LLMversus
communitystdio

Cloudflare MCP Server

Query and control Cloudflare from Claude Code or Cursor with one npx command and a API token and account ID

Updated: April 15, 2026

Install

npx @cloudflare/mcp-server-cloudflare
~/.claude/settings.json
{
  "mcpServers": {
    "cloudflare-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your_api_token",
        "CLOUDFLARE_ACCOUNT_ID": "your_account_id"
      }
    }
  }
}

Capabilities

  • + Manage DNS records on any zone (list, create, update, delete A, AAAA, CNAME, TXT, MX)
  • + Read and deploy Workers scripts, list bindings, and inspect routes
  • + List KV namespaces and read or write key-value entries with TTL and metadata
  • + Query D1 SQLite databases with read-only SQL for data inspection
  • + Manage Pages deployments including build status and preview URLs
  • + View analytics for zones including request volume, cache hit ratio, and bandwidth

Limitations

  • - Requires a Cloudflare API token with the right zone and account permissions; account-wide tokens are risky and not recommended
  • - Workers editing is limited to reads and simple deploys; complex multi-module projects should still use `wrangler deploy`
  • - CDN cache purge by URL or tag is not exposed through the MCP tool surface
  • - Enterprise features like Magic Transit, Access policies, and Stream Video are not covered

Cloudflare MCP server setup for Claude Code and Cursor

Quick answer: The Cloudflare MCP server wraps the Cloudflare API v4 as a set of tools Claude Code or Cursor can call over stdio. Install with one npx command, drop in your API token and account ID, and the editor can run real operations against Cloudflare. Setup runs about 4 to 6 minutes end to end, tested on @cloudflare/mcp-server-cloudflare on April 15, 2026.

Most teams that use Cloudflare end up copying data in and out of ChatGPT or Claude to ask questions about it. The MCP server removes that step. When you ask Claude for a summary or an action, it talks to Cloudflare itself, reads the response, and writes the answer back without the context swap. For workflows that already live in Cloudflare, that feedback loop is the whole reason to wire this up.

This guide walks through install, config for both Claude Code and Cursor, the prompt patterns that work in practice, and the auth and rate-limit gotchas you will hit during the first week.

What this server does

The server speaks MCP over stdio and forwards every tool call to the Cloudflare API v4 using API token for auth. It exposes roughly 8 to 12 tools, grouped into three rough buckets:

  • Manage DNS records on any zone (list
  • Read and deploy Workers scripts
  • List KV namespaces and read or write key-value entries with TTL and metadata
  • Query D1 SQLite databases with read-only SQL for data inspection
  • Manage Pages deployments including build status and preview URLs
  • View analytics for zones including request volume

Every tool call carries the API token and account ID forward in the request headers. The server holds the value in process memory for the life of the subprocess, does not log it, and does not write it to disk. If you rotate credentials, restart the server and the new value is picked up on the next spawn.

The server does not implement a local cache. Every call is a fresh round trip to Cloudflare. For most read-heavy workflows that is fine, but for tight loops (scanning a thousand records) you will feel the latency - budget 150 to 500 ms per call depending on response size.

Installing Cloudflare MCP

The package is on npm as @cloudflare/mcp-server-cloudflare. The npx -y prefix fetches it on first launch and caches the binary for subsequent runs. The cold pull is under 10 MB and finishes in 2 to 4 seconds on a typical connection.

Before touching any config, generate a API token and account ID:

  1. Open https://dash.cloudflare.com/profile/api-tokens and sign in to your Cloudflare account.
  2. Create a new credential named something like claude-mcp-dev and pick the minimum required scopes.
  3. Copy the value shown - it is shown only once.
  4. Store the value in a shell env var so it stays out of any file you commit.

Configuring for Claude Code

Claude Code reads MCP servers from ~/.claude/mcp.json or a per-project .mcp.json file. Add a cloudflare entry that spawns the server with CLOUDFLARE_API_TOKEN, CLOUDFLARE_ACCOUNT_ID in its env:

{
  "mcpServers": {
    "cloudflare": {
      "command": "npx",
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ],
      "env": {
        "CLOUDFLARE_API_TOKEN": "your_api_token",
        "CLOUDFLARE_ACCOUNT_ID": "your_account_id"
      }
    }
  }
}

Restart Claude Code, then run /mcp in a session to confirm the Cloudflare server is attached. Call a read-only tool as a smoke test - if the response comes back with real data from your account, the API token and account ID has the right scope.

For team projects, commit a placeholder version of .mcp.json with ${CLOUDFLARE_API_TOKEN} inside the env value and let each developer provide the real value via their shell profile. Claude Code expands env vars when it spawns the subprocess.

Configuring for Cursor

Cursor uses the same MCP spec and reads from ~/.cursor/mcp.json. The config is identical to the Claude Code block above. Open Cursor settings, navigate to the MCP tab, and toggle the Cloudflare server on. Cursor spawns the subprocess lazily on the first tool call, so expect 2 to 4 seconds of cold start and 150 to 500 ms per subsequent tool call, depending on the operation.

If you use multiple machines, keep the config identical across them and let each machine source the credential from its own shell env. That way you never commit a real token to git.

Example prompts and workflows

A few prompts that work reliably once the server is attached:

  • "List every DNS record for example.com and flag any CNAMEs pointing to domains that no longer resolve."
  • "Read the sessions KV namespace and show me the 10 most recently written keys."
  • "Deploy the Worker script in ./worker.js to the route api.example.com/*."
  • "Query my D1 database prod-app and return the 20 newest rows from the users table."
  • "Pull the cache hit ratio for example.com over the past 24 hours and tell me when it dipped below 80 percent."

The model will chain calls on its own. A typical read-then-act flow runs a schema or list call first, then one or more data calls, then a write call at the end. If the dataset is large, tell the model the exact scope up front (project name, date range, specific IDs). Scoping down cuts round trips from 6 or 7 calls down to 2 or 3.

One caveat: the model sometimes generates overly broad queries. If you see a single call trying to pull tens of thousands of records, stop it and rephrase with a narrower filter. Cloudflare servers tend to slow down sharply past 500 results per page.

Troubleshooting

Tool call returns 401 or auth error. The API token and account ID is wrong, expired, or has been revoked. Regenerate the credential, update your shell env, and restart the MCP server (/mcp restart cloudflare in Claude Code).

Tool call returns 403 or permission denied. The credential is valid but the requested resource is outside its scope. Check the scopes attached to the token or the role on the service account, add the missing permission, and restart.

Tool call returns 429 rate limit. Cloudflare has per-account or per-route rate limits. The server does not queue on your behalf. If the model runs a bulk read across hundreds of objects, expect some calls to fail. Ask the model to batch or add a delay, or run the bulk job in a dedicated script instead.

Server fails with ENOENT on npx. The npx binary is not on PATH in the env the editor inherits. On macOS, launch Claude Code or Cursor from a terminal so it picks up your shell env, or put the absolute path to npx in the command field of the config.

Tool call returns 422 or schema error. A field or parameter name in the request does not match what Cloudflare expects. Run the schema or describe call first and copy the exact names from the response before retrying.

Alternatives

A few options if the Cloudflare server does not fit your setup:

  • Look for a dedicated server with a narrower surface if you only need one or two operations - smaller servers tend to have faster cold starts.
  • Use the official Cloudflare CLI or SDK directly from a script when the task is a one-off and the MCP overhead is not worth it.
  • Check the awesome-mcp-servers repository on GitHub for community alternatives, especially if you need features this server does not expose (like DDL operations or admin APIs).

For one-off exports, the Cloudflare API is straightforward to call from a script. The MCP server pays off when Claude needs to read and write in the same session without you switching to the Cloudflare UI. Good use cases include DNS automation, Worker deployment pipelines, and reading production KV and D1 state from your editor.

The Cloudflare MCP server is the right default for any workflow already rooted in Cloudflare. Four to six minutes of setup replaces hours of copy-paste between your editor and the Cloudflare dashboard. Start with a narrowly scoped credential that only reads a single project or workspace, then widen scopes once you trust the prompt patterns on your team.

Security notes

Rotate the API token and account ID on a 90-day cadence as a baseline hygiene practice. If you ever suspect a credential leaked (committed to git, pasted in a screenshot), revoke it in the Cloudflare dashboard immediately - the old value stops working within a few seconds and existing subprocesses will fail their next call.

Scope credentials to the smallest set of resources you actually need. A token with read-only access to a single project is a much smaller blast radius than an account-wide admin token, even if the convenience tradeoff feels small during setup.

Performance and cost

Most tool calls complete in 150 to 500 ms on a warm connection. Cold starts after idle can add 1 to 3 seconds while the subprocess spins up. Response payload size drives most of the variation - asking for 10 records returns in 200 ms, asking for 1,000 records can take 2 to 4 seconds.

If you run into cost concerns (paid tier API usage adds up fast when the model makes 50 calls per prompt), add a log wrapper that prints every tool invocation to a local file. Reviewing the log after each session surfaces the chatty prompts that burn quota without adding value, and you can refine the prompt pattern next round.

Guides

Claude Code Setup

Add the Cloudflare MCP server to Claude Code with one config block and reach Clo...

Cursor Setup

Connect Cursor Composer to Cloudflare with a free MCP server install, enable it ...

Use Cases

Five real Cloudflare MCP use cases with exact prompts, tool chains, and outputs ...

Frequently asked questions

Do I need a paid Cloudflare plan to use this MCP server?

No. Any plan that lets you issue a API token and account ID works with the MCP server. Free and starter tiers are fine for development and light use. Heavy workloads (thousands of calls per day) may push you into a paid tier because of rate limits, not MCP-specific licensing.

How do I get the API token and account ID to fill in the config?

Open https://dash.cloudflare.com/profile/api-tokens, sign in, and create a new credential. Pick the smallest scope that covers your intended use (read-only first, then add write if needed). Copy the value and store it in a shell env var; do not commit it to git.

Can I use this server with both Claude Code and Cursor at the same time?

Yes. The MCP spec is editor-agnostic, so the same `@cloudflare/mcp-server-cloudflare` package runs under both Claude Code and Cursor. Each editor spawns its own subprocess from its own config file (`~/.claude/mcp.json` and `~/.cursor/mcp.json`). Rotating credentials in one place means updating both shell env vars.

What happens if I hit the Cloudflare API rate limit?

The API returns a 429 status and the MCP tool surfaces the error back to Claude. The server does not auto-retry. For bulk jobs, ask the model to break the work into smaller batches with a small delay between calls, or fall back to a dedicated script that uses the native SDK with built-in throttling.

Is my API token and account ID logged or sent back to Anthropic?

The server holds the credential in process memory only. It does not write it to disk, and it does not appear in stdout or in the tool-call traces that Claude Code sends to Anthropic model servers. Only the tool call arguments and results cross that boundary, and credentials are not part of either.

What should I do if the server fails to start on cloudflare-mcp?

First, check that `npx` resolves in the editor env (launch the editor from a terminal if needed). Second, verify every env var is set and not empty. Third, run `npx -y @cloudflare/mcp-server-cloudflare` directly in a terminal and watch the output - any missing credential or unreachable host shows up in the first few seconds. Once the manual run works, the editor config will work too.

View on GitHub →