API Reference

Zero Trust

Access

AI Controls

Mcp

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Servers

List MCP Servers

zero_trust.access.ai_controls.mcp.servers.list(ServerListParams**kwargs) -> SyncV4PagePaginationArray[ServerListResponse]

GET/accounts/{account_id}/access/ai-controls/mcp/servers

Create a new MCP Server

zero_trust.access.ai_controls.mcp.servers.create(ServerCreateParams**kwargs) -> ServerCreateResponse

POST/accounts/{account_id}/access/ai-controls/mcp/servers

Read the details of a MCP Server

zero_trust.access.ai_controls.mcp.servers.read(strid, ServerReadParams**kwargs) -> ServerReadResponse

GET/accounts/{account_id}/access/ai-controls/mcp/servers/{id}

Update a MCP Server

zero_trust.access.ai_controls.mcp.servers.update(strid, ServerUpdateParams**kwargs) -> ServerUpdateResponse

PUT/accounts/{account_id}/access/ai-controls/mcp/servers/{id}

Delete a MCP Server

zero_trust.access.ai_controls.mcp.servers.delete(strid, ServerDeleteParams**kwargs) -> ServerDeleteResponse

DELETE/accounts/{account_id}/access/ai-controls/mcp/servers/{id}

Sync MCP Server Capabilities

zero_trust.access.ai_controls.mcp.servers.sync(strid, ServerSyncParams**kwargs) -> ServerSyncResponse

POST/accounts/{account_id}/access/ai-controls/mcp/servers/{id}/sync

ModelsExpand Collapse

class ServerListResponse: …

id: str

server id

maxLength32

minLength1

auth_type: Literal["oauth", "bearer", "unauthenticated"]

One of the following:

"oauth"

"bearer"

"unauthenticated"

hostname: str

formaturi

name: str

maxLength350

prompts: List[Dict[str, object]]

tools: List[Dict[str, object]]

created_at: Optional[datetime]

formatdate-time

created_by: Optional[str]

description: Optional[str]

maxLength512

error: Optional[str]

error_details: Optional[ErrorDetails]

cause: Optional[str]

Underlying error message

is_upstream: Optional[bool]

True = MCP server returned an error. False = couldn’t reach the server

mcp_code: Optional[float]

MCP protocol error code

retryable: Optional[bool]

Whether the error is transient and worth retrying

status_code: Optional[float]

HTTP status code from the server

is_shared_oauth_callback_enabled: Optional[bool]

When true, the gateway worker uses the shared Cloudflare-owned OAuth callback endpoint as the redirect_uri for upstream on-behalf OAuth, instead of the customer portal hostname. Defaults to false (off); opt in per server by setting true. Effective behavior is gated by the gateway worker’s per-env rollout mode KV key.

last_successful_sync: Optional[datetime]

formatdate-time

last_synced: Optional[datetime]

formatdate-time

modified_at: Optional[datetime]

formatdate-time

modified_by: Optional[str]

secure_web_gateway: Optional[bool]

Route outbound traffic to this MCP server through Zero Trust Secure Web Gateway

status: Optional[str]

updated_prompts: Optional[List[UpdatedPrompt]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

updated_tools: Optional[List[UpdatedTool]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

class ServerCreateResponse: …

id: str

server id

maxLength32

minLength1

auth_type: Literal["oauth", "bearer", "unauthenticated"]

One of the following:

"oauth"

"bearer"

"unauthenticated"

hostname: str

formaturi

name: str

maxLength350

prompts: List[Dict[str, object]]

tools: List[Dict[str, object]]

created_at: Optional[datetime]

formatdate-time

created_by: Optional[str]

description: Optional[str]

maxLength512

error: Optional[str]

error_details: Optional[ErrorDetails]

cause: Optional[str]

Underlying error message

is_upstream: Optional[bool]

True = MCP server returned an error. False = couldn’t reach the server

mcp_code: Optional[float]

MCP protocol error code

retryable: Optional[bool]

Whether the error is transient and worth retrying

status_code: Optional[float]

HTTP status code from the server

is_shared_oauth_callback_enabled: Optional[bool]

When true, the gateway worker uses the shared Cloudflare-owned OAuth callback endpoint as the redirect_uri for upstream on-behalf OAuth, instead of the customer portal hostname. Defaults to false (off); opt in per server by setting true. Effective behavior is gated by the gateway worker’s per-env rollout mode KV key.

last_successful_sync: Optional[datetime]

formatdate-time

last_synced: Optional[datetime]

formatdate-time

modified_at: Optional[datetime]

formatdate-time

modified_by: Optional[str]

secure_web_gateway: Optional[bool]

Route outbound traffic to this MCP server through Zero Trust Secure Web Gateway

status: Optional[str]

updated_prompts: Optional[List[UpdatedPrompt]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

updated_tools: Optional[List[UpdatedTool]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

class ServerReadResponse: …

id: str

server id

maxLength32

minLength1

auth_type: Literal["oauth", "bearer", "unauthenticated"]

One of the following:

"oauth"

"bearer"

