Return one CDN zone by public cdn_... ID. The response starts with the same summary fields as GET /api/v2/cdn/zones, then adds security, WAF, geo restriction, action gates, and optional DNS records.
read:cdnread:domains
Use Authorization: Bearer <token> for API keys. Dashboard sessions may also use hostup_session.
id string required
Example: id_01hxa3b4c5d6e7f8g9h0j1k2m3 Public resource ID for `id`.
includeRecords boolean
· Example: true When true, include proxied A, AAAA, and CNAME records in `records`; otherwise `records` is `null`.
Accept Example Content-Type Example id stringnull
· Example: cdn_01hxa3b4c5d6e7f8g9h0j1k2m3 Public CDN zone ID. `null` when no CDN zone exists yet.
domain string
· Example: example.com domainId stringnull
· Example: dom_01hxa3b4c5d6e7f8g9h0j1k2m3 Public domain ID for registrar-owned domains; `null` for DNS-only zones.
status string · enum
· Example: active active pending misconfigured missing disabled reason stringnull
· Example: null proxied boolean
· Example: true securityLevel string · enum
· Example: medium off low medium high ssl object ssl.status string · enum required
· Example: active active pending error ssl.expiresAt stringnull required
· Example: 2026-08-01T00:00:00.000Z ruleCount integer
· Example: 2 security object security.level string · enum required
· Example: medium Overall CDN security level.
off low medium high security.sslMode string · enum required
· Example: full TLS mode used between visitors, CDN, and origin.
off flexible full strict security.alwaysUseHttps boolean required
· Example: true security.minTlsVersion string · enum required
· Example: 1.2 1.0 1.1 1.2 1.3 security.botProtection boolean required
· Example: true security.blockBadCrawlers boolean required
· Example: true security.blockBadBots boolean required
· Example: true security.wpLoginProtection boolean required
· Example: true Protect WordPress login endpoints.
security.wpAdminChallenge boolean required
· Example: true Challenge requests to WordPress administration paths.
waf object waf.skipEnabled boolean required
· Example: false Whether custom WAF skip rules are enabled.
waf.challengeGeoEnabled boolean required
· Example: true Whether visitor-profile country challenge logic is enabled.
waf.visitorProfileMode string · enum required
· Example: challenge `challenge` asks visitors outside the configured country profile to complete a challenge; `block` blocks them; `off` disables this profile action.
off challenge block waf.ipAllowlist array<string> required
· Example: ["203.0.113.10"] IP addresses or CIDR ranges allowed through custom WAF checks.
waf.uaAllowlist array<string> required
· Example: ["HostUp-Monitor"] User-agent substrings allowed through custom WAF checks.
waf.pathAllowlist array<string> required
· Example: ["/health"] Path prefixes allowed through custom WAF checks.
geoRestriction object geoRestriction.enabled boolean required
· Example: true geoRestriction.whitelistCountries array<string> required
· Example: ["SE"] Effective uppercase country-code allowlist kept for compatibility. Prefer `combinedCountries` for new integrations.
geoRestriction.mode string · enum required
· Example: whitelist `off` disables the allowlist; `whitelist` allows only `combinedCountries`.
off whitelist geoRestriction.standardCountries array<string> required
· Example: [] System-required countries that callers cannot remove.
geoRestriction.additionalCountries array<string> required
· Example: ["SE"] Caller-managed country codes layered on top of `standardCountries`.
geoRestriction.combinedCountries array<string> required
· Example: ["SE"] Effective allowlist: `standardCountries` plus `additionalCountries`.
activity object activity.lastChangeDetectedAt stringnull required
· Example: 2026-04-27T12:00:00.000Z activity.lastCheckedAt stringnull required
· Example: 2026-04-27T12:00:00.000Z activity.settingsUpdatedAt stringnull required
· Example: 2026-04-27T12:00:00.000Z actions object actions.canEnableProxy object required actions.canEnableProxy.allowed boolean required
· Example: true actions.canEnableProxy.reason stringnull required
· Example: null actions.canEnableProxy.code stringnull
· Example: pending_order Machine-readable reason code when an action is blocked.
