Portal / Nodes / Cloudflare / zone/getSettings
zone/getSettings
Retrieve all configuration settings for a Cloudflare zone in a single call.
This operation returns all applicable zone settings at once — SSL mode, cache TTL, always-HTTPS, Brotli, HTTP/2, minification, security level, and more. Use a downstream Filter or Transform node to extract only the settings you need.
When to Use
- Security audit: Read all zone settings across multiple zones to verify compliance (e.g., always-HTTPS enabled, SSL mode is full or strict).
- Environment comparison: Compare settings between a staging zone and a production zone to catch configuration drift before a release.
- Pre-launch checklist: Verify that
always_https, ssl mode, and browser_cache_ttl are correct before a go-live.
- Performance audit: Check
browser_cache_ttl, http2, and brotli settings as part of a performance review workflow.
- Settings backup: Export zone settings before applying bulk changes, enabling rollback if needed.
Configuration
Connection
| Field | Type | Required | Description |
ApiToken | string | required | Scoped Cloudflare API Token with Zone.Read permission. Store in BizFirst Credentials Manager. |
Operation Fields
| Field | Type | Required | Description |
ZoneId | string | required | 32-character hexadecimal Zone ID. |
Sample Configuration
{
"resource": "zone",
"operation": "getSettings",
"connection": {
"ApiToken": "{{ $credentials.cloudflare_readonly }}"
},
"ZoneId": "023e105f4ecef8ad9ca31a8372d0c353"
}
Validation Errors
| Code | Condition | Resolution |
MISSING_API_TOKEN | ApiToken is empty or not configured | Set the ApiToken credential in the connection panel |
MISSING_ZONE_ID | ZoneId field is empty | Provide a valid 32-character hex Zone ID |
UNKNOWN_ERROR | Cloudflare returned 404 or auth error | Verify the Zone ID and token permissions |
Output
Success Port
| Field | Type | Description |
settings | object | All zone settings as key-value pairs |
settings.ssl | string | SSL mode: off, flexible, full, or strict |
settings.always_https | string | on or off |
settings.browser_cache_ttl | integer | Browser cache TTL in seconds |
settings.brotli | string | on or off |
settings.http2 | string | on or off |
settings.minify | object | Minification settings for css, html, js |
settings.security_level | string | essentially_off, low, medium, high, or under_attack |
Error Port
On failure, the error port receives an object with code and message.
Sample Output
{
"settings": {
"ssl": "full",
"always_https": "on",
"browser_cache_ttl": 14400,
"brotli": "on",
"http2": "on",
"minify": {
"css": "on",
"html": "off",
"js": "on"
},
"security_level": "medium",
"cache_level": "aggressive",
"rocket_loader": "off"
}
}
Expression Reference
| Expression | Returns |
{{ $node.GetSettings.output.settings.ssl }} | Current SSL mode |
{{ $node.GetSettings.output.settings.always_https }} | "on" or "off" |
{{ $node.GetSettings.output.settings.browser_cache_ttl }} | Cache TTL in seconds |
{{ $node.GetSettings.output.settings.security_level }} | WAF security level |
{{ $node.GetSettings.output.settings.http2 }} | HTTP/2 status |
Node Policies & GuardRails
| Policy | Detail |
| Read-only token is sufficient | Use Zone.Read — do not over-scope the token for a settings read |
| Store ApiToken in Credentials Manager | Never hardcode the token in configuration |
| Back up settings before bulk updates | Call getSettings before zone/updateSettings in any bulk-change workflow to enable rollback |
| Use downstream filter to extract specific settings | The output contains all settings — use a JsonTransform or Function node to extract only what is needed |
| Rate limit awareness | Each call counts toward the 1,200 req/5 min limit; do not call in a tight polling loop |
Examples
Example 1: Pre-Launch HTTPS Verification
Call zone/getSettings and add an IfCondition: if settings.always_https !== "on" or settings.ssl === "off", send a Slack alert to the DevOps channel and halt the deployment pipeline.
Example 2: Multi-Zone Settings Comparison
Use zone/list to get all zone IDs, then loop through each zone calling zone/getSettings. Feed results into a DataMapping node to build a comparison matrix. Flag any zone where ssl differs from the baseline.
Example 3: Settings Backup Before Bulk Change
Before a zone/updateSettings call, run zone/getSettings and serialize the result to a JSON file in S3 with a timestamp. If the update causes issues, the saved settings object can be passed directly back to zone/updateSettings to restore the previous state.