At a glance
- Availability: Experimental (how to enable).
- Auth: API key.
- Connection: The key comes from
CLOUDFLARE_API_TOKEN. - Docs: https://developers.cloudflare.com/fundamentals/api/get-started/create-token/
Credentials
Set these per environment. See Connect an integration.| Variable | Required | Description |
|---|---|---|
CLOUDFLARE_API_TOKEN | Yes | Cloudflare API token (scoped Bearer token, not the legacy Global API Key) Docs. |
Setup
- Sign in to Cloudflare: Go to https://dash.cloudflare.com and sign in. A free account with at least one zone added is sufficient for testing.
- Create an API token: Open My Profile > API Tokens (https://dash.cloudflare.com/profile/api-tokens) and create a token. The ‘Edit zone DNS’ template covers the DNS tools; add Zone:Read and Account:Read permissions for listing.
- Set the environment variable: Add the token to your .env as CLOUDFLARE_API_TOKEN=… (use a scoped API token, not the legacy Global API Key).
- Verify access: Run the Verify Token tool, then List Zones.
- Cloudflare authenticates with ‘Authorization: Bearer <token>’
- Account-scoped endpoints need an account ID - use List Accounts to find yours
- Tokens can be scoped per zone; if List Zones returns nothing, widen the token’s zone resources
Tools
| Tool | Access | Description |
|---|---|---|
| Verify Token | Read | Check that the configured Cloudflare API token is valid and active |
| List Zones | Read | List zones (domains) the token can access |
| Get Zone | Read | Get details of a zone by ID |
| List DNS Records | Read | List DNS records in a zone |
| Create DNS Record | Write | Create a DNS record in a zone |
| Update DNS Record | Write | Update fields of an existing DNS record |
| List Accounts | Read | List Cloudflare accounts the token can access (account IDs are needed for account-scoped APIs) |
Example prompts
- List the DNS records for one of my Cloudflare zones and flag anything unusual.
- Create a DNS record in one of my Cloudflare zones after confirming the type, name, and content with me.