impersonation_registry

Creates, updates, deletes, gets or lists an impersonation_registry resource.

Overview

Name	`impersonation_registry`
Type	Resource
Id	`cloudflare.email_security.impersonation_registry`

Fields

The following fields are returned by SELECT queries:

get
list

Impersonation registry entry details

Name	Datatype	Description
`id`	`string (uuid)`	Impersonation registry entry identifier (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415, title: identifier)
`name`	`string`	(example: John Doe)
`directory_id`	`integer`
`directory_node_id`	`integer`
`external_directory_node_id`	`string`
`comments`	`string`
`created_at`	`string (date-time)`	(example: 2014-01-01T05:20:00.12345Z)
`email`	`string`	(example: john.doe@example.com)
`is_email_regex`	`boolean`
`last_modified`	`string (date-time)`	Deprecated, use `modified_at` instead. End of life: November 1, 2026. (example: 2014-01-01T05:20:00.12345Z)
`modified_at`	`string (date-time)`	(example: 2014-01-01T05:20:00.12345Z)
`provenance`	`string`	(A1S_INTERNAL, SNOOPY-CASB_OFFICE_365, SNOOPY-OFFICE_365, SNOOPY-GOOGLE_DIRECTORY)

List of impersonation registry entries

Name	Datatype	Description
`id`	`string (uuid)`	Impersonation registry entry identifier (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415, title: identifier)
`name`	`string`	(example: John Doe)
`directory_id`	`integer`
`directory_node_id`	`integer`
`external_directory_node_id`	`string`
`comments`	`string`
`created_at`	`string (date-time)`	(example: 2014-01-01T05:20:00.12345Z)
`email`	`string`	(example: john.doe@example.com)
`is_email_regex`	`boolean`
`last_modified`	`string (date-time)`	Deprecated, use `modified_at` instead. End of life: November 1, 2026. (example: 2014-01-01T05:20:00.12345Z)
`modified_at`	`string (date-time)`	(example: 2014-01-01T05:20:00.12345Z)
`provenance`	`string`	(A1S_INTERNAL, SNOOPY-CASB_OFFICE_365, SNOOPY-OFFICE_365, SNOOPY-GOOGLE_DIRECTORY)

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`get`	`select`	`account_id`, `impersonation_registry_id`		Retrieves details for a specific impersonation registry entry including the protected identity, email pattern, and synchronization source if directory-synced.
`list`	`select`	`account_id`	`page`, `per_page`, `search`, `order`, `direction`, `provenance`	Returns a paginated list of protected identities in the impersonation registry. These entries define identities and email addresses to protect from impersonation attacks. Can be manually added or automatically synced from directory integrations.
`create`	`insert`	`account_id`		Creates a new entry in the impersonation registry to protect against impersonation. Emails attempting to impersonate this identity will be flagged. Supports regex patterns for flexible email matching.
`edit`	`update`	`account_id`, `impersonation_registry_id`		Updates an existing impersonation registry entry. Only provided fields will be modified. Directory-synced entries can't be updated.
`delete`	`delete`	`account_id`, `impersonation_registry_id`		Removes an entry from the impersonation registry. After deletion, this identity will no longer be protected from impersonation.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`account_id`	`string`	The Cloudflare account ID.
`impersonation_registry_id`	`string (uuid)`
`direction`	`string`	The sorting direction.
`order`	`string`	Field to sort by.
`page`	`integer`	Current page within paginated list of results.
`per_page`	`integer`	The number of results per page. Maximum value is 1000.
`provenance`	`string`
`search`	`string`	Search term for filtering records. Behavior may change.

`SELECT` examples

get
list

Retrieves details for a specific impersonation registry entry including the protected identity, email pattern, and synchronization source if directory-synced.

SELECT
id,
name,
directory_id,
directory_node_id,
external_directory_node_id,
comments,
created_at,
email,
is_email_regex,
last_modified,
modified_at,
provenance
FROM cloudflare.email_security.impersonation_registry
WHERE account_id = '{{ account_id }}' -- required
AND impersonation_registry_id = '{{ impersonation_registry_id }}' -- required
;

Returns a paginated list of protected identities in the impersonation registry. These entries define identities and email addresses to protect from impersonation attacks. Can be manually added or automatically synced from directory integrations.

SELECT
id,
name,
directory_id,
directory_node_id,
external_directory_node_id,
comments,
created_at,
email,
is_email_regex,
last_modified,
modified_at,
provenance
FROM cloudflare.email_security.impersonation_registry
WHERE account_id = '{{ account_id }}' -- required
AND page = '{{ page }}'
AND per_page = '{{ per_page }}'
AND search = '{{ search }}'
AND order = '{{ order }}'
AND direction = '{{ direction }}'
AND provenance = '{{ provenance }}'
;

`INSERT` examples

create
Manifest

Creates a new entry in the impersonation registry to protect against impersonation. Emails attempting to impersonate this identity will be flagged. Supports regex patterns for flexible email matching.

INSERT INTO cloudflare.email_security.impersonation_registry (
comments,
directory_id,
directory_node_id,
email,
external_directory_node_id,
is_email_regex,
name,
provenance,
account_id
)
SELECT 
'{{ comments }}',
{{ directory_id }},
{{ directory_node_id }},
'{{ email }}',
'{{ external_directory_node_id }}',
{{ is_email_regex }},
'{{ name }}',
'{{ provenance }}',
'{{ account_id }}'
RETURNING
errors,
messages,
result,
success
;

# Description fields are for documentation purposes
- name: impersonation_registry
props:
  - name: account_id
    value: "{{ account_id }}"
    description: Required parameter for the impersonation_registry resource.
  - name: comments
    value: "{{ comments }}"
  - name: directory_id
    value: {{ directory_id }}
  - name: directory_node_id
    value: {{ directory_node_id }}
  - name: email
    value: "{{ email }}"
  - name: external_directory_node_id
    value: "{{ external_directory_node_id }}"
  - name: is_email_regex
    value: {{ is_email_regex }}
  - name: name
    value: "{{ name }}"
  - name: provenance
    value: "{{ provenance }}"
    valid_values: ['A1S_INTERNAL', 'SNOOPY-CASB_OFFICE_365', 'SNOOPY-OFFICE_365', 'SNOOPY-GOOGLE_DIRECTORY']

`UPDATE` examples

edit

Updates an existing impersonation registry entry. Only provided fields will be modified. Directory-synced entries can't be updated.

UPDATE cloudflare.email_security.impersonation_registry
SET 
comments = '{{ comments }}',
directory_id = {{ directory_id }},
directory_node_id = {{ directory_node_id }},
email = '{{ email }}',
external_directory_node_id = '{{ external_directory_node_id }}',
is_email_regex = {{ is_email_regex }},
name = '{{ name }}',
provenance = '{{ provenance }}'
WHERE 
account_id = '{{ account_id }}' --required
AND impersonation_registry_id = '{{ impersonation_registry_id }}' --required
RETURNING
errors,
messages,
result,
success;

`DELETE` examples

delete

Removes an entry from the impersonation registry. After deletion, this identity will no longer be protected from impersonation.

DELETE FROM cloudflare.email_security.impersonation_registry
WHERE account_id = '{{ account_id }}' --required
AND impersonation_registry_id = '{{ impersonation_registry_id }}' --required
;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

UPDATE examples​

DELETE examples​