## POST /api/v2/cdn/zones/{id}/proxy-rules

**Create CDN proxy rule**

Create a hostname-level CDN proxy rule in the zone. `name` can be `@`, a label like `www`, or a full hostname inside the zone. If a rule already exists for the same hostname, the endpoint returns that rule with `unchanged: true` instead of creating a duplicate.

### Related Endpoints

- `GET /api/v2/cdn/zones/{id}/proxy-rules`: List CDN proxy rules
- `PATCH /api/v2/cdn/zones/{id}/proxy-rules/{ruleId}`: Update CDN proxy rule
- `GET /api/v2/cdn/zones/{id}`: Get CDN zone details

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scopes: `write:cdn`, `write:domains`
- `Content-Type`: application/json

### Parameters

- `Content-Type` (header, string): Send `application/json` when a request body is present. Example: `application/json`
- `Accept` (header, string): Request JSON responses from the API. Example: `application/json`
- `id` (path, string, required): Public resource ID for `id`. Example: `id_01hxa3b4c5d6e7f8g9h0j1k2m3`

### Request Body

- `recordType` (string, optional): Optional DNS record family this rule is intended to proxy. Example: `A`
  Allowed values: A, AAAA, CNAME
- `name` (string, optional): Hostname label, `@`, full hostname, or subdomain inside the zone. Example: `www`
- `mode` (string, optional): Use `always` to proxy traffic or `off` to create a disabled proxy rule. `smart` is reserved. Example: `always`
  Allowed values: always, smart, off
- `priority` (integer, optional) [min: 0, max: 65535] Example: `100`
- `description` (string,null, optional) Example: `Proxy website traffic through the CDN.`

### Request Examples

#### Proxy www

```bash
curl -X POST "https://cloud.hostup.se/api/v2/cdn/zones/id_01hxa3b4c5d6e7f8g9h0j1k2m3/proxy-rules" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "recordType": "A",
    "name": "www",
    "mode": "always",
    "priority": 100,
    "description": "Proxy website traffic through the CDN."
  }'
```

```json
{
  "recordType": "A",
  "name": "www",
  "mode": "always",
  "priority": 100,
  "description": "Proxy website traffic through the CDN."
}
```

#### Create disabled root rule

```bash
curl -X POST "https://cloud.hostup.se/api/v2/cdn/zones/id_01hxa3b4c5d6e7f8g9h0j1k2m3/proxy-rules" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "@",
    "mode": "off",
    "priority": 200,
    "description": "Keep root record bypassed."
  }'
```

```json
{
  "name": "@",
  "mode": "off",
  "priority": 200,
  "description": "Keep root record bypassed."
}
```

### Response Schema

- `id` (string, optional): Public CDN proxy rule ID. Get it from `GET /api/v2/cdn/zones/{id}/proxy-rules`. Example: `cprule_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `fqdn` (string,null, optional) Example: `www.example.com`
- `zone` (string,null, optional) Example: `example.com`
- `proxy` (object, optional)
- `proxy.enabled` (boolean, required) Example: `true`
- `proxy.mode` (string, required) Example: `always`
  Allowed values: always, smart, off
- `proxy.priority` (integer, required) Example: `100`
- `state` (object, optional)
- `state.active` (boolean, required) Example: `true`
- `state.reason` (string,null, required) Example: `null`
- `createdAt` (string,null, optional) Example: `2026-04-27T12:00:00.000Z`
- `updatedAt` (string,null, optional) Example: `2026-04-27T12:00:00.000Z`
- `description` (string,null, optional) Example: `Proxy website traffic through the CDN.`
- `unchanged` (boolean, optional): Present and true only when POST found an existing rule for the same hostname and returned it instead of creating a duplicate. Example: `true`

### Responses

#### 200 - Existing proxy rule returned unchanged.
```json
{
  "id": "cprule_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "fqdn": "www.example.com",
  "zone": "example.com",
  "proxy": {
    "enabled": true,
    "mode": "always",
    "priority": 100
  },
  "state": {
    "active": true,
    "reason": null
  },
  "createdAt": "2026-04-27T12:00:00.000Z",
  "updatedAt": "2026-04-27T12:00:00.000Z",
  "description": "Proxy website traffic through the CDN.",
  "unchanged": true
}
```

#### 201 - Created CDN proxy rule.
```json
{
  "id": "cprule_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "fqdn": "www.example.com",
  "zone": "example.com",
  "proxy": {
    "enabled": true,
    "mode": "always",
    "priority": 100
  },
  "state": {
    "active": true,
    "reason": null
  },
  "createdAt": "2026-04-27T12:00:00.000Z",
  "updatedAt": "2026-04-27T12:00:00.000Z",
  "description": "Proxy website traffic through the CDN."
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```