--- title: Resource Tagging description: Resource Tagging lets you attach key-value pairs to a wide range of Cloudflare resource types — including zones, custom hostnames, Cloudflare Tunnels, Workers, D1 databases, R2 buckets, KV namespaces, and more. Tags are stored separately from the resources themselves, enabling cross-resource queries and policy enforcement without modifying underlying resource configurations. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/resource-tagging/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Resource Tagging Attach custom key-value metadata to Cloudflare resources for organization, access control, and billing attribution. Available on all plans Resource Tagging lets you attach key-value pairs to a wide range of [Cloudflare resource types](https://developers.cloudflare.com/resource-tagging/reference/resource-types/) — including zones, custom hostnames, Cloudflare Tunnels, Workers, D1 databases, R2 buckets, KV namespaces, and more. Tags are stored separately from the resources themselves, enabling cross-resource queries and policy enforcement without modifying underlying resource configurations. Public beta Resource Tagging is in public beta. The API is stable, but behavior may change as we iterate based on feedback. ## How it works Tags are simple key-value string pairs stored as a JSON object: ``` { "environment": "production", "team": "platform", "region": "us-west-1" } ``` You manage tags through the Tagging API using `GET`, `PUT`, and `DELETE` operations. The API supports [filtering resources by tags](https://developers.cloudflare.com/resource-tagging/how-to/filter-resources/) with AND/OR logic, negation, and key-only matching. Authentication uses [Account Owned Tokens (AOTs)](https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/), which are account-level tokens independent of individual users. ## Limitations * The dashboard is in beta. You can view and manage tags in the dashboard under **Manage Account** \> **Resource Tagging**, but the API remains the recommended interface for automation workflows. * `PUT` replaces all tags. There is no `PATCH` endpoint. The `PUT` operation replaces all tags on a resource. Use the [GET, merge, PUT workflow](https://developers.cloudflare.com/resource-tagging/how-to/manage-tags/#add-a-single-tag) to modify individual tags. * `DELETE` removes all tags. There is no way to delete a single tag. Use `PUT` with the remaining tags instead. * Querying tags for a resource that has never been tagged returns a `500` error instead of `404`. This is a known beta limitation. ## Get started Follow the [Get started guide](https://developers.cloudflare.com/resource-tagging/get-started/) to set up authentication and make your first API calls. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/resource-tagging/","name":"Resource Tagging"}}]} ``` --- --- title: Get started description: Set up authentication for Resource Tagging and make your first API calls. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/resource-tagging/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Get started This guide walks you through verifying that tagging works on your account and making your first API calls. ## Prerequisites * At least one user with the Super Administrator, Workers Admin, or Tag Admin role. These roles can create, update, and delete tags. * The API is the preferred interface for managing tags. You can also use the dashboard under **Manage Account** \> **Resource Tagging**, but you should be comfortable making authenticated HTTP requests for automation workflows. * An API token with the required permissions. [Account Owned Tokens](https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/) are recommended for automation. ## 1\. Verify tagging is enabled Test the API to confirm tagging is active on your account: Terminal window ``` curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/keys" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" ``` ### Interpreting the response | Response | Meaning | Action | | ---------------------------------------------------- | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **200 OK** with {"success": true, "result": \[...