actions.canIssueCertificate object required actions.canIssueCertificate.allowed boolean required
· Example: true actions.canIssueCertificate.reason stringnull required
· Example: null actions.canIssueCertificate.code stringnull
· Example: pending_order Machine-readable reason code when an action is blocked.
actions.canChangeMode object required actions.canChangeMode.allowed boolean required
· Example: true actions.canChangeMode.reason stringnull required
· Example: null actions.canChangeMode.code stringnull
· Example: pending_order Machine-readable reason code when an action is blocked.
actions.canActivate object required actions.canActivate.allowed boolean required
· Example: true actions.canActivate.reason stringnull required
· Example: null actions.canActivate.code stringnull
· Example: pending_order Machine-readable reason code when an action is blocked.
actions.canDeactivate object required actions.canDeactivate.allowed boolean required
· Example: true actions.canDeactivate.reason stringnull required
· Example: null actions.canDeactivate.code stringnull
· Example: pending_order Machine-readable reason code when an action is blocked.
records arraynull `null` unless `includeRecords=true`.
type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object type string
· Example: https://developer.hostup.se/errors/invalid_request title string
· Example: Validation failed status integer
· Example: 400 detail string
· Example: The request body failed validation. code string
· Example: invalid_request Stable machine-readable code. Branch on this field, not on `detail`.
instance string
· Example: /api/v2/orders requestId string
· Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3 timestamp string
· Example: 2026-04-27T12:34:56.000Z errors array<object> Field-level validation errors when `code` is `invalid_request`.
errors[].pointer string required
· Example: /items/0/eppCode errors[].detail string required
· Example: `eppCode` is required for this transfer. errors[].code string required
· Example: missing_required extensions object https://cloud.hostup.se/api/v2/cdn/zones/{id} curl -X GET "https://cloud.hostup.se/api/v2/cdn/zones/id_01hxa3b4c5d6e7f8g9h0j1k2m3" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"{
"id": "cdn_01hxa3b4c5d6e7f8g9h0j1k2m3",
"domain": "example.com",
"domainId": "dom_01hxa3b4c5d6e7f8g9h0j1k2m3",
"status": "active",
"reason": null,
"proxied": true,
"securityLevel": "medium",
"ssl": {
"status": "active",
"expiresAt": "2026-08-01T00:00:00.000Z"
},
"ruleCount": 2,
"security": {
"level": "medium",
"sslMode": "full",
"alwaysUseHttps": true,
"minTlsVersion": "1.2",
"botProtection": true,
"blockBadCrawlers": true,
"blockBadBots": true,
"wpLoginProtection": true,
"wpAdminChallenge": true
},
"waf": {
"skipEnabled": false,
"challengeGeoEnabled": true,
"visitorProfileMode": "challenge",
"ipAllowlist": [
"203.0.113.10"
],
"uaAllowlist": [
"HostUp-Monitor"
],
"pathAllowlist": [
"/health"
]
},
"geoRestriction": {
"enabled": true,
"whitelistCountries": [
"SE"
],
"mode": "whitelist",
"standardCountries": [],
"additionalCountries": [
"SE"
],
"combinedCountries": [
"SE"
]
},
"activity": {
"lastChangeDetectedAt": "2026-04-27T12:00:00.000Z",
"lastCheckedAt": "2026-04-27T12:00:00.000Z",
"settingsUpdatedAt": "2026-04-27T12:00:00.000Z"
},
"actions": {
"canEnableProxy": {
"allowed": true,
"reason": null
},
"canIssueCertificate": {
"allowed": true,
"reason": null
},
"canChangeMode": {
"allowed": true,
"reason": null
},
"canActivate": {
"allowed": false,
"reason": "CDN is already active for this domain."
},
"canDeactivate": {
"allowed": true,
"reason": null
}
},
"records": null
}