## GET /api/v2/cdn/zones/{id}

**Get CDN zone details**

Return one CDN zone by public `cdn_...` ID. The response starts with the same summary fields as `GET /api/v2/cdn/zones`, then adds security, WAF, geo restriction, action gates, and optional DNS records.

### Related Endpoints

- `PATCH /api/v2/cdn/zones/{id}`: Update CDN zone settings
- `GET /api/v2/cdn/zones/{id}/proxy-rules`: List CDN proxy rules
- `POST /api/v2/cdn/zones/{id}/proxy-rules`: Create CDN proxy rule

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scopes: `read:cdn`, `read:domains`

### Parameters

- `includeRecords` (query, boolean): When true, include proxied A, AAAA, and CNAME records in `records`; otherwise `records` is `null`. Example: `true`
- `id` (path, string, required): Public resource ID for `id`. Example: `id_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Example

```bash
curl -X GET "https://cloud.hostup.se/api/v2/cdn/zones/id_01hxa3b4c5d6e7f8g9h0j1k2m3" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
```

### Response Schema

- `id` (string,null, optional): Public CDN zone ID. `null` when no CDN zone exists yet. Example: `cdn_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `domain` (string, optional) Example: `example.com`
- `domainId` (string,null, optional): Public domain ID for registrar-owned domains; `null` for DNS-only zones. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `status` (string, optional) Example: `active`
  Allowed values: active, pending, misconfigured, missing, disabled
- `reason` (string,null, optional) Example: `null`
- `proxied` (boolean, optional) Example: `true`
- `securityLevel` (string, optional) Example: `medium`
  Allowed values: off, low, medium, high
- `ssl` (object, optional)
- `ssl.status` (string, required) Example: `active`
  Allowed values: active, pending, error
- `ssl.expiresAt` (string,null, required) Example: `2026-08-01T00:00:00.000Z`
- `ruleCount` (integer, optional) Example: `2`
- `security` (object, optional)
- `security.level` (string, required): Overall CDN security level. Example: `medium`
  Allowed values: off, low, medium, high
- `security.sslMode` (string, required): TLS mode used between visitors, CDN, and origin. Example: `full`
  Allowed values: off, flexible, full, strict
- `security.alwaysUseHttps` (boolean, required) Example: `true`
- `security.minTlsVersion` (string, required) Example: `1.2`
  Allowed values: 1.0, 1.1, 1.2, 1.3
- `security.botProtection` (boolean, required) Example: `true`
- `security.blockBadCrawlers` (boolean, required) Example: `true`
- `security.blockBadBots` (boolean, required) Example: `true`
- `security.wpLoginProtection` (boolean, required): Protect WordPress login endpoints. Example: `true`
- `security.wpAdminChallenge` (boolean, required): Challenge requests to WordPress administration paths. Example: `true`
- `waf` (object, optional)
- `waf.skipEnabled` (boolean, required): Whether custom WAF skip rules are enabled. Example: `false`
- `waf.challengeGeoEnabled` (boolean, required): Whether visitor-profile country challenge logic is enabled. Example: `true`
- `waf.visitorProfileMode` (string, required): `challenge` asks visitors outside the configured country profile to complete a challenge; `block` blocks them; `off` disables this profile action. Example: `challenge`
  Allowed values: off, challenge, block
- `waf.ipAllowlist` (array<string>, required): IP addresses or CIDR ranges allowed through custom WAF checks. Example: `["203.0.113.10"]`
- `waf.uaAllowlist` (array<string>, required): User-agent substrings allowed through custom WAF checks. Example: `["HostUp-Monitor"]`
- `waf.pathAllowlist` (array<string>, required): Path prefixes allowed through custom WAF checks. Example: `["/health"]`
- `geoRestriction` (object, optional)
- `geoRestriction.enabled` (boolean, required) Example: `true`
- `geoRestriction.whitelistCountries` (array<string>, required): Effective uppercase country-code allowlist kept for compatibility. Prefer `combinedCountries` for new integrations. Example: `["SE"]`
- `geoRestriction.mode` (string, required): `off` disables the allowlist; `whitelist` allows only `combinedCountries`. Example: `whitelist`
  Allowed values: off, whitelist
- `geoRestriction.standardCountries` (array<string>, required): System-required countries that callers cannot remove. Example: `[]`
- `geoRestriction.additionalCountries` (array<string>, required): Caller-managed country codes layered on top of `standardCountries`. Example: `["SE"]`
- `geoRestriction.combinedCountries` (array<string>, required): Effective allowlist: `standardCountries` plus `additionalCountries`. Example: `["SE"]`
- `activity` (object, optional)
- `activity.lastChangeDetectedAt` (string,null, required) Example: `2026-04-27T12:00:00.000Z`
- `activity.lastCheckedAt` (string,null, required) Example: `2026-04-27T12:00:00.000Z`
- `activity.settingsUpdatedAt` (string,null, required) Example: `2026-04-27T12:00:00.000Z`
- `actions` (object, optional)
- `actions.canEnableProxy` (object, required)
- `actions.canEnableProxy.allowed` (boolean, required) Example: `true`
- `actions.canEnableProxy.reason` (string,null, required) Example: `null`
- `actions.canEnableProxy.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `actions.canIssueCertificate` (object, required)
- `actions.canIssueCertificate.allowed` (boolean, required) Example: `true`
- `actions.canIssueCertificate.reason` (string,null, required) Example: `null`
- `actions.canIssueCertificate.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `actions.canChangeMode` (object, required)
- `actions.canChangeMode.allowed` (boolean, required) Example: `true`
- `actions.canChangeMode.reason` (string,null, required) Example: `null`
- `actions.canChangeMode.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `actions.canActivate` (object, required)
- `actions.canActivate.allowed` (boolean, required) Example: `true`
- `actions.canActivate.reason` (string,null, required) Example: `null`
- `actions.canActivate.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `actions.canDeactivate` (object, required)
- `actions.canDeactivate.allowed` (boolean, required) Example: `true`
- `actions.canDeactivate.reason` (string,null, required) Example: `null`
- `actions.canDeactivate.code` (string,null, optional): Machine-readable reason code when an action is blocked. Example: `pending_order`
- `records` (array,null, optional): `null` unless `includeRecords=true`.

