This document belongs to Cloud WAF — Enterprise Web Protection Management Platform
CLI tool:zcloud· 5 modules: guard / sys / analytics / cli_release / auth
Full API index: /api/openapi.json · Sitemap: /sitemap.xml · AI Quick Read: /llms.txt
30-Second Quickstart
What is Cloud WAF
Cloud WAF is an enterprise-grade web protection management platform delivering domain onboarding, certificate management, WAF rules, CC/ACL protection, forwarding policies, and an analytics dashboard in one place. The system consists of a Go backend (Gin) + Vue 3 frontend + Cobra CLI (zcloud).
Once a web service is onboarded, you can manage it via the Web Console, the CLI, or the REST API. This guide targets developers and walks you through a first call in 30 seconds.
Prerequisites
- A reachable Cloud WAF endpoint (e.g.
https://waf.example.com) - A user account with the required permissions (username + password)
- A Linux / macOS shell with
curlandbashavailable
Three Steps
Step 1: Download and install the CLI
Option A — One-liner installer (recommended):
curl -fsSL https://waf.example.com/api/cli/install.sh | sh
The installer auto-detects your OS / architecture (linux/amd64, linux/arm64, darwin/amd64, darwin/arm64), pulls the latest binary from /api/cli/version, and installs it to /usr/local/bin/zcloud.
Option B — Manual download:
# 1) Query the latest version and download URL
curl -s https://waf.example.com/api/cli/version
# 2) Download the binary (replace with the download_url from the response)
curl -fsSL -o /tmp/zcloud "<download_url>"
chmod +x /tmp/zcloud
sudo mv /tmp/zcloud /usr/local/bin/zcloud
# 3) Verify the install
zcloud version
Step 2: Log in and obtain a session
zcloud config set api_url https://waf.example.com
# Interactive login: prompts for Username and Password (password is hidden)
zcloud auth login
On success, credentials are written to ~/.zcloud/credentials.toml and every subsequent command will reuse the session token automatically.
If the server uses a self-signed certificate, use
zcloud --insecure auth loginto skip TLS verification.
For multi-environment setups, use profiles:
# profiles create accepts only the positional <name>, no flags
zcloud config profiles create prod
zcloud --profile prod config set api_url https://prod.example.com
zcloud config profiles activate prod
Step 3: Run your first command
# List the domains your account manages
zcloud guard domains list
# Inspect your identity and permissions
zcloud auth info
# Show the complete command tree
zcloud --help
Common Errors
| Symptom | Cause | Resolution |
|---|---|---|
401 Unauthorized |
Session expired | Re-run zcloud auth login |
403 Forbidden |
Account lacks the required permission | Ask an admin to grant the matching permission key |
connection refused |
Wrong api_url or service down | Check zcloud config get api_url |
x509: certificate signed by unknown authority |
Self-signed cert | Pass --insecure or import the CA |
Output Format Switching
Every command accepts --format:
zcloud guard domains list --format table # default, human-friendly
zcloud guard domains list --format json # machine-readable
zcloud guard domains list --format yaml # config-friendly
Next Steps
- Full CLI Command Reference — all 98 commands
- API Documentation — REST endpoint details
- Authentication — Bearer sessions, API Keys, and 401 retry
- Examples — curl / Python / Go snippets
- Permission Matrix — Resource × Action full list
Cloud WAF · zcloud CLI · Documentation versioned in lockstep with the API