Get domain CDN settings

Return CDN state and settings for a domain public ID. Use this path when you already have dom_...; use GET /api/v2/cdn/zones when you need to discover CDN zones across registrar and DNS-only domains.

Domains & DNS CDN

Authentication

Required API scopes: read:cdnread:domains

Use Authorization: Bearer <token> for API keys. Dashboard sessions may also use hostup_session.

Context

Path Parameters

id string required Example: dom_01hxa3b4c5d6e7f8g9h0j1k2m3

Public domain ID. Get it from GET /api/v2/domains `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response.

Query Parameters

includeRecords boolean · Example: true

When true, include proxied A, AAAA, and CNAME records in `records`; otherwise `records` is `null`.

Headers

Accept Example
Content-Type Example

Responses

200 Domain CDN settings.
id string · Example: cdn_01hxa3b4c5d6e7f8g9h0j1k2m3

Public CDN zone ID. Get it from this endpoint or `GET /api/v2/cdn/zones`.

domain string · Example: example.com
state object
state.exists boolean required · Example: true
state.enabled boolean required · Example: true
state.status string · enum required · Example: active
active
inactive
disabled
not_found
state.reason stringnull required · Example: null
proxied boolean · Example: true

Master CDN proxy switch for the domain.

cdn object
cdn.enabled boolean required · Example: true
cdn.proxy boolean required · Example: true
security object
security.level string · enum required · Example: medium

Overall CDN security level.

off
low
medium
high
security.sslMode string · enum required · Example: full

TLS mode used between visitors, CDN, and origin.

off
flexible
full
strict
security.alwaysUseHttps boolean required · Example: true
security.minTlsVersion string · enum required · Example: 1.2
1.0
1.1
1.2
1.3
security.botProtection boolean required · Example: true
security.blockBadCrawlers boolean required · Example: true
security.blockBadBots boolean required · Example: true
security.wpLoginProtection boolean required · Example: true

Protect WordPress login endpoints.

security.wpAdminChallenge boolean required · Example: true

Challenge requests to WordPress administration paths.

performance object
performance.earlyHints boolean required · Example: true
performance.alwaysOnline boolean required · Example: true
cache object
cache.purgeCache boolean required · Example: false

Current persisted cache-purge toggle returned by the CDN settings surface.

waf object
waf.skipEnabled boolean required · Example: false

Whether custom WAF skip rules are enabled.

waf.challengeGeoEnabled boolean required · Example: true

Whether visitor-profile country challenge logic is enabled.

waf.visitorProfileMode string · enum required · Example: challenge

`challenge` asks visitors outside the configured country profile to complete a challenge; `block` blocks them; `off` disables this profile action.

off
challenge
block
waf.ipAllowlist array<string> required · Example: ["203.0.113.10"]

IP addresses or CIDR ranges allowed through custom WAF checks.

waf.uaAllowlist array<string> required · Example: ["HostUp-Monitor"]

User-agent substrings allowed through custom WAF checks.

waf.pathAllowlist array<string> required · Example: ["/health"]

Path prefixes allowed through custom WAF checks.

geoRestriction object
geoRestriction.enabled boolean required · Example: true
geoRestriction.whitelistCountries array<string> required · Example: ["SE"]

Effective uppercase country-code allowlist kept for compatibility. Prefer `combinedCountries` for new integrations.

geoRestriction.mode string · enum required · Example: whitelist

`off` disables the allowlist; `whitelist` allows only `combinedCountries`.

off
whitelist
geoRestriction.standardCountries array<string> required · Example: []

System-required countries that callers cannot remove.

geoRestriction.additionalCountries array<string> required · Example: ["SE"]

Caller-managed country codes layered on top of `standardCountries`.

geoRestriction.combinedCountries array<string> required · Example: ["SE"]

Effective allowlist: `standardCountries` plus `additionalCountries`.

activity object
activity.lastChangeDetectedAt stringnull required · Example: 2026-04-27T12:00:00.000Z
activity.lastCheckedAt stringnull required · Example: 2026-04-27T12:00:00.000Z
activity.settingsUpdatedAt stringnull required · Example: 2026-04-27T12:00:00.000Z
actions object
actions.canEnableProxy object required
actions.canEnableProxy.allowed boolean required · Example: true
actions.canEnableProxy.reason stringnull required · Example: null
actions.canEnableProxy.code stringnull · Example: pending_order

Machine-readable reason code when an action is blocked.

actions.canIssueCertificate object required
actions.canIssueCertificate.allowed boolean required · Example: true
actions.canIssueCertificate.reason stringnull required · Example: null
actions.canIssueCertificate.code stringnull · Example: pending_order

Machine-readable reason code when an action is blocked.

actions.canChangeMode object required
actions.canChangeMode.allowed boolean required · Example: true
actions.canChangeMode.reason stringnull required · Example: null
actions.canChangeMode.code stringnull · Example: pending_order

Machine-readable reason code when an action is blocked.

actions.canActivate object required
actions.canActivate.allowed boolean required · Example: true
actions.canActivate.reason stringnull required · Example: null
actions.canActivate.code stringnull · Example: pending_order

Machine-readable reason code when an action is blocked.

actions.canDeactivate object required
actions.canDeactivate.allowed boolean required · Example: true
actions.canDeactivate.reason stringnull required · Example: null
actions.canDeactivate.code stringnull · Example: pending_order

Machine-readable reason code when an action is blocked.

records arraynull

`null` unless `includeRecords=true`; then contains proxied A, AAAA, and CNAME records.

