Portal Community

zone/getSettings

Retrieve all configuration settings for a Cloudflare zone in a single call.

This operation returns all applicable zone settings at once — SSL mode, cache TTL, always-HTTPS, Brotli, HTTP/2, minification, security level, and more. Use a downstream Filter or Transform node to extract only the settings you need.

When to Use

Configuration

Connection

FieldTypeRequiredDescription
ApiTokenstringrequiredScoped Cloudflare API Token with Zone.Read permission. Store in BizFirst Credentials Manager.

Operation Fields

FieldTypeRequiredDescription
ZoneIdstringrequired32-character hexadecimal Zone ID.

Sample Configuration

{
  "resource": "zone",
  "operation": "getSettings",
  "connection": {
    "ApiToken": "{{ $credentials.cloudflare_readonly }}"
  },
  "ZoneId": "023e105f4ecef8ad9ca31a8372d0c353"
}

Validation Errors

CodeConditionResolution
MISSING_API_TOKENApiToken is empty or not configuredSet the ApiToken credential in the connection panel
MISSING_ZONE_IDZoneId field is emptyProvide a valid 32-character hex Zone ID
UNKNOWN_ERRORCloudflare returned 404 or auth errorVerify the Zone ID and token permissions

Output

Success Port

FieldTypeDescription
settingsobjectAll zone settings as key-value pairs
settings.sslstringSSL mode: off, flexible, full, or strict
settings.always_httpsstringon or off
settings.browser_cache_ttlintegerBrowser cache TTL in seconds
settings.brotlistringon or off
settings.http2stringon or off
settings.minifyobjectMinification settings for css, html, js
settings.security_levelstringessentially_off, low, medium, high, or under_attack

Error Port

On failure, the error port receives an object with code and message.

Sample Output

{
  "settings": {
    "ssl": "full",
    "always_https": "on",
    "browser_cache_ttl": 14400,
    "brotli": "on",
    "http2": "on",
    "minify": {
      "css": "on",
      "html": "off",
      "js": "on"
    },
    "security_level": "medium",
    "cache_level": "aggressive",
    "rocket_loader": "off"
  }
}

Expression Reference

ExpressionReturns
{{ $node.GetSettings.output.settings.ssl }}Current SSL mode
{{ $node.GetSettings.output.settings.always_https }}"on" or "off"
{{ $node.GetSettings.output.settings.browser_cache_ttl }}Cache TTL in seconds
{{ $node.GetSettings.output.settings.security_level }}WAF security level
{{ $node.GetSettings.output.settings.http2 }}HTTP/2 status

Node Policies & GuardRails

PolicyDetail
Read-only token is sufficientUse Zone.Read — do not over-scope the token for a settings read
Store ApiToken in Credentials ManagerNever hardcode the token in configuration
Back up settings before bulk updatesCall getSettings before zone/updateSettings in any bulk-change workflow to enable rollback
Use downstream filter to extract specific settingsThe output contains all settings — use a JsonTransform or Function node to extract only what is needed
Rate limit awarenessEach call counts toward the 1,200 req/5 min limit; do not call in a tight polling loop

Examples

Example 1: Pre-Launch HTTPS Verification

Call zone/getSettings and add an IfCondition: if settings.always_https !== "on" or settings.ssl === "off", send a Slack alert to the DevOps channel and halt the deployment pipeline.

Example 2: Multi-Zone Settings Comparison

Use zone/list to get all zone IDs, then loop through each zone calling zone/getSettings. Feed results into a DataMapping node to build a comparison matrix. Flag any zone where ssl differs from the baseline.

Example 3: Settings Backup Before Bulk Change

Before a zone/updateSettings call, run zone/getSettings and serialize the result to a JSON file in S3 with a timestamp. If the update causes issues, the saved settings object can be passed directly back to zone/updateSettings to restore the previous state.