Skip to content
Cloudflare API
Start here
API Reference
Resource Tagging

List tagged resources

client.resourceTagging.list(ResourceTaggingListParams { account_id, cursor, tag, type } params?, RequestOptionsoptions?): CursorPaginationAfter<ResourceTaggingListResponse>
GET/accounts/{account_id}/tags/resources

Lists all tagged resources for an account.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
params: ResourceTaggingListParams { account_id, cursor, tag, type }
account_id?: string

Path param: Identifier.

maxLength32
minLength32
cursor?: string

Query param: Cursor for pagination.

tag?: Array<string>

Query param: Filter resources by tag criteria. This parameter can be repeated multiple times, with AND logic between parameters.

Supported syntax:

  • Key-only: tag=<key> - Resource must have the tag key (e.g., tag=production)
  • Key-value: tag=<key>=<value> - Resource must have the tag with specific value (e.g., tag=env=prod)
  • Multiple values (OR): tag=<key>=<v1>,<v2> - Resource must have tag with any of the values (e.g., tag=env=prod,staging)
  • Negate key-only: tag=!<key> - Resource must not have the tag key (e.g., tag=!archived)
  • Negate key-value: tag=<key>!=<value> - Resource must not have the tag with specific value (e.g., tag=region!=us-west-1)

Multiple tag parameters are combined with AND logic.

type?: Array<"access_application" | "access_application_policy" | "access_group" | 24 more>

Query param: Filter by resource type. Can be repeated to filter by multiple types (OR logic). Example: ?type=zone&type=worker

One of the following:
"access_application"
"access_application_policy"
"access_group"
"account"
"ai_gateway"
"alerting_policy"
"alerting_webhook"
"api_gateway_operation"
"cloudflared_tunnel"
"custom_certificate"
"custom_hostname"
"d1_database"
"dns_record"
"durable_object_namespace"
"gateway_list"
"gateway_rule"
"image"
"kv_namespace"
"managed_client_certificate"
"queue"
"r2_bucket"
"resource_share"
"stream_live_input"
"stream_video"
"worker"
"worker_version"
"zone"
ReturnsExpand Collapse
ResourceTaggingListResponse = ResourceTaggingTaggedResourceObjectAccessApplication { id, etag, name, 2 more } | ResourceTaggingTaggedResourceObjectAccessApplicationPolicy { id, access_application_id, etag, 4 more } | ResourceTaggingTaggedResourceObjectAccessGroup { id, etag, name, 2 more } | 24 more

Response for access_application resources

One of the following:
ResourceTaggingTaggedResourceObjectAccessApplication { id, etag, name, 2 more }

Response for access_application resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "access_application"
ResourceTaggingTaggedResourceObjectAccessApplicationPolicy { id, access_application_id, etag, 4 more }

Response for access_application_policy resources

id: string

Identifies the unique resource.

access_application_id: string

Access application ID is required only for access_application_policy resources

formatuuid
etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "access_application_policy"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
ResourceTaggingTaggedResourceObjectAccessGroup { id, etag, name, 2 more }

Response for access_group resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "access_group"
ResourceTaggingTaggedResourceObjectAccount { id, etag, name, 2 more }

Response for account resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "account"
ResourceTaggingTaggedResourceObjectAIGateway { id, etag, name, 2 more }

Response for ai_gateway resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "ai_gateway"
ResourceTaggingTaggedResourceObjectAlertingPolicy { id, etag, name, 2 more }

Response for alerting_policy resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "alerting_policy"
ResourceTaggingTaggedResourceObjectAlertingWebhook { id, etag, name, 2 more }

Response for alerting_webhook resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "alerting_webhook"
ResourceTaggingTaggedResourceObjectAPIGatewayOperation { id, etag, name, 3 more }

Response for api_gateway_operation resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "api_gateway_operation"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
ResourceTaggingTaggedResourceObjectCloudflaredTunnel { id, etag, name, 2 more }

Response for cloudflared_tunnel resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "cloudflared_tunnel"
ResourceTaggingTaggedResourceObjectCustomCertificate { id, etag, name, 3 more }

