> ## Documentation Index
> Fetch the complete documentation index at: https://veryfront.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Cloudflare

> Manage zones and DNS records via the Cloudflare API

## At a glance

* **Availability**: Experimental ([how to enable](/cloud/integrations)).
* **Auth**: API key.
* **Connection**: The key comes from `CLOUDFLARE_API_TOKEN`.
* **Docs**: [https://developers.cloudflare.com/fundamentals/api/get-started/create-token/](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/)

## Credentials

Set these per environment. See [Connect an integration](/cloud/integrations).

| Variable               | Required | Description                                                                                                                                                     |
| ---------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `CLOUDFLARE_API_TOKEN` | Yes      | Cloudflare API token (scoped Bearer token, not the legacy Global API Key) [Docs](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/). |

## Setup

1. **Sign in to Cloudflare**: Go to [https://dash.cloudflare.com](https://dash.cloudflare.com) and sign in. A free account with at least one zone added is sufficient for testing.
2. **Create an API token**: Open My Profile > API Tokens ([https://dash.cloudflare.com/profile/api-tokens](https://dash.cloudflare.com/profile/api-tokens)) and create a token. The 'Edit zone DNS' template covers the DNS tools; add Zone:Read and Account:Read permissions for listing.
3. **Set the environment variable**: Add the token to your .env as CLOUDFLARE\_API\_TOKEN=.... (use a scoped API token, not the legacy Global API Key).
4. **Verify access**: Run the Verify Token tool, then List Zones.

* Cloudflare authenticates with 'Authorization: Bearer \<token>'
* Account-scoped endpoints need an account ID - use List Accounts to find yours
* Tokens can be scoped per zone; if List Zones returns nothing, widen the token's zone resources

Provider API reference: [https://developers.cloudflare.com/api/](https://developers.cloudflare.com/api/)

## Tools

| Tool              | Access | Description                                                                                    |
| ----------------- | ------ | ---------------------------------------------------------------------------------------------- |
| Verify Token      | Read   | Check that the configured Cloudflare API token is valid and active                             |
| List Zones        | Read   | List zones (domains) the token can access                                                      |
| Get Zone          | Read   | Get details of a zone by ID                                                                    |
| List DNS Records  | Read   | List DNS records in a zone                                                                     |
| Create DNS Record | Write  | Create a DNS record in a zone                                                                  |
| Update DNS Record | Write  | Update fields of an existing DNS record                                                        |
| List Accounts     | Read   | List Cloudflare accounts the token can access (account IDs are needed for account-scoped APIs) |

## Example prompts

* List the DNS records for one of my Cloudflare zones and flag anything unusual.
* Create a DNS record in one of my Cloudflare zones after confirming the type, name, and content with me.
