Cloudflare API v4 Deprecations

This endpoint and its related APIs are deprecated in favor of the /accounts equivalent APIs, which have a broader range of features and are backwards compatible with these API.

GET organizations/:identifier

PATCH organizations/:identifier

GET organizations/:organization_identifier/invites

POST organizations/:organization_identifier/invites

GET organizations/:organization_identifier/invites/:identifier

PATCH organizations/:organization_identifier/invites/:identifier

DELETE organizations/:organization_identifier/invites/:identifier

GET organizations/:organization_identifier/members

GET organizations/:organization_identifier/members/:identifier

PATCH organizations/:organization_identifier/members/:identifier

DELETE organizations/:organization_identifier/members/:identifier

GET organizations/:organization_identifier/roles

GET organizations/:organization_identifier/roles/:identifier

GET organizations/:organization_identifier/audit_logs

GET organizations/:organization_identifier/railguns

POST organizations/:organization_identifier/railguns

GET organizations/:organization_identifier/railguns/:identifier

PATCH organizations/:organization_identifier/railguns/:identifier

DELETE organizations/:organization_identifier/railguns/:identifier

GET organizations/:organization_identifier/railguns/:identifier/zones

In mid 2020, we introduced cf-request-id, an experimental HTTP header. This header was present on requests sent to origins and returned in responses to eyeballs (users). After careful evaluation, we decided to remove the cf-request-id header.

Effective today, cf-request-id is deprecated but will remain in place until July 1, 2021. After this date, the header will no longer be present on requests and responses. If you require an identifier for requests, we recommend using the CF-RAY header.

In preparation of the header’s removal, we will perform a test-run on June 15, 2021. The cf-request-id header will not be present from 15:00 UTC to 23:00 UTC. After this time, it will be present until its full removal on July 1.

Previously, RFC2616 allowed the use of Transfer-Encoding and Content-Length in request headers at the same time. RFC7230 supersedes RFC2616 and prohibits the use of Transfer-Encoding and Content-Length in request headers at the same time because they can cause HTTP request smuggling vulnerabilities.

Starting on March 31 2023, Cloudflare will decline requests with both Transfer-Encoding and Content-Length in request headers.

The __cfduid cookie was set on Cloudflare HTTP responses and was used for providing critical performance and security services on behalf of our customers. Now, we are working to transition our security services to not depend on this cookie. You can read more about this change on our blog: https://blog.cloudflare.com/deprecating-cfduid-cookie/

On 8 April, we will temporarily remove the cfduid cookie for about 12 hours after 16:00 UTC.

Starting on 10 May 2021, we will permanently stop adding a “Set-Cookie” header on all HTTP responses. The last __cfduid cookies will expire 30 days after that.

Please use the new GraphQL Analytics API instead: https://developers.cloudflare.com/analytics/graphql-api/. It provides equivalent data and more features, including the ability to select only the metrics you need. Migration guide: https://developers.cloudflare.com/analytics/migration-guides/zone-analytics/.

GET zones/:zone_identifier/analytics/dashboard

GET zones/:zone_identifier/analytics/colos

This endpoint and its related APIs are deprecated in favor of the /accounts equivalent APIs. These APIs are for use with the previously limited single-script zones.

GET zones/:zone_identifier/workers/script

DELETE zones/:zone_identifier/workers/script

PUT zones/:zone_identifier/workers/script

This endpoint and its related APIs are deprecated in favor of the /accounts equivalent APIs. These APIs are for use with the previously limited single-script zones.

GET zones/:zone_identifier/workers/script/bindings

This endpoint and its related APIs are deprecated in favor of the /routes equivalent APIs. These APIs are for use with the previously limited single-script zones.

GET zones/:zone_id/workers/filters

PUT zones/:zone_id/workers/filters/:filter_id

DELETE zones/:zone_id/workers/filters/:filter_id

POST zones/:zone_id/workers/filters

Please replace "script_monitor" in Page Shield API routes with "page_shield".

This endpoint is deprecated in favor of using a specialized Access Application App Type.

GET accounts/:identifier/access/bookmarks

GET accounts/:identifier/access/bookmarks/:uuid

POST accounts/:identifier/access/bookmarks/:uuid

PUT accounts/:identifier/access/bookmarks/:uuid

DELETE accounts/:identifier/access/bookmarks/:uuid

This endpoint and its related APIs are deprecated in favor of the equivalent Cloudflare Tunnel APIs.

GET accounts/:account_identifier/tunnels

POST accounts/:account_identifier/tunnels

GET accounts/:account_identifier/tunnels/:tunnel_id

DELETE accounts/:account_identifier/tunnels/:tunnel_id

DELETE accounts/:account_identifier/tunnels/:tunnel_id/connections