API Reference

Zero Trust

Devices

Policies

Default

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Get the default device settings profile

client.ZeroTrust.Devices.Policies.Default.Get(ctx, query) (*DevicePolicyDefaultGetResponse, error)

GET/accounts/{account_id}/devices/policy

Fetches the default device settings profile for an account.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

ParametersExpand Collapse

query DevicePolicyDefaultGetParams

AccountID param.Field[string]

ReturnsExpand Collapse

type DevicePolicyDefaultGetResponse struct{…}

AllowModeSwitch boolOptional

Whether to allow the user to switch WARP between modes.

AllowUpdates boolOptional

Whether to receive update notifications when a new version of the client is available.

AllowedToLeave boolOptional

Whether to allow devices to leave the organization.

AutoConnect float64Optional

The amount of time in seconds to reconnect after having been disabled.

CaptivePortal float64Optional

Turn on the captive portal after the specified amount of time.

Default boolOptional

Whether the policy will be applied to matching devices.

DisableAutoFallback boolOptional

If the dns_server field of a fallback domain is not present, the client will fall back to a best guess of the default/system DNS resolvers unless this policy option is set to true.

DNSSearchSuffixes []DevicePolicyDefaultGetResponseDNSSearchSuffixOptional

List of DNS search suffixes to apply to clients. Suffixes are evaluated in order. Use an empty array to clear.

Suffix string

The DNS search suffix to append when resolving short hostnames.

Description stringOptional

A description of the DNS search suffix.

Enabled boolOptional

Whether the policy will be applied to matching devices.

Exclude []SplitTunnelExcludeOptional

List of routes excluded in the WARP client’s tunnel.

One of the following:

type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithAddress struct{…}

Address string

The address in CIDR format to exclude from the tunnel. If address is present, host must not be present.

Description stringOptional

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

type SplitTunnelExcludeTeamsDevicesExcludeSplitTunnelWithHost struct{…}

Host string

The domain name to exclude from the tunnel. If host is present, address must not be present.

Description stringOptional

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

ExcludeOfficeIPs boolOptional

Whether to add Microsoft IPs to Split Tunnel exclusions.

FallbackDomains []FallbackDomainOptional

Suffix string

The domain suffix to match when resolving locally.

Description stringOptional

A description of the fallback domain, displayed in the client UI.

maxLength100

DNSServer []stringOptional

A list of IP addresses to handle domain resolution.

GatewayUniqueID stringOptional

GlobalAcceleration DevicePolicyDefaultGetResponseGlobalAccelerationOptional

Global Acceleration settings for China. When configured, WARP clients connect to the Global Accelerator addresses instead of the default ones. Please contact your account representative to enable this feature on your account. See https://developers.cloudflare.com/china-network/concepts/global-acceleration/.

APIEndpoints []string

IP:port entries for the API endpoints.

Enabled bool

Global acceleration settings are used only when “enabled”.

MasqueEndpoints []string

IP:port entries for the MASQUE tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided.

WireguardEndpoints []string

IP:port entries for the WireGuard tunnel endpoints. Either wireguard_endpoints or masque_endpoints must be provided.

Include []SplitTunnelIncludeOptional

List of routes included in the WARP client’s tunnel.

One of the following:

type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithAddress struct{…}

Address string

The address in CIDR format to include in the tunnel. If address is present, host must not be present.

Description stringOptional

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

type SplitTunnelIncludeTeamsDevicesIncludeSplitTunnelWithHost struct{…}

Host string

The domain name to include in the tunnel. If host is present, address must not be present.

Description stringOptional

A description of the Split Tunnel item, displayed in the client UI.

maxLength100

PolicyID stringOptional

maxLength36

RegisterInterfaceIPWithDNS boolOptional

Determines if the operating system will register WARP’s local interface IP with your on-premises DNS server.

SccmVpnBoundarySupport boolOptional

Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).

ServiceModeV2 DevicePolicyDefaultGetResponseServiceModeV2Optional

Mode stringOptional

The mode to run the WARP client under.

Port float64Optional

The port number when used with proxy mode.