400 Invalid request. The response body is an RFC 7807 Problem Details document.
type string · Example: https://developer.hostup.se/errors/invalid_request
title string · Example: Validation failed
status integer · Example: 400
detail string · Example: The request body failed validation.
code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders
requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3
timestamp string · Example: 2026-04-27T12:34:56.000Z
errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode
errors[].detail string required · Example: `eppCode` is required for this transfer.
errors[].code string required · Example: missing_required
extensions object
401 Unauthorized. Authentication is required.
type string · Example: https://developer.hostup.se/errors/invalid_request
title string · Example: Validation failed
status integer · Example: 400
detail string · Example: The request body failed validation.
code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders
requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3
timestamp string · Example: 2026-04-27T12:34:56.000Z
errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode
errors[].detail string required · Example: `eppCode` is required for this transfer.
errors[].code string required · Example: missing_required
extensions object
403 Forbidden. The caller lacks a required scope or does not own the resource.
type string · Example: https://developer.hostup.se/errors/invalid_request
title string · Example: Validation failed
status integer · Example: 400
detail string · Example: The request body failed validation.
code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders
requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3
timestamp string · Example: 2026-04-27T12:34:56.000Z
errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode
errors[].detail string required · Example: `eppCode` is required for this transfer.
errors[].code string required · Example: missing_required
extensions object
404 Not found. The resource does not exist or is not owned by the caller.
type string · Example: https://developer.hostup.se/errors/invalid_request
title string · Example: Validation failed
status integer · Example: 400
detail string · Example: The request body failed validation.
code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders
requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3
timestamp string · Example: 2026-04-27T12:34:56.000Z
errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode
errors[].detail string required · Example: `eppCode` is required for this transfer.
errors[].code string required · Example: missing_required
extensions object
429 Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
type string · Example: https://developer.hostup.se/errors/invalid_request
title string · Example: Validation failed
status integer · Example: 400
detail string · Example: The request body failed validation.
code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders
requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3
timestamp string · Example: 2026-04-27T12:34:56.000Z
errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode
errors[].detail string required · Example: `eppCode` is required for this transfer.
errors[].code string required · Example: missing_required
extensions object
500 Internal error. Retry later or contact support if the issue persists.
type string · Example: https://developer.hostup.se/errors/invalid_request
title string · Example: Validation failed
status integer · Example: 400
detail string · Example: The request body failed validation.
code string · Example: invalid_request

Stable machine-readable code. Branch on this field, not on `detail`.

instance string · Example: /api/v2/orders
requestId string · Example: req_01hxa3b4c5d6e7f8g9h0j1k2m3
timestamp string · Example: 2026-04-27T12:34:56.000Z
errors array<object>

Field-level validation errors when `code` is `invalid_request`.

errors[].pointer string required · Example: /items/0/eppCode
errors[].detail string required · Example: `eppCode` is required for this transfer.
errors[].code string required · Example: missing_required
extensions object
GET https://cloud.hostup.se/api/v2/domains/{id}/cdn
For AI assistants
View as Markdown
cURL 
curl -X GET "https://cloud.hostup.se/api/v2/domains/dom_01hxa3b4c5d6e7f8g9h0j1k2m3/cdn" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
Response 
{
  "id": "cdn_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "domain": "example.com",
  "state": {
    "exists": true,
    "enabled": true,
    "status": "active",
    "reason": null
  },
  "proxied": true,
  "cdn": {
    "enabled": true,
    "proxy": true
  },
  "security": {
    "level": "medium",
    "sslMode": "full",
    "alwaysUseHttps": true,
    "minTlsVersion": "1.2",
    "botProtection": true,
    "blockBadCrawlers": true,
    "blockBadBots": true,
    "wpLoginProtection": true,
    "wpAdminChallenge": true
  },
  "performance": {
    "earlyHints": true,
    "alwaysOnline": true
  },
  "cache": {
    "purgeCache": false
  },
  "waf": {
    "skipEnabled": false,
    "challengeGeoEnabled": true,
    "visitorProfileMode": "challenge",
    "ipAllowlist": [
      "203.0.113.10"
    ],
    "uaAllowlist": [
      "HostUp-Monitor"
    ],
    "pathAllowlist": [
      "/health"
    ]
  },
  "geoRestriction": {
    "enabled": true,
    "whitelistCountries": [
      "SE"
    ],
    "mode": "whitelist",
    "standardCountries": [],
    "additionalCountries": [
      "SE"
    ],
    "combinedCountries": [
      "SE"
    ]
  },
  "activity": {
    "lastChangeDetectedAt": "2026-04-27T12:00:00.000Z",
    "lastCheckedAt": "2026-04-27T12:00:00.000Z",
    "settingsUpdatedAt": "2026-04-27T12:00:00.000Z"
  },
  "actions": {
    "canEnableProxy": {
      "allowed": true,
      "reason": null
    },
    "canIssueCertificate": {
      "allowed": true,
      "reason": null
    },
    "canChangeMode": {
      "allowed": true,
      "reason": null
    },
    "canActivate": {
      "allowed": false,
      "reason": "CDN is already active for this domain."
    },
    "canDeactivate": {
      "allowed": true,
      "reason": null
    }
  },
  "records": [
    {
      "id": "drr_01hxa3b4c5d6e7f8g9h0j1k2m3",
      "fqdn": "example.com",
      "type": "A",
      "value": "203.0.113.10",
      "proxied": true,
      "ttl": 300,
      "proxyRule": {
        "enabled": true,
        "mode": "always"
      }
    }
  ]
}