Connect your AI Agents to Cloudflare in minutes
Available tools
verify_token
Verify the current Cloudflare API token is valid and active. Use this to test connectivity and confirm authentication is working correctly.
get_user
Get the current authenticated Cloudflare user's profile information including email, name, and account status.
list_accounts
List all Cloudflare accounts the authenticated user has access to. Supports filtering by name and pagination.
get_account
Get details of a specific Cloudflare account by ID. Use list_accounts first to find valid account IDs.
browser_fetch_content
Fetch rendered HTML content from a URL using Cloudflare Browser Rendering. Executes JavaScript before extracting content. Use list_accounts to get the account_id.
browser_fetch_markdown
Extract clean markdown from a URL using Cloudflare Browser Rendering. Renders JavaScript before extracting content. Use list_accounts to get the account_id.
browser_take_screenshot
Take a screenshot of a URL using Cloudflare Browser Rendering. Returns base64-encoded image. Supports full-page capture, element selection, and format options. Use list_accounts to get the account_id.
browser_render_pdf
Render a URL as a PDF document using Cloudflare Browser Rendering. Returns base64-encoded PDF. Supports paper format, landscape, and margin options. Use list_accounts to get the account_id.
browser_scrape_page
Scrape specific elements from a rendered page using CSS selectors via Cloudflare Browser Rendering. Returns text, HTML, attributes, and dimensions for each element. Use list_accounts to get the account_id.
browser_extract_json
Extract structured JSON data from a rendered page using AI via Cloudflare Browser Rendering. Provide a prompt describing what to extract and optionally a JSON Schema for the response. Use list_accounts to get the account_id.
browser_get_links
Extract all links from a rendered page using Cloudflare Browser Rendering. Returns a list of URLs found on the page. Use list_accounts to get the account_id.
browser_take_snapshot
Take a full snapshot of a page (screenshot + HTML content) using Cloudflare Browser Rendering. Returns both a base64 screenshot and the rendered HTML. Use list_accounts to get the account_id.
browser_start_crawl
Start an async crawl job using Cloudflare Browser Rendering. Returns a job ID. Use browser_get_crawl_status to poll for results. Supports depth/limit control, format selection, and URL filtering. Use list_accounts to get the account_id.
browser_get_crawl_status
Get the status and results of a crawl job started with browser_start_crawl. Returns job status, progress, and crawled page records with pagination. Use list_accounts to get the account_id.
purge_cache
Purge cached content for a Cloudflare zone. Purge everything, specific URLs, cache tags (Enterprise), hostnames (Enterprise), or URL prefixes (Enterprise). Max 30 items per request. Use list_zones first to get the zone ID.
list_dns_records
List DNS records for a Cloudflare zone. Supports filtering by record type (A, AAAA, CNAME, MX, TXT, etc.), name, content, and proxy status with pagination. Use list_zones first to get the zone ID.
get_dns_record
Get details of a specific DNS record by ID. Use list_dns_records first to find the record ID and zone ID.
create_dns_record
Create a new DNS record in a Cloudflare zone. Supports A, AAAA, CNAME, MX, TXT, and other record types. Set proxied=true for A/AAAA/CNAME records to route traffic through Cloudflare. Use list_zones first to get the zone ID.
update_dns_record
Update an existing DNS record. Only specified fields are modified. Use list_dns_records to find the record ID and zone ID.
delete_dns_record
Delete a DNS record from a Cloudflare zone. This is irreversible. Use list_dns_records to find the record ID and zone ID.
list_zone_rulesets
List all rulesets for a Cloudflare zone including WAF custom rules, rate limiting rules, transform rules, and cache rules. Use list_zones first to get the zone ID.
get_zone_ruleset
Get a specific ruleset with all its rules. Use list_zone_rulesets first to find the ruleset ID.
create_zone_ruleset
Create a new zone ruleset with WAF custom rules. Use phase 'http_request_firewall_custom' for WAF rules. Expressions use Wirefilter syntax (e.g., 'ip.src eq 192.0.2.1'). Use list_zones first to get the zone ID.
update_zone_ruleset
Update a zone ruleset by replacing all its rules. The ruleset name cannot be changed. Get the current ruleset with get_zone_ruleset first, modify the rules, then submit the full updated list. Use list_zone_rulesets to find the ruleset ID.
