APIGatewayOperation

Cloudflare’s API Gateway Operation resource manages individual API endpoints that can be monitored, secured, and configured through API Shield. Operations represent specific HTTP method + endpoint + host combinations that your API exposes.

Caution

You should use APIShield instead of APIGatewayOperation for most use cases. It will create and manage the APISchema and APIGatewayOperation resources for you.

Basic API Operation

Create a simple API endpoint operation:

import { APIGatewayOperation, Zone } from "alchemy/cloudflare";

const zone = await Zone("example.com");

const getUserOp = await APIGatewayOperation("get-users", {
  zone,
  endpoint: "/users",
  host: "api.example.com",
  method: "GET"
});

Path Parameters

Use curly braces to define path parameters in your endpoints:

const getUserByIdOp = await APIGatewayOperation("get-user-by-id", {
  zone,
  endpoint: "/users/{id}",
  host: "api.example.com",
  method: "GET"
});

Mitigation Actions

Configure how the operation responds to validation failures:

// Monitor traffic without blocking
const monitorOp = await APIGatewayOperation("monitor-endpoint", {
  zone,
  endpoint: "/api/users",
  host: "api.example.com",
  method: "GET",
  mitigation: "none"
});

// Log invalid requests (requires paid plan)
const logOp = await APIGatewayOperation("log-endpoint", {
  zone,
  endpoint: "/api/users",
  host: "api.example.com",
  method: "POST",
  mitigation: "log"
});

// Block invalid requests
const blockOp = await APIGatewayOperation("block-endpoint", {
  zone,
  endpoint: "/api/admin",
  host: "api.example.com",
  method: "DELETE",
  mitigation: "block"
});