the user based on custom criteria.

ExternalEvaluation ExternalEvaluationRuleExternalEvaluation
EvaluateURL string

The API endpoint containing your business logic.

KeysURL string

The API endpoint containing the key that Access uses to verify that the response came from your API.

type GitHubOrganizationRule struct{…}

Matches a Github organization. Requires a Github identity provider.

GitHubOrganization GitHubOrganizationRuleGitHubOrganization
IdentityProviderID string

The ID of your Github identity provider.

Name string

The name of the organization.

Team stringOptional

The name of the team

type GSuiteGroupRule struct{…}

Matches a group in Google Workspace. Requires a Google Workspace identity provider.

GSuite GSuiteGroupRuleGSuite
Email string

The email of the Google Workspace group.

IdentityProviderID string

The ID of your Google Workspace identity provider.

type AccessRuleAccessLoginMethodRule struct{…}

Matches a specific identity provider id.

LoginMethod AccessRuleAccessLoginMethodRuleLoginMethod
ID string

The ID of an identity provider.

type IPListRule struct{…}

Matches an IP address from a list.

IPList IPListRuleIPList
ID string

The ID of a previously created IP list.

type IPRule struct{…}

Matches an IP address block.

IP IPRuleIP
IP string

An IPv4 or IPv6 CIDR block.

type OktaGroupRule struct{…}

Matches an Okta group. Requires an Okta identity provider.

Okta OktaGroupRuleOkta
IdentityProviderID string

The ID of your Okta identity provider.

Name string

The name of the Okta group.

type SAMLGroupRule struct{…}

Matches a SAML group. Requires a SAML identity provider.

SAML SAMLGroupRuleSAML
AttributeName string

The name of the SAML attribute.

AttributeValue string

The SAML attribute value to look for.

IdentityProviderID string

The ID of your SAML identity provider.

type AccessRuleAccessOIDCClaimRule struct{…}

Matches an OIDC claim. Requires an OIDC identity provider.

OIDC AccessRuleAccessOIDCClaimRuleOIDC
ClaimName string

The name of the OIDC claim.

ClaimValue string

The OIDC claim value to look for.

IdentityProviderID string

The ID of your OIDC identity provider.

type ServiceTokenRule struct{…}

Matches a specific Access Service Token

ServiceToken ServiceTokenRuleServiceToken
TokenID string

The ID of a Service Token.

type AccessRuleAccessLinkedAppTokenRule struct{…}

Matches OAuth 2.0 access tokens issued by the specified Access OIDC SaaS application. Only compatible with non_identity and bypass decisions.

LinkedAppToken AccessRuleAccessLinkedAppTokenRuleLinkedAppToken
AppUID string

The ID of an Access OIDC SaaS application

type AccessRuleAccessUserRiskScoreRule struct{…}

Matches a user’s risk score.

UserRiskScore AccessRuleAccessUserRiskScoreRuleUserRiskScore
UserRiskScore []AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore

A list of risk score levels to match. Values can be low, medium, high, or unscored.

One of the following:
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreLow AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "low"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreMedium AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "medium"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreHigh AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "high"
const AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScoreUnscored AccessRuleAccessUserRiskScoreRuleUserRiskScoreUserRiskScore = "unscored"
type AccessRuleAccessCloudflareAccountMemberRule struct{…}

Matches users who are members of a specific Cloudflare account. Requires a Cloudflare identity provider.

CloudflareAccountMember AccessRuleAccessCloudflareAccountMemberRuleCloudflareAccountMember
AccountID stringOptional

Identifier.

maxLength32
SessionDuration stringOptional

The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.

UnionString
ReturnsExpand Collapse
type AccessApplicationPolicyTestNewResponse struct{…}
ID stringOptional

The UUID of the policy test.

maxLength64
Status AccessApplicationPolicyTestNewResponseStatusOptional

The status of the policy test request.

Start Access policy test

package main

import (
  "context"
  "fmt"

  "github.com/stainless-sdks/cloudflare-go"
  "github.com/stainless-sdks/cloudflare-go/option"
  "github.com/stainless-sdks/cloudflare-go/zero_trust"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  policyTest, err := client.ZeroTrust.Access.Applications.PolicyTests.New(context.TODO(), zero_trust.AccessApplicationPolicyTestNewParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", policyTest.ID)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "f1a8b3c9d4e5f6789a0b1c2d3e4f5678a9b0c1d2e3f4a5b67890c1d2e3f4b5a6",
    "status": "success"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "f1a8b3c9d4e5f6789a0b1c2d3e4f5678a9b0c1d2e3f4a5b67890c1d2e3f4b5a6",
    "status": "success"
  }
}