### Responses

#### 200 - CDN zone detail.
```json
{
  "id": "cdn_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "domain": "example.com",
  "domainId": "dom_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "status": "active",
  "reason": null,
  "proxied": true,
  "securityLevel": "medium",
  "ssl": {
    "status": "active",
    "expiresAt": "2026-08-01T00:00:00.000Z"
  },
  "ruleCount": 2,
  "security": {
    "level": "medium",
    "sslMode": "full",
    "alwaysUseHttps": true,
    "minTlsVersion": "1.2",
    "botProtection": true,
    "blockBadCrawlers": true,
    "blockBadBots": true,
    "wpLoginProtection": true,
    "wpAdminChallenge": true
  },
  "waf": {
    "skipEnabled": false,
    "challengeGeoEnabled": true,
    "visitorProfileMode": "challenge",
    "ipAllowlist": [
      "203.0.113.10"
    ],
    "uaAllowlist": [
      "HostUp-Monitor"
    ],
    "pathAllowlist": [
      "/health"
    ]
  },
  "geoRestriction": {
    "enabled": true,
    "whitelistCountries": [
      "SE"
    ],
    "mode": "whitelist",
    "standardCountries": [],
    "additionalCountries": [
      "SE"
    ],
    "combinedCountries": [
      "SE"
    ]
  },
  "activity": {
    "lastChangeDetectedAt": "2026-04-27T12:00:00.000Z",
    "lastCheckedAt": "2026-04-27T12:00:00.000Z",
    "settingsUpdatedAt": "2026-04-27T12:00:00.000Z"
  },
  "actions": {
    "canEnableProxy": {
      "allowed": true,
      "reason": null
    },
    "canIssueCertificate": {
      "allowed": true,
      "reason": null
    },
    "canChangeMode": {
      "allowed": true,
      "reason": null
    },
    "canActivate": {
      "allowed": false,
      "reason": "CDN is already active for this domain."
    },
    "canDeactivate": {
      "allowed": true,
      "reason": null
    }
  },
  "records": null
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```