Updating a Cloudflare Gateway Network via API

Cloudflare Gateway is part of the Cloudflare One platform and helps organizations apply security policies to internet-bound traffic. You can update Gateway configurations programmatically via the Cloudflare API, which is especially useful for automation or managing large environments.

This post will walk you through how to update a Gateway configuration using the Cloudflare API, including how to find the required IDs.

📌 What You Need

To perform the update, you’ll need the following:

  • ✅ A valid API token with appropriate permissions
  • ✅ Your Cloudflare account ID
  • ✅ The Gateway configuration ID
  • ✅ The IP network(s) you want to associate

🛡️ Token Permissions

Ensure your API token includes these scopes:

  • Account Settings: Read
  • Gateway Configurations: Edit

You can define a custom token with least-privilege access from your Cloudflare API Tokens dashboard.

🔍 How to Find the Required IDs

1. Cloudflare Account ID

To find your Account ID, go to the Cloudflare dashboard:

  • Click on your account name in the left-hand menu
  • Select “Overview”
  • Your Account ID is displayed on that page

Or use the API:

curl -X GET "https://api.cloudflare.com/client/v4/accounts" \
  -H "Authorization: Bearer <api_token>" \
  -H "Content-Type: application/json"

2. Gateway Configuration ID

To list your existing Gateway configurations and get their IDs:

curl -X GET "https://api.cloudflare.com/client/v4/accounts/<account_id>/gateway/configurations" \
  -H "Authorization: Bearer <api_token>" \
  -H "Content-Type: application/json"

This will return a list of existing Gateway configurations, including the id, name, and other metadata.

🔄 Updating a Gateway Configuration

Once you have the IDs, you can update the configuration using this curl command:

curl https://api.cloudflare.com/client/v4/accounts/<account_id>/gateway/configurations/<config_id> \
    -X PUT \
    -H 'Content-Type: application/json' \
    -H "Authorization: Bearer <api_token>" \
    -d '{
      "id": "<config_id>",
      "name": "jeff",
      "client_default": true,
      "networks": [
        {
          "network": "16.266.45.94/32"
        }
      ]
    }'

🔍 Payload Explained

  • id: The Gateway config ID you’re updating
  • name: Descriptive name for this config
  • client_default: Whether this should be the default config for clients
  • networks: An array of IPs/CIDRs for this policy to apply to

✅ Successful Update

A successful response should look like:

{
  "success": true,
  "result": {
    "id": "b2586c0447ssbssdc37xf7f09a874146f87",
    "name": "jeff",
    ...
  }
}

Final Thoughts

Automating Gateway configuration updates via the Cloudflare API is a smart way to maintain security posture and respond quickly to changes. By knowing where to find your account and config IDs, you can script changes and keep environments tightly managed.