delete_zone_ruleset
Delete a zone ruleset and all its rules. This is irreversible. Use list_zone_rulesets to find the ruleset ID.
list_zone_settings
List all settings for a Cloudflare zone including SSL mode, security level, caching, and performance options. Use list_zones first to get the zone ID.
get_zone_setting
Get a specific zone setting value. Common settings: ssl, security_level, min_tls_version, always_use_https, development_mode, cache_level, browser_cache_ttl. Use list_zones first to get the zone ID.
update_zone_setting
Update a zone setting. Examples: ssl='strict', security_level='high', min_tls_version='1.2', always_use_https='on', development_mode='on'. Use get_zone_setting first to see the current value.
validate_credential
Validate Cloudflare credentials. Verifies credentials during setup.
list_zones
List all Cloudflare zones (domains). Supports filtering by domain name, status, and account ID with pagination. Returns zone IDs needed for DNS, settings, and cache operations.
get_zone
Get detailed information about a specific Cloudflare zone including nameservers, plan, and status. Use list_zones first to find the zone ID.
create_zone
Add a new domain to Cloudflare. Requires the domain name and account ID. Use list_accounts to find valid account IDs. After creation, update DNS nameservers at your registrar.
delete_zone
Permanently remove a zone (domain) from Cloudflare. This is irreversible and removes all associated DNS records and settings. Use list_zones to find the zone ID.
How to set up Merge Agent Handler
In an mcp.json file, add the configuration below, and restart Cursor.
Learn more in the official documentation ↗
1{
2 "mcpServers": {
3 "agent-handler": {
4 "url": "https://ah-api-develop.merge.dev/api/v1/tool-packs/{TOOL_PACK_ID}/registered-users/{REGISTERED_USER_ID}/mcp",
5 "headers": {
6 "Authorization": "Bearer yMt*****"
7 }
8 }
9 }
10}
11Open your Claude Desktop configuration file and add the server configuration below. You'll also need to restart the application for the changes to take effect.
Make sure Claude is using the Node v20+.
Learn more in the official documentation ↗
1{
2 "mcpServers": {
3 "agent-handler": {
4 "command": "npx",
5 "args": [
6 "-y",
7 "mcp-remote@latest",
8 "https://ah-api-develop.merge.dev/api/v1/tool-packs/{TOOL_PACK_ID}/registered-users/{REGISTERED_USER_ID}/mcp",
9 "--header",
10 "Authorization: Bearer ${AUTH_TOKEN}"
11 ],
12 "env": {
13 "AUTH_TOKEN": "yMt*****"
14 }
15 }
16 }
17}Open your Windsurf MCP configuration file and add the server configuration below.
Click on the refresh button in the top right of the Manage MCP server page or in the top right of the chat box in the box icon.
Learn more in the official documentation ↗
1{
2 "mcpServers": {
3 "agent-handler": {
4 "command": "npx",
5 "args": [
6 "-y",
7 "mcp-remote@latest",
8 "https://ah-api.merge.dev/api/v1/tool-packs/<tool-pack-id>/registered-users/<registered-user-id>/mcp",
9 "--header",
10 "Authorization: Bearer ${AUTH_TOKEN}"
11 ],
12 "env": {
13 "AUTH_TOKEN": "<ah-production-access-key>"
14 }
15 }
16 }
17 }In Command Palette (Cmd+Shift+P on macOS, Ctrl+Shift+P on Windows), run "MCP: Open User Configuration".
You can then add the configuration below and press "start" right under servers. Enter the auth token when prompted.
Learn more in the official documentation ↗
1{
2 "inputs": [
3 {
4 "type": "promptString",
5 "id": "agent-handler-auth",
6 "description": "Agent Handler AUTH_TOKEN", // "yMt*****" when prompt
7 "password": true
8 }
9 ],
10 "servers": {
11 "agent-handler": {
12 "type": "stdio",
13 "command": "npx",
14 "args": [
15 "-y",
16 "mcp-remote@latest",
17 "https://ah-api-develop.merge.dev/api/v1/tool-packs/{TOOL_PACK_ID}/registered-users/{REGISTERED_USER_ID}/mcp",
18 "--header",
19 "Authorization: Bearer ${input:agent-handler-auth}"
20 ]
21 }
22 }
23}FAQs on using Merge's Cloudflare MCP server
FAQs on using Merge's Cloudflare MCP server
What is a Cloudflare MCP?
