Add public host name to tunnel via API

I have been searching through the Cloudflare API to find an endpoint to add a public host to an existing tunnel. Is there such an endpoint? I want to automate adding public hosts to a tunnel. Thanks.

Perhaps this is what you’re looking for? Cloudflare API v4 Documentation

I would recommend avoiding the new API docs for now and use an older mirror - the code samples, search, authentication recommendations, etc. are not great, and in some cases actually harmful on the new ones. If you search the previous link I provided for “tunnel” in the top left, hopefully you can find what you need.

1 Like

Thanks for the link to the new documentation but I still can’t find it. I then realized that I was going about it wrong. The solution seems to be to create the DNS record directly and use the tunnel as the target (ie. I will try this out a little later.


Unfortunately creating a public host by directly creating the DNS record didn’t work. I opened a support ticket a few days ago but I haven’t heard anything. Still looking for a way to add a public host to a tunnel via API or CLI call… :frowning:

@alan.lawson Did you find any solution? I’m searching for the same thing. API or directly in CLI.

1 Like

I haven’t tried it out but I came to the conclusion that the PUT Tunnel Configuration call was the way to go. I had been hoping to find a call to that would add an individual public host but there is no such call so the solution seems to be to GET the whole configuration (with all the public hosts), add the new one to the array, and use the PUT Configuration call to update the entire list all at once. Let me know if it works for you.


When I manually create the public host the platform automatically creates a dns record. I’ve tested using PUT here and it didn’t created the DNS automaticaly. Is the same with you?
I’ve noticed that there is an API for create DNS too.

A lot of times you can look at what the Dashboard does (inspect network requests) as a good starting point.
The Zero Trust Dashboard does the exact same thing, PUTs the entire configuration, manually creates the DNS Record. The Public API mirrors this. Fundementally the config is just the same normal cloudflared config, but in json instead of yaml, which is pushed down to the tunnel automagically on updates.

Yea, just create the DNS record via that API, just a simple proxied CNAME to your tunnel


For anyone looking to accomplish this, here are the following APIs I was able to get to work. I’m creating a k8s operator to automatically create and delete entries, If I post it on github I’ll be sure to update this thread with the repo.

Required Variables:

  • cf_api_token
  • cf_account_id
  • cf_zone_id
  • cf_tunnel_id

Get tunnel config:

curl '{cf_account_id}/cfd_tunnel/{cf_tunnel_id}/configurations' \
-H "Authorization: Bearer {cf_api_token}"

Put tunnel config (add/remove):
Modify updated_config from the above API result.

curl '{cf_account_id}/cfd_tunnel/{cf_tunnel_id}/configurations' \
-H "Authorization: Bearer {cf_api_token}" \
-H 'Content-Type: application/json' \
-X PUT --data-raw '{updated_config}'

Create DNS record:

curl '{cf_zone_id}/dns_records' -X POST \
-H "Authorization: Bearer {cf_api_token}" \
--data-raw '{"type":"CNAME","proxied":true,"name":"{cf_dns_name}","content":"{cf_tunnel_id}"}'

Get DNS record:

curl '{cf_zone_id}/dns_records?type=CNAME&name={cf_dns_name}&content={cf_tunnel_id}' \
-H "Authorization: Bearer {cf_api_token}"

dns_record_id = result[0].id

Delete DNS record:

curl '{cf_zone_id}/dns_records/{dns_record_id}' -X DELETE \
-H "Authorization: Bearer {cf_api_token}"