\]} | Tagging is enabled. An empty array is normal if no tags exist yet. | Proceed to the next step. | | **403** mentioning "permission" or "role" | The caller lacks required permissions. | Verify the caller has a Super Admin, Workers Admin, or Tag Admin role, or that the token has #com.cloudflare.api.account.tag.list scope. | | **403** mentioning "feature" or "gate" | Tagging is not enabled for this account. | Contact [Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) for assistance. | | **401 Unauthorized** | Authentication failed. | Verify the token is valid, not expired, and formatted correctly in the Authorization: Bearer header. | | Any other response | Unexpected error. | Capture the full response body and contact [Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/) with the Account ID, request details, and timestamp. | ## 2\. Create your first tags Set tags on a resource using `PUT`: Terminal window ``` curl -X PUT "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "resource_type": "worker", "resource_id": "'"$RESOURCE_ID"'", "tags": { "environment": "production", "team": "platform" } }' ``` Then retrieve the tags: Terminal window ``` curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags?resource_type=worker&resource_id=$RESOURCE_ID" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" ``` ## 3\. List tagged resources Query all tagged resources in the account, optionally filtering by tag: Terminal window ``` # All tagged resources curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources" \ -H "Authorization: Bearer $API_TOKEN" # Filter: only resources with environment=production curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources?tag=environment=production" \ -H "Authorization: Bearer $API_TOKEN" ``` ## Next steps * Learn the full [tag filtering syntax](https://developers.cloudflare.com/resource-tagging/how-to/filter-resources/) for complex queries. * Understand the [GET, merge, PUT workflow](https://developers.cloudflare.com/resource-tagging/how-to/manage-tags/#add-a-single-tag) for modifying individual tags. * Review [supported resource types](https://developers.cloudflare.com/resource-tagging/reference/resource-types/) and their required fields. * Review [API limits and validation rules](https://developers.cloudflare.com/resource-tagging/reference/limits/). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/resource-tagging/","name":"Resource Tagging"}},{"@type":"ListItem","position":3,"item":{"@id":"/resource-tagging/get-started/","name":"Get started"}}]} ``` --- --- title: Filter resources by tag description: Query tagged resources using the tag filtering syntax. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/resource-tagging/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Filter resources by tag The `GET /accounts/{account_id}/tags/resources` endpoint supports tag filtering via the `tag` query parameter. Multiple `tag` parameters combine with AND logic. For the full endpoint specification, refer to the [Resource Tagging API reference ↗](https://developers.cloudflare.com/api/resources/tags/). Warning Use `=` as the separator in tag filters (for example, `tag=key=value`), not `:`. The API error message references `:` but the implementation uses `=`. ## Filter types ### Key-only filter Match resources that have a specific tag key, regardless of value. Terminal window ``` # All resources with an "environment" tag (any value) curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources?tag=environment" \ -H "Authorization: Bearer $API_TOKEN" ``` ### Key-value filter Match resources where a tag key has a specific value. Terminal window ``` # All resources with environment=production curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources?tag=environment=production" \ -H "Authorization: Bearer $API_TOKEN" ``` ### Multiple values (OR) Match resources where a tag key has any of the specified values. Separate values with commas. Terminal window ``` # environment=production OR environment=staging curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources?tag=environment=production,staging" \ -H "Authorization: Bearer $API_TOKEN" ``` Maximum of 10 OR values per filter (error code `1013` if exceeded). ### Negate key Match resources that do **not** have a specific tag key. Terminal window ``` # All resources without an "archived" tag curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources?tag=!archived" \ -H "Authorization: Bearer $API_TOKEN" ``` ### Negate key-value Match resources where a tag key does **not** have a specific value. Terminal window ``` # All resources where region is NOT us-west-1 curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources?tag=region!=us-west-1" \ -H "Authorization: Bearer $API_TOKEN" ``` ## Combining filters Multiple `tag` parameters combine with AND logic. All conditions must match. Terminal window ``` # Production resources in US regions, excluding archived curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources?tag=environment=production&tag=region=us-west-1,us-east-1&tag=!archived" \ -H "Authorization: Bearer $API_TOKEN" ``` Maximum of 20 tag filters per query (error code `1010` if exceeded). ## Discover available tags ### List all tag keys Terminal window ``` curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/keys" \ -H "Authorization: Bearer $API_TOKEN" ``` ### List values for a key Terminal window ``` curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/values/environment" \ -H "Authorization: Bearer $API_TOKEN" ``` Optionally filter by resource type: Terminal window ``` curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/values/environment?type=worker" \ -H "Authorization: Bearer $API_TOKEN" ``` ## Pagination All list endpoints use cursor-based pagination with a fixed page size of 100 results. When the response includes a non-null `result_info.cursor`, pass it as a query parameter to get the next page: Terminal window ``` curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags/resources?tag=environment=production&cursor=$CURSOR" \ -H "Authorization: Bearer $API_TOKEN" ``` When `cursor` is `null`, you have reached the last page. Pagination works seamlessly with tag filters. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/resource-tagging/","name":"Resource Tagging"}},{"@type":"ListItem","position":3,"item":{"@id":"/resource-tagging/how-to/","name":"How-to guides"}},{"@type":"ListItem","position":4,"item":{"@id":"/resource-tagging/how-to/filter-resources/","name":"Filter resources by tag"}}]} ``` --- --- title: Manage tags description: Create, update, and delete tags on Cloudflare resources. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/resource-tagging/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Manage tags All tag operations use the Tagging API. Authentication requires an [account API token](https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/) or user API token with appropriate permissions. ## Set tags on a resource Use `PUT` to set tags on an account-level resource. This operation replaces all existing tags on the resource. Terminal window ``` curl -X PUT "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "resource_type": "worker", "resource_id": "'"$RESOURCE_ID"'", "tags": { "environment": "production", "team": "platform", "cost-center": "engineering" } }' ``` For zone-level resources, use the zone endpoint: Terminal window ``` curl -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/tags" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "resource_type": "zone", "resource_id": "'"$ZONE_ID"'", "tags": { "environment": "production", "customer": "acme-corp" } }' ``` Some resource types require additional fields. Refer to [supported resource types](https://developers.cloudflare.com/resource-tagging/reference/resource-types/) for details. ## Get tags for a resource Retrieve tags for a specific resource: Terminal window ``` curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags?resource_type=worker&resource_id=$RESOURCE_ID" \ -H "Authorization: Bearer $API_TOKEN" ``` Note In the current beta, querying tags for a resource that does not exist or has never been tagged returns a `500` error instead of `404`. Verify the resource exists and has been tagged at least once. ## Add a single tag The API does not support partial updates — `PUT` always replaces all tags. To add a tag without removing existing ones, use the `GET`, merge, `PUT` pattern: 1. `GET` the current tags. Terminal window ``` curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags?resource_type=worker&resource_id=$RESOURCE_ID" \ -H "Authorization: Bearer $API_TOKEN" # Response: {"result": {"tags": {"environment": "production", "team": "platform"}}} ``` 1. Merge the new tag into the existing set locally. ``` { "environment": "production", "team": "platform", "cost-center": "engineering" } ``` 1. `PUT` the complete merged tag set. Terminal window ``` curl -X PUT "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "resource_type": "worker", "resource_id": "'"$RESOURCE_ID"'", "tags": { "environment": "production", "team": "platform", "cost-center": "engineering" } }' ``` Warning If you `PUT` only the new tag, all existing tags are deleted. Always `GET` first, merge locally, then `PUT` the complete set. ## Remove a single tag Follow the same `GET`, merge, `PUT` pattern, but omit the tag you want to remove from the set before calling `PUT`. ## Delete all tags To remove all tags from a resource: Terminal window ``` curl -X DELETE "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "resource_type": "worker", "resource_id": "'"$RESOURCE_ID"'" }' ``` This returns `204 No Content` on success. Only use `DELETE` when you want to remove all tags from a resource (for example, when decommissioning it). ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/resource-tagging/","name":"Resource Tagging"}},{"@type":"ListItem","position":3,"item":{"@id":"/resource-tagging/how-to/","name":"How-to guides"}},{"@type":"ListItem","position":4,"item":{"@id":"/resource-tagging/how-to/manage-tags/","name":"Manage tags"}}]} ``` --- --- title: Error codes description: Tagging API error codes, causes, and resolutions. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/resource-tagging/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Error codes ## Error code reference | Code | HTTP status | Message | Likely cause | Resolution | | ---- | ----------- | --------------------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------- | | 1002 | 400 | Invalid set payload | Request body is malformed or missing required fields | Verify the body is valid JSON with resource\_type, resource\_id, and tags | | 1003 | 400 | resource\_type and resource\_id are required | Missing query parameters | Include both resource\_type and resource\_id in the query string | | 1006 | 400 | Invalid resource type | Unsupported resource type | Use a [supported resource type](https://developers.cloudflare.com/resource-tagging/reference/resource-types/) | | 1007 | 400 | tag parameter must be in format... | Tag filter syntax is incorrect | Refer to [tag filtering syntax](https://developers.cloudflare.com/resource-tagging/how-to/filter-resources/) | | 1009 | 400 | tag\_key is required | Missing tag\_key parameter | Include the tag\_key path parameter | | 1010 | 400 | too many tag filters (maximum 20) | More than 20 tag query parameters | Reduce filters to 20 or fewer, or split across multiple requests | | 1011 | 400 | tag key too long (maximum 256 characters) | Tag key exceeds 256 characters | Shorten the tag key | | 1012 | 400 | tag value too long (maximum 1024 characters) | Tag value exceeds 1,024 characters | Shorten the tag value | | 1013 | 400 | too many OR values in tag filter (maximum 10) | More than 10 comma-separated values in a single filter | Split into multiple filters | | 1014 | 400 | Invalid tag key | Key contains invalid characters | Use only letters, digits, \_, ., \- | | 1015 | 400 | Invalid delete payload | Delete request body is malformed | Verify the body includes resource\_type and resource\_id | Error 1007 note The error message text references `:` as the tag filter separator (for example, `key:value`), but the API implementation uses `=` in query parameters (for example, `tag=key=value`). The error message is outdated — always use `=` when constructing tag filters. ## Resource not found behavior In the current beta, `GET /accounts/{account_id}/tags` returns `500 Internal Server Error` for resources that do not exist or have never been tagged: ``` "resource not found: type={resource_type} id={resource_id}" ``` List endpoints (`/tags/resources`, `/tags/keys`, `/tags/values/{key}`) return `200 OK` with an empty result array when no matches are found -- this is expected, not an error. This `500` behavior is a known beta limitation and may change to `404` in a future release. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/resource-tagging/","name":"Resource Tagging"}},{"@type":"ListItem","position":3,"item":{"@id":"/resource-tagging/reference/","name":"Reference"}},{"@type":"ListItem","position":4,"item":{"@id":"/resource-tagging/reference/error-codes/","name":"Error codes"}}]} ``` --- --- title: Limits and validation description: API limits, tag key validation rules, and pagination behavior. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/resource-tagging/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Limits and validation ## API limits | Limit | Value | Error code | | ----------------------------- | ---------------- | ---------- | | Maximum tags per account | 10,000 (beta) | N/A | | Maximum tag key length | 256 characters | 1011 | | Maximum tag value length | 1,024 characters | 1012 | | Maximum tag filters per query | 20 | 1010 | | Maximum OR values per filter | 10 | 1013 | | Results per page | 100 (fixed) | N/A | When a limit is exceeded, the API returns `400 Bad Request` with the corresponding error code. During the beta, each account is limited to 10,000 total tags. If you need a higher limit, contact [Cloudflare support](https://developers.cloudflare.com/support/contacting-cloudflare-support/). ## Case sensitivity Tag keys and values are case-sensitive. `Environment`, `environment`, and `ENVIRONMENT` are treated as three distinct keys. Be consistent with casing conventions across your organization to avoid duplicate keys. ## Tag key validation Tag keys must follow these character rules: ### Allowed * Unicode letters (any language) * Unicode digits (0-9) * Underscores (`_`) * Periods (`.`) * Hyphens (`-`) ### Not allowed * Empty strings * Spaces * Special characters (except `_`, `.`, `-`) ### Examples | Key | Valid | Reason | | ----------- | ------ | ------------------- | | environment | Yes | Letters only | | team\_name | Yes | Underscore | | cost-center | Yes | Hyphen | | owner.email | Yes | Period | | env123 | Yes | Letters and digits | | env name | **No** | Contains space | | team@work | **No** | Special character @ | | (empty) | **No** | Empty string | Invalid tag keys return `400 Bad Request` with error code `1014`. ## Pagination List endpoints use cursor-based pagination with a fixed page size of 100\. The page size is not configurable. Paginated endpoints: * `GET /accounts/{account_id}/tags/keys` * `GET /accounts/{account_id}/tags/resources` * `GET /accounts/{account_id}/tags/values/{tag_key}` Refer to [Filter resources by tag](https://developers.cloudflare.com/resource-tagging/how-to/filter-resources/#pagination) for pagination examples. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/resource-tagging/","name":"Resource Tagging"}},{"@type":"ListItem","position":3,"item":{"@id":"/resource-tagging/reference/","name":"Reference"}},{"@type":"ListItem","position":4,"item":{"@id":"/resource-tagging/reference/limits/","name":"Limits and validation"}}]} ``` --- --- title: Supported resource types description: Resource types that support tagging and their required fields. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/resource-tagging/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Supported resource types The Tagging API supports the following resource types across account-level and zone-level scopes. ## Account-level resources Use `/accounts/{account_id}/tags` endpoints for these resource types. | Resource type | Required extra fields | Description | | -------------------------- | --------------------- | -------------------------------- | | account | None | The Cloudflare account itself | | access\_application | None | Access application | | access\_group | None | Access group | | account\_ruleset | None | Account-level ruleset | | ai\_gateway | None | AI Gateway | | alerting\_policy | None | Notification policy | | alerting\_webhook | None | Notification webhook destination | | cloudflared\_tunnel | None | Cloudflare Tunnel | | d1\_database | None | D1 database | | durable\_object\_namespace | None | Durable Objects namespace | | gateway\_list | None | Gateway list | | gateway\_rule | None | Gateway rule | | image | None | Cloudflare Image | | kv\_namespace | None | Workers KV namespace | | load\_balancer\_monitor | None | Load Balancer monitor | | load\_balancer\_pool | None | Load Balancer pool | | pages\_project | None | Pages project | | queue | None | Queue | | r2\_bucket | None | R2 bucket | | resource\_share | None | Resource share | | stream\_live\_input | None | Stream live input | | stream\_video | None | Stream video | | vectorize\_index | None | Vectorize index | | worker | None | Workers script | | worker\_version | worker\_id | Specific version of a Worker | ## Zone-level resources Use `/zones/{zone_id}/tags` endpoints for these resource types. | Resource type | Required extra fields | Description | | ---------------------------- | ----------------------- | --------------------------------- | | access\_application\_policy | access\_application\_id | Access application policy | | api\_gateway\_operation | None | API Gateway operation | | custom\_certificate | None | Custom SSL certificate | | custom\_hostname | None | Custom hostname (SSL for SaaS) | | dns\_record | None | DNS record | | healthcheck | None | Health check | | load\_balancer | None | Load Balancer | | managed\_client\_certificate | None | Managed client certificate (mTLS) | | worker\_route | None | Worker route | | zone | None | DNS zone | | zone\_ruleset | None | Zone-level ruleset | ## Extra fields Most resource types only require `resource_type` and `resource_id`. Two resource types require an additional field in both request bodies and query parameters. ### `worker_version` Include the `worker_id` field: Terminal window ``` # GET curl -X GET "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags?resource_type=worker_version&resource_id=$VERSION_ID&worker_id=$WORKER_ID" \ -H "Authorization: Bearer $API_TOKEN" # PUT curl -X PUT "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tags" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "resource_type": "worker_version", "resource_id": "'"$VERSION_ID"'", "worker_id": "'"$WORKER_ID"'", "tags": { "version": "1.2.3", "environment": "staging" } }' ``` ### `access_application_policy` Include the `access_application_id` field: Terminal window ``` # GET curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/tags?resource_type=access_application_policy&resource_id=$POLICY_ID&access_application_id=$APP_ID" \ -H "Authorization: Bearer $API_TOKEN" # PUT curl -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/tags" \ -H "Authorization: Bearer $API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "resource_type": "access_application_policy", "resource_id": "'"$POLICY_ID"'", "access_application_id": "'"$APP_ID"'", "tags": { "sensitivity": "high", "team": "security" } }' ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/resource-tagging/","name":"Resource Tagging"}},{"@type":"ListItem","position":3,"item":{"@id":"/resource-tagging/reference/","name":"Reference"}},{"@type":"ListItem","position":4,"item":{"@id":"/resource-tagging/reference/resource-types/","name":"Supported resource types"}}]} ```