How to integrate Cloudflare MCP with Claude Code

Framework Integration Gradient
Cloudflare Logo
Claude Code Logo
divider

Introduction

Manage your Cloudflare directly from Claude Code with zero worries about OAuth hassles, API-breaking issues, or reliability and security concerns.

You can do this in two different ways:

  1. Via Rube - Direct and easiest approach
  2. Via Composio SDK - Programmatic approach with more control

Why Rube?

Rube is a universal MCP server with access to 850+ SaaS apps. It ensures just-in-time tool loading so Claude can access the tools it needs, a remote workbench for programmatic tool calling and handling large tool responses out of the LLM context window, ensuring the LLM context window remains clean.

Connect Cloudflare to Claude Code with Rube

1. Get the MCP URL

Copy and paste the below command in Claude Code to add Rube MCP.

Terminal

2. Authenticate Rube

Run /mcp to view Rube

bash
/mcp
Run /mcp to view Rube in Claude Code
Click on Rube to authenticate
Authentication flow complete

3. Ensure it's connected

Run /mcp again to verify the connection. Now, do whatever you want with Claude Code and Cloudflare.

Rube connected successfully

Supported Tools & Triggers

Tools
Create DNS recordTool to create a new dns record within a specific zone.
Create WAF ListTool to create a new empty waf list for the account.
Create ZoneTool to create a new zone.
Delete DNS RecordTool to delete a dns record within a specific zone.
Delete WAF ListTool to delete a waf list.
Delete ZoneTool to delete a zone.
List WAF ListsTool to fetch all waf lists (no items) for an account.
List Account MembersTool to list members of a given cloudflare account.
List AccountsTool to list all accounts accessible to the user.
List Firewall RulesTool to list firewall rules for a specific zone.
List MonitorsTool to list all load-balancer monitors in a cloudflare account.
List PoolsTool to list all load balancer pools in a cloudflare account.
List ZonesThis tool lists, searches, sorts, and filters your zones.
Update DNS recordTool to update an existing dns record within a specific zone.
Update WAF ListTool to update the description of a waf list (cannot update items).
Update ZoneTool to update properties of an existing zone.

What is the Cloudflare MCP server, and what's possible with it?

The Cloudflare MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your Cloudflare account. It provides structured and secure access to your Cloudflare infrastructure, so your agent can perform actions like managing DNS records, configuring WAF lists, auditing firewall rules, and overseeing zones and account members—all on your behalf.

  • DNS record management: Effortlessly create or delete DNS records within any zone, allowing your agent to automate domain setup and maintenance tasks.
  • WAF list and firewall rule automation: Direct your agent to create, list, or delete Web Application Firewall (WAF) lists and audit firewall rules to enhance your site's security posture.
  • Zone administration: Enable your agent to create new zones when adding domains or delete zones that are no longer needed, streamlining domain onboarding and cleanup.
  • Account and member management: Let your agent list all Cloudflare accounts you have access to and enumerate members within each account for audit or collaboration purposes.
  • Comprehensive infrastructure visibility: Ask your agent to fetch and review your entire Cloudflare account structure, making it simple to monitor resources and configurations at scale.

Connecting Cloudflare via Tool Router

Tool Router is the underlying tech that powers Rube. It's a universal gateway that does everything Rube does but with much more programmatic control. You can programmatically generate an MCP URL with the app you need (here Cloudflare) for even more tool search precision. It's secure and reliable.

How the Tool Router works

The Tool Router follows a three-phase workflow:

  1. Discovery: Searches for tools matching your task and returns relevant toolkits with their details.
  2. Authentication: Checks for active connections. If missing, creates an auth config and returns a connection URL via Auth Link.
  3. Execution: Executes the action using the authenticated connection.

Step-by-step Guide

Prerequisites

Before starting, make sure you have:
  • Claude Pro, Max, or API billing enabled Anthropic account
  • Composio API Key
  • A Cloudflare account
  • Basic knowledge of