#Where to find API endpoints to create internal/external hostnames?

I have a Cloudflare tunnel setup to my home network for some personal self-hosted services. While learning my way around the dashboard, I decided to try to use the API to help make creating DNS entries faster.

In my investigation, I learned how to manage DNS entries, but I could not figure out how to create "Public Hostname" entries via the API within my tunnel, and made the following observations:

1. If I create a hostname entry via the dashboard GUI, it'll automatically create a DNS CNAME entry, but the converse is not true
2. I can create DNS entries with a POST to https://api.cloudflare.com/api/v4/zones/{{CF-Zone-ID}}/dns_records, but I cannot figure out how do #1 via the API (create a hostname entry)
3. When viewing the network tab of the browser developer tools to try to reverse engineer it, the only thing I'm finding is the same POST above, though it uses dash.cloudflare.com/api, which I'm assuming is a different API for the dashboard vs. the raw API, which makes me think some functions are only available via the dashboard. The user-facing API URL is https://api.cloudflare.com/client/v4

I'd appreciate any guidance on how to do this (add a new tunnel public hostname/DNS mapping) programmatically, thanks!

The nice interface today that exists for Cloudflare tunnels came a while after they were launched. It was first just local config (in yaml) and local tunnel management.

So the endpoints aren't really nice. What the dash does is store the entire tunnel config in json and load it/save it back on each modification. You're looking for the configurations endpoint call. Here's the endpoint: https://developers.cloudflare.com/api/operations/cloudflare-tunnel-configuration-put-configuration

That is exactly what I was looking for, thank you so much for pointing me in the right direction.

I wouldn't have ended up there organically, I don't think.

Only your account can CNAME to tunnels belonging to your account. Once you CNAME to the tunnel, requests go down the tunnel, and then are processed by the local config, specifically the ingress part, to the right local service

yea it's kind of messy lol, it PUTs the entire config back on each change

Your pattern would have to be like:
Post DNS Record CNAME -> Tunnel
GET Tunnel Config
..Modify Tunnel config/add public hostname(s)/etc
PUT back entire tunnel config, and on this action the tunnel will be automagically notified the config updated and know where to route the now incoming requests

Well, your explanation is very concise and well-explained, I really have no further questions right now. I'll play around with it and I'm sure it'll fit the bill. Thanks so much for a quick response! I posted on Reddit in /r/cloudflare but never got a single response 😦

This especially is super helpful - I'm not a programmer/developer, just like to tinker, and trying to figure out the flow of API's always trips me up since it's multiple calls that formulate a single flow.

Thank you again. Is there a way to mark this solved?

I see it just changed, thanks

Under Edit Tags -> Solved, I did it for you

You're phenomenal

yea, one nice thing about CF is the dashboard uses all the same APIs you use, so you can kind of easily reverse engineer it, makes up for the meh API Docs

Yup. I'm a network engineer by trade, so always comfortable looking in the developer tools network tab 🙂

feels like home.

When you add a Public Hostname you should be able to see the DNS Record add and the configuration put, those are the two important ones

Noted, ty. You've just unblocked me, so I can get back to the fun stuff 🙂