Response for custom_certificate resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "custom_certificate"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
ResourceTaggingTaggedResourceObjectCustomHostname { id, etag, name, 3 more }

Response for custom_hostname resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "custom_hostname"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
ResourceTaggingTaggedResourceObjectD1Database { id, etag, name, 2 more }

Response for d1_database resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "d1_database"
ResourceTaggingTaggedResourceObjectDNSRecord { id, etag, name, 3 more }

Response for dns_record resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "dns_record"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
ResourceTaggingTaggedResourceObjectDurableObjectNamespace { id, etag, name, 2 more }

Response for durable_object_namespace resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "durable_object_namespace"
ResourceTaggingTaggedResourceObjectGatewayList { id, etag, name, 2 more }

Response for gateway_list resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "gateway_list"
ResourceTaggingTaggedResourceObjectGatewayRule { id, etag, name, 2 more }

Response for gateway_rule resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "gateway_rule"
ResourceTaggingTaggedResourceObjectImage { id, etag, name, 2 more }

Response for image resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "image"
ResourceTaggingTaggedResourceObjectKVNamespace { id, etag, name, 2 more }

Response for kv_namespace resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "kv_namespace"
ResourceTaggingTaggedResourceObjectManagedClientCertificate { id, etag, name, 3 more }

Response for managed_client_certificate resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "managed_client_certificate"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32
ResourceTaggingTaggedResourceObjectQueue { id, etag, name, 2 more }

Response for queue resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "queue"
ResourceTaggingTaggedResourceObjectR2Bucket { id, etag, name, 2 more }

Response for r2_bucket resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "r2_bucket"
ResourceTaggingTaggedResourceObjectResourceShare { id, etag, name, 2 more }

Response for resource_share resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "resource_share"
ResourceTaggingTaggedResourceObjectStreamLiveInput { id, etag, name, 2 more }

Response for stream_live_input resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "stream_live_input"
ResourceTaggingTaggedResourceObjectStreamVideo { id, etag, name, 2 more }

Response for stream_video resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "stream_video"
ResourceTaggingTaggedResourceObjectWorker { id, etag, name, 2 more }

Response for worker resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "worker"
ResourceTaggingTaggedResourceObjectWorkerVersion { id, etag, name, 3 more }

Response for worker_version resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "worker_version"
worker_id: string

Worker ID is required only for worker_version resources

ResourceTaggingTaggedResourceObjectZone { id, etag, name, 3 more }

Response for zone resources

id: string

Identifies the unique resource.

etag: string

ETag identifier for optimistic concurrency control. Formatted as “v1:” where the hash is the base64url-encoded SHA-256 (truncated to 128 bits) of the tags map canonicalized using RFC 8785 (JSON Canonicalization Scheme). Clients should treat ETags as opaque strings and pass them back via the If-Match header on write operations.

name: string

Human-readable name of the resource.

tags: Record<string, string>

Contains key-value pairs of tags.

type: "zone"
zone_id: string

Zone ID is required only for zone-level resources

maxLength32
minLength32

List tagged resources

import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiEmail: process.env['CLOUDFLARE_EMAIL'], // This is the default and can be omitted
  apiKey: process.env['CLOUDFLARE_API_KEY'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const resourceTaggingListResponse of client.resourceTagging.list({
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
})) {
  console.log(resourceTaggingListResponse);
}
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "etag": "v1:RBNvo1WzZ4oRRq0W9-hkng",
      "name": "my-worker-script",
      "tags": {
        "environment": "production",
        "team": "engineering"
      },
      "type": "access_application"
    }
  ],
  "result_info": {
    "count": 20,
    "cursor": "eyJhY2NvdW50X2lkIjoxMjM0NTY3ODkwfQ"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "etag": "v1:RBNvo1WzZ4oRRq0W9-hkng",
      "name": "my-worker-script",
      "tags": {
        "environment": "production",
        "team": "engineering"
      },
      "type": "access_application"
    }
  ],
  "result_info": {
    "count": 20,
    "cursor": "eyJhY2NvdW50X2lkIjoxMjM0NTY3ODkwfQ"
  }
}