It's an MCP server that connects your agents to Cloudflare via tools. Your agents can invoke these tools to manage DNS records, configure zone settings, purge cache, create and update firewall rulesets, and more.
Cloudflare offers an official MCP server, but you can also use one from a third-party platform, like Merge Agent Handler.
How can I use the Cloudflare MCP server?
The use cases naturally depend on the agent you've built, but here are a few common ones:
- DNS automation: When a new service is deployed, an agent detects the event and automatically creates or updates DNS records in Cloudflare, removing the need for manual configuration steps after each release
- Cache invalidation on deploy: An agent monitors a CI/CD pipeline and triggers a targeted cache purge in Cloudflare when a new build ships, ensuring users receive fresh content without manual intervention
- Security rule management: An agent detects a spike in suspicious traffic from a monitoring tool and automatically creates a new WAF ruleset in Cloudflare to block the offending IPs before the issue escalates
- Infrastructure compliance reporting: An agent pulls zone settings and active rulesets from Cloudflare on a recurring schedule and compiles a configuration snapshot for the security team's review.
What are popular tools for Cloudflare's MCP server?
Here are some of the most commonly used tools:
list_dns_records: retrieves all DNS records for a given zone. Helpful when an agent needs to audit existing DNS configuration or verify whether a record already exists before attempting to create one
create_dns_record: adds a new DNS record to a zone. Use this when an agent is provisioning a new service and needs to register the corresponding subdomain as part of the deployment workflow
update_dns_record: modifies an existing DNS record, such as changing an IP address or TTL value. Call this when a routing target changes and the record needs to reflect the updated value
purge_cache: clears cached content for a zone or specific URLs. Good for agents that respond to deployment events and need to ensure downstream users are served fresh content immediately
list_zone_rulesets: returns all active firewall and routing rulesets for a zone. Useful for agents that review security posture before making changes or generating compliance reports
update_zone_setting: changes a configuration setting for a zone, such as SSL mode or security level. Call this when an agent responds to a security event and needs to adjust zone-level controls in real time
What makes Merge Agent Handler's Cloudflare MCP server better than alternative Cloudflare MCP servers?
Here are just a few reasons to use Merge Agent Handler's Cloudflare MCP server over building or using an alternative:
- Enterprise-grade security and DLP: Merge Agent Handler includes built-in data loss prevention controls that let you block or redact sensitive fields before they reach an agent. For Cloudflare, this means you can prevent API tokens, zone identifiers, and firewall rule logic from being exposed even when the agent has broad read access
- Managed authentication and credentials: Merge stores and refreshes Cloudflare credentials on your behalf. You never expose raw API tokens to an agent or manage rotation manually
- Real-time observability and audit trail: Every tool call made against Cloudflare is logged with timestamp, tool name, input parameters, and response metadata. You can audit exactly what an agent read or modified without instrumenting anything yourself
- Tool Packs and controlled access: Tool Packs let you bundle specific Cloudflare tools with tools from other connectors into a single MCP endpoint, scoped to a specific use case. An agent gets exactly the tools it needs, nothing more
How can I start using Merge Agent Handler's Cloudflare MCP server?
You can take the following steps:
1. Create or log into your Merge Agent Handler account and navigate to Tool Packs (collections of connector tools scoped to a specific use case).
2. Create a new Tool Pack, then find and enable the Cloudflare connector. Choose which tools to include: enable read tools for monitoring and audit use cases, or add write tools if your agent needs to create or modify DNS records, rulesets, or zone settings.
3. Add a Registered User inside the Tool Pack. This is the identity context under which your agent operates. Merge generates a unique MCP URL scoped to this user once it's created.
4. From the Registered User detail page, authenticate Cloudflare by completing the credential flow. Merge stores and manages the credentials going forward.
5. Copy the MCP URL from the Tool Pack detail page and generate an API key from Settings. You'll need both to connect your agent.
6. Add the MCP server to your agent or IDE using the MCP URL and API key. Your Cloudflare tools are now accessible through that endpoint.
Ready to try it out?
Whether you're an engineer experimenting with agents or a product manager looking to add tools, you can get started for free now
