## GET /api/v2/cdn/zones

**List CDN zones**

List CDN zones the caller can manage. Use this first when you only know the domain name and need the public `cdn_...` zone ID for detail, settings, or proxy-rule endpoints. Registrar-backed zones include `domainId`; DNS-only zones return `domainId: null`.

### Related Endpoints

- `GET /api/v2/cdn/zones/{id}`: Get CDN zone details
- `PATCH /api/v2/cdn/zones/{id}`: Update CDN zone settings
- `GET /api/v2/cdn/zones/{id}/proxy-rules`: List CDN proxy rules

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scopes: `read:cdn`, `read:domains`

### Parameters

- `limit` (query, integer) [min: 1, max: 200]: Maximum number of zones to return. The route accepts 1 through 200. Example: `50`
- `cursor` (query, string): Opaque cursor returned as `nextCursor` from the previous page. Example: `eyJsYXN0SWQiOiJjZG5fMDFoeGEzYjRjNWQ2ZTdmOGc5aDBqMWsybTMifQ`

### Request Example

```bash
curl -X GET "https://cloud.hostup.se/api/v2/cdn/zones" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
```

### Response Schema

- `data` (array<object>, optional)
- `data[].id` (string,null, required): Public CDN zone ID. `null` when no CDN zone exists yet. Example: `cdn_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `data[].domain` (string, required) Example: `example.com`
- `data[].domainId` (string,null, required): Public domain ID for registrar-owned domains; `null` for DNS-only zones. Example: `dom_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `data[].status` (string, required) Example: `active`
  Allowed values: active, pending, misconfigured, missing, disabled
- `data[].reason` (string,null, required) Example: `null`
- `data[].proxied` (boolean, required) Example: `true`
- `data[].securityLevel` (string, required) Example: `medium`
  Allowed values: off, low, medium, high
- `data[].ssl` (object, required)
- `data[].ssl.status` (string, required) Example: `active`
  Allowed values: active, pending, error
- `data[].ssl.expiresAt` (string,null, required) Example: `2026-08-01T00:00:00.000Z`
- `data[].ruleCount` (integer, required) Example: `2`
- `hasMore` (boolean, optional) Example: `false`
- `nextCursor` (string,null, optional) Example: `null`

### Responses

#### 200 - CDN zone list.
```json
{
  "data": [
    {
      "id": "cdn_01hxa3b4c5d6e7f8g9h0j1k2m3",
      "domain": "example.com",
      "domainId": "dom_01hxa3b4c5d6e7f8g9h0j1k2m3",
      "status": "active",
      "reason": null,
      "proxied": true,
      "securityLevel": "medium",
      "ssl": {
        "status": "active",
        "expiresAt": "2026-08-01T00:00:00.000Z"
      },
      "ruleCount": 2
    }
  ],
  "hasMore": false,
  "nextCursor": null
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```