## Get Fraud Detection Settings `client.fraud.get(FraudGetParamsparams, RequestOptionsoptions?): FraudSettings` **get** `/zones/{zone_id}/fraud_detection/settings` Retrieve Fraud Detection settings for a zone. ### Parameters - `params: FraudGetParams` - `zone_id: string` Identifier. ### Returns - `FraudSettings` - `authentication_settings?: AuthenticationSettings` Configuration for classifying login authentication outcomes based on the origin response. Requires `user_profiles` to be enabled. - Success and failure criteria are independently updatable — sending only `success_criteria` leaves failure codes untouched, and vice versa. - Omit `authentication_settings` entirely to leave both unchanged. - Status codes must not overlap between success and failure criteria. - `failure_criteria?: FailureCriteria` Criterion for identifying failed login responses. - `kind: "status_code"` The type of criterion. Currently only `status_code` is supported. - `"status_code"` - `status_codes?: Array` HTTP status codes to match against the origin response. - Maximum of 10 codes per criterion. - Each code must be a valid HTTP status code (100-599). - Codes are deduplicated and sorted on save. - Omit to leave unchanged on update. - Provide an empty array `[]` to clear codes on update. - `success_criteria?: SuccessCriteria` Criterion for identifying successful login responses. - `kind: "status_code"` The type of criterion. Currently only `status_code` is supported. - `"status_code"` - `status_codes?: Array` HTTP status codes to match against the origin response. - Maximum of 10 codes per criterion. - Each code must be a valid HTTP status code (100-599). - Codes are deduplicated and sorted on save. - Omit to leave unchanged on update. - Provide an empty array `[]` to clear codes on update. - `user_profiles?: "enabled" | "disabled"` Whether Fraud User Profiles is enabled for the zone. - `"enabled"` - `"disabled"` - `username_expressions?: Array` List of expressions to detect usernames in write HTTP requests. - Maximum of 10 expressions. - Omit or set to null to leave unchanged on update. - Provide an empty array `[]` to clear all expressions on update. - Invalid expressions will result in a 10400 Bad Request with details in the `messages` array. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const fraudSettings = await client.fraud.get({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }); console.log(fraudSettings.authentication_settings); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "authentication_settings": { "failure_criteria": { "kind": "status_code", "status_codes": [ 200, 201 ] }, "success_criteria": { "kind": "status_code", "status_codes": [ 200, 201 ] } }, "user_profiles": "disabled", "username_expressions": [ "http.request.body.form[\"username\"][0]", "lookup_json_string(http.request.body.raw, \"username\")" ] } } ```