Common API calls
The following API examples cover basic operations such as enabling and disabling the leaked credentials detection.
To turn on leaked credentials detection, use a POST request similar to the following:
Required API token permissions
 
At least one of the following token permissions 
is required:
- Zone WAF Write
- Account WAF Write
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks \  --request POST \  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \  --json '{    "enabled": true  }'To turn off leaked credentials detection, use a POST request similar to the following:
Required API token permissions
 
At least one of the following token permissions 
is required:
- Zone WAF Write
- Account WAF Write
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks \  --request POST \  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \  --json '{    "enabled": false  }'To obtain the current status of the leaked credentials detection, use a GET request similar to the following:
Required API token permissions
 
At least one of the following token permissions 
is required:
- Zone WAF Write
- Zone WAF Read
- Account WAF Write
- Account WAF Read
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks \  --request GET \  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"{  "result": {    "enabled": true  },  "success": true,  "errors": [],  "messages": []}The following API examples cover operations on custom detection locations for leaked credentials detection.
Use a POST request similar to the following:
Required API token permissions
 
At least one of the following token permissions 
is required:
- Zone WAF Write
- Account WAF Write
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks/detections \  --request POST \  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \  --json '{    "username": "lookup_json_string(http.request.body.raw, \"user\")",    "password": "lookup_json_string(http.request.body.raw, \"secret\")"  }'To get a list of existing custom detection locations, use a GET request similar to the following:
Required API token permissions
 
At least one of the following token permissions 
is required:
- Zone WAF Write
- Zone WAF Read
- Account WAF Write
- Account WAF Read
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks/detections \  --request GET \  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"{  "result": [    {      "id": "<DETECTION_ID>",      "username": "lookup_json_string(http.request.body.raw, \"user\")",      "password": "lookup_json_string(http.request.body.raw, \"secret\")"    }    // (...)  ],  "success": true,  "errors": [],  "messages": []}Use a DELETE request similar to the following:
Required API token permissions
 
At least one of the following token permissions 
is required:
- Zone WAF Write
- Account WAF Write
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/leaked-credential-checks/detections/$DETECTION_ID \  --request DELETE \  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark