Cloudflare MCP Server

The Cloudflare MCP server is the official remote MCP server maintained by Cloudflare, providing AI agents with access to the entire Cloudflare API: over 2,500 endpoints spanning DNS, Workers, R2 storage, KV, D1, Zero Trust, Pages, Stream, Images, and every other Cloudflare product. It is hosted by Cloudflare at https://mcp.cloudflare.com/mcp and requires no local installation.

The server uses a "Code Mode" approach that keeps the massive OpenAPI specification on the server side. Instead of exposing thousands of individual tools, it exposes just two: search (write JavaScript to query the endpoint spec) and execute (write JavaScript to call cloudflare.request()). This brings context cost down from roughly 244,000 tokens with naive MCP exposure to around 1,000 tokens, making the entire Cloudflare API usable from any agent without blowing the context window.

In addition to the main API server, Cloudflare publishes 15+ specialized MCP servers for specific product areas (Workers Bindings, Workers Builds, Observability, Radar, AI Gateway, AI Search, Browser Rendering, Logpush, Audit Logs, DNS Analytics, Digital Experience Monitoring, Cloudflare One CASB, GraphQL Analytics, Containers, and Documentation). Source for the main server lives at github.com/cloudflare/mcp; the multi-server repository is github.com/cloudflare/mcp-server-cloudflare.

Tools

Hosted server (recommended)

The server is hosted by Cloudflare. No installation required. Point your MCP client at:

https://mcp.cloudflare.com/mcp

OAuth (recommended for desktop clients)

For Claude Desktop, Cursor, or any client that supports remote MCP servers:

{
  "mcpServers": {
    "cloudflare-api": {
      "url": "https://mcp.cloudflare.com/mcp"
    }
  }
}

On first connection you will be redirected to Cloudflare to authorize and pick permission scopes.

For clients without native remote MCP support

Use the mcp-remote shim:

{
  "mcpServers": {
    "cloudflare-api": {
      "command": "npx",
      "args": ["mcp-remote", "https://mcp.cloudflare.com/mcp"]
    }
  }
}

API token (for CI/CD and automation)

Create a Cloudflare API token in the dashboard with the scopes you need. Both user tokens and account tokens are supported. For account tokens, include Account Resources: Read so the server can auto-detect your account ID. Pass the token as a Bearer token in the Authorization header on the connection.

Disabling Code Mode

If your client already runs its own code-execution layer, append ?codemode=false to register the ~2,500 endpoints as individual tools instead:

https://mcp.cloudflare.com/mcp?codemode=false

Note this increases token usage substantially.

Specialized servers

Cloudflare also hosts product-specific MCP servers, including:

• Documentation: https://docs.mcp.cloudflare.com/mcp
• Workers Bindings: https://bindings.mcp.cloudflare.com/mcp
• Workers Builds: https://builds.mcp.cloudflare.com/mcp
• Observability: https://observability.mcp.cloudflare.com/mcp
• Radar: https://radar.mcp.cloudflare.com/mcp
• Browser Rendering: https://browser.mcp.cloudflare.com/mcp
• AI Gateway: https://ai-gateway.mcp.cloudflare.com/mcp
• Logpush: https://logs.mcp.cloudflare.com/mcp
• Audit Logs: https://auditlogs.mcp.cloudflare.com/mcp
• DNS Analytics: https://dns-analytics.mcp.cloudflare.com/mcp
• GraphQL Analytics: https://graphql.mcp.cloudflare.com/mcp

All use OAuth on first connection.

• Manage DNS records across zones: create A/CNAME records, audit existing entries, and bulk-update for a domain migration.
• Provision and operate Cloudflare Workers: deploy scripts, configure routes, manage KV namespaces, D1 databases, R2 buckets, and Queues bindings.
• Configure Zero Trust policies: create Access applications, manage identity providers, set up Gateway rules, and review device posture.
• Inspect production: pull Workers logs and analytics, query Logpush job health, and debug performance via the Observability and Radar endpoints.
• Manage Pages projects, R2 buckets, and Stream videos directly from an agent without writing curl scripts against the REST API.

• "Create an A record for staging.example.com pointing to 203.0.113.10 with proxying enabled on my example.com zone."
• "List every R2 bucket in my account along with its creation date and location hint."
• "Deploy this Worker script to a new Worker named image-proxy and route images.example.com/* to it."
• "Find any DNS records in my zones still pointing to the old 198.51.100.0/24 range and show me the list."
• "Pull the last 24 hours of Workers errors for the api-gateway Worker and summarize the top exceptions."

• Official, hosted by Cloudflare: no install, no self-hosting, OAuth handles auth.
• Covers the full Cloudflare API surface (2,500+ endpoints) rather than a curated subset.
• Code Mode keeps context usage around 1k tokens, so the server is practical to keep enabled alongside other MCP servers.
• Granular permission scopes are chosen at OAuth time, so the agent only gets the access you grant.

• Code Mode requires the agent to write working JavaScript against cloudflare.request(); weaker models may struggle versus a typed tool-per-endpoint interface.
• Some product capabilities are split across the specialized servers (Observability, Radar, AI Gateway, etc.), so you may need to connect more than one server for full coverage.
• Powerful write access means a misconfigured OAuth scope or token can let an agent make destructive infra changes; scope tokens carefully.

• cloudflare/mcp-server-cloudflare: Cloudflare's repo of 15+ product-specific remote MCP servers (Workers Bindings, Observability, Radar, etc.) if you prefer narrower surfaces over the all-in-one API server.
• Wrangler CLI: not an MCP server, but the canonical CLI for Workers/Pages/R2 if you want scripted access instead of agent-driven access.
• AWS, GCP, or Azure MCP servers for equivalent cloud-infra control on other providers.