SupportURL stringOptional

The URL to launch when the Send Feedback button is clicked.

SwitchLocked boolOptional

Whether to allow the user to turn off the WARP switch and disconnect the client.

TunnelProtocol stringOptional

Determines which tunnel protocol to use.

VirtualNetworks DevicePolicyDefaultGetResponseVirtualNetworksOptional

Virtual network access settings for the device.

Allowed []string

List of virtual network IDs the device is allowed to access. When virtual_networks is set, at least one entry is required.

Default string

The default virtual network ID. Must be included in the allowed list.

formatuuid

Get the default device settings profile

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/stainless-sdks/cloudflare-go"
  "github.com/stainless-sdks/cloudflare-go/option"
  "github.com/stainless-sdks/cloudflare-go/zero_trust"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  default_, err := client.ZeroTrust.Devices.Policies.Default.Get(context.TODO(), zero_trust.DevicePolicyDefaultGetParams{
    AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", default_.GatewayUniqueID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "allow_mode_switch": true,
    "allow_updates": true,
    "allowed_to_leave": true,
    "auto_connect": 0,
    "captive_portal": 180,
    "default": true,
    "disable_auto_fallback": true,
    "dns_search_suffixes": [
      {
        "suffix": "internal.corp",
        "description": "Example internal domains"
      }
    ],
    "enabled": true,
    "exclude": [
      {
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel"
      }
    ],
    "exclude_office_ips": true,
    "fallback_domains": [
      {
        "suffix": "example.com",
        "description": "Domain bypass for local development",
        "dns_server": [
          "1.1.1.1"
        ]
      }
    ],
    "gateway_unique_id": "699d98642c564d2e855e9661899b7252",
    "global_acceleration": {
      "api_endpoints": [
        "198.51.100.1:443"
      ],
      "enabled": true,
      "masque_endpoints": [
        "198.51.100.1:443"
      ],
      "wireguard_endpoints": [
        "198.51.100.1:2408"
      ]
    },
    "include": [
      {
        "address": "192.0.2.0/24",
        "description": "Include testing domains in the tunnel"
      }
    ],
    "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "register_interface_ip_with_dns": true,
    "sccm_vpn_boundary_support": false,
    "service_mode_v2": {
      "mode": "proxy",
      "port": 3000
    },
    "support_url": "https://1.1.1.1/help",
    "switch_locked": true,
    "tunnel_protocol": "wireguard",
    "virtual_networks": {
      "allowed": [
        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
      ],
      "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
    }
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "allow_mode_switch": true,
    "allow_updates": true,
    "allowed_to_leave": true,
    "auto_connect": 0,
    "captive_portal": 180,
    "default": true,
    "disable_auto_fallback": true,
    "dns_search_suffixes": [
      {
        "suffix": "internal.corp",
        "description": "Example internal domains"
      }
    ],
    "enabled": true,
    "exclude": [
      {
        "address": "192.0.2.0/24",
        "description": "Exclude testing domains from the tunnel"
      }
    ],
    "exclude_office_ips": true,
    "fallback_domains": [
      {
        "suffix": "example.com",
        "description": "Domain bypass for local development",
        "dns_server": [
          "1.1.1.1"
        ]
      }
    ],
    "gateway_unique_id": "699d98642c564d2e855e9661899b7252",
    "global_acceleration": {
      "api_endpoints": [
        "198.51.100.1:443"
      ],
      "enabled": true,
      "masque_endpoints": [
        "198.51.100.1:443"
      ],
      "wireguard_endpoints": [
        "198.51.100.1:2408"
      ]
    },
    "include": [
      {
        "address": "192.0.2.0/24",
        "description": "Include testing domains in the tunnel"
      }
    ],
    "policy_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "register_interface_ip_with_dns": true,
    "sccm_vpn_boundary_support": false,
    "service_mode_v2": {
      "mode": "proxy",
      "port": 3000
    },
    "support_url": "https://1.1.1.1/help",
    "switch_locked": true,
    "tunnel_protocol": "wireguard",
    "virtual_networks": {
      "allowed": [
        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
      ],
      "default": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
    }
  },
  "success": true
}