"unauthenticated"

hostname: str

formaturi

name: str

maxLength350

prompts: List[Dict[str, object]]

tools: List[Dict[str, object]]

created_at: Optional[datetime]

formatdate-time

created_by: Optional[str]

description: Optional[str]

maxLength512

error: Optional[str]

error_details: Optional[ErrorDetails]

cause: Optional[str]

Underlying error message

is_upstream: Optional[bool]

True = MCP server returned an error. False = couldn’t reach the server

mcp_code: Optional[float]

MCP protocol error code

retryable: Optional[bool]

Whether the error is transient and worth retrying

status_code: Optional[float]

HTTP status code from the server

is_shared_oauth_callback_enabled: Optional[bool]

When true, the gateway worker uses the shared Cloudflare-owned OAuth callback endpoint as the redirect_uri for upstream on-behalf OAuth, instead of the customer portal hostname. Defaults to false (off); opt in per server by setting true. Effective behavior is gated by the gateway worker’s per-env rollout mode KV key.

last_successful_sync: Optional[datetime]

formatdate-time

last_synced: Optional[datetime]

formatdate-time

modified_at: Optional[datetime]

formatdate-time

modified_by: Optional[str]

secure_web_gateway: Optional[bool]

Route outbound traffic to this MCP server through Zero Trust Secure Web Gateway

status: Optional[str]

updated_prompts: Optional[List[UpdatedPrompt]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

updated_tools: Optional[List[UpdatedTool]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

class ServerUpdateResponse: …

id: str

server id

maxLength32

minLength1

auth_type: Literal["oauth", "bearer", "unauthenticated"]

One of the following:

"oauth"

"bearer"

"unauthenticated"

hostname: str

formaturi

name: str

maxLength350

prompts: List[Dict[str, object]]

tools: List[Dict[str, object]]

created_at: Optional[datetime]

formatdate-time

created_by: Optional[str]

description: Optional[str]

maxLength512

error: Optional[str]

error_details: Optional[ErrorDetails]

cause: Optional[str]

Underlying error message

is_upstream: Optional[bool]

True = MCP server returned an error. False = couldn’t reach the server

mcp_code: Optional[float]

MCP protocol error code

retryable: Optional[bool]

Whether the error is transient and worth retrying

status_code: Optional[float]

HTTP status code from the server

is_shared_oauth_callback_enabled: Optional[bool]

When true, the gateway worker uses the shared Cloudflare-owned OAuth callback endpoint as the redirect_uri for upstream on-behalf OAuth, instead of the customer portal hostname. Defaults to false (off); opt in per server by setting true. Effective behavior is gated by the gateway worker’s per-env rollout mode KV key.

last_successful_sync: Optional[datetime]

formatdate-time

last_synced: Optional[datetime]

formatdate-time

modified_at: Optional[datetime]

formatdate-time

modified_by: Optional[str]

secure_web_gateway: Optional[bool]

Route outbound traffic to this MCP server through Zero Trust Secure Web Gateway

status: Optional[str]

updated_prompts: Optional[List[UpdatedPrompt]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

updated_tools: Optional[List[UpdatedTool]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

class ServerDeleteResponse: …

id: str

server id

maxLength32

minLength1

auth_type: Literal["oauth", "bearer", "unauthenticated"]

One of the following:

"oauth"

"bearer"

"unauthenticated"

hostname: str

formaturi

name: str

maxLength350

prompts: List[Dict[str, object]]

tools: List[Dict[str, object]]

created_at: Optional[datetime]

formatdate-time

created_by: Optional[str]

description: Optional[str]

maxLength512

error: Optional[str]

error_details: Optional[ErrorDetails]

cause: Optional[str]

Underlying error message

is_upstream: Optional[bool]

True = MCP server returned an error. False = couldn’t reach the server

mcp_code: Optional[float]

MCP protocol error code

retryable: Optional[bool]

Whether the error is transient and worth retrying

status_code: Optional[float]

HTTP status code from the server

is_shared_oauth_callback_enabled: Optional[bool]

When true, the gateway worker uses the shared Cloudflare-owned OAuth callback endpoint as the redirect_uri for upstream on-behalf OAuth, instead of the customer portal hostname. Defaults to false (off); opt in per server by setting true. Effective behavior is gated by the gateway worker’s per-env rollout mode KV key.

last_successful_sync: Optional[datetime]

formatdate-time

last_synced: Optional[datetime]

formatdate-time

modified_at: Optional[datetime]

formatdate-time

modified_by: Optional[str]

secure_web_gateway: Optional[bool]

Route outbound traffic to this MCP server through Zero Trust Secure Web Gateway

status: Optional[str]

updated_prompts: Optional[List[UpdatedPrompt]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

updated_tools: Optional[List[UpdatedTool]]

name: str

alias: Optional[str]

maxLength40

description: Optional[str]

enabled: Optional[bool]

class ServerSyncResponse: …

error: Optional[str]

error_details: Optional[ErrorDetails]

cause: Optional[str]

Underlying error message

is_upstream: Optional[bool]

True = MCP server returned an error. False = couldn’t reach the server

mcp_code: Optional[float]

MCP protocol error code

retryable: Optional[bool]

Whether the error is transient and worth retrying

status_code: Optional[float]

HTTP status code from the server

status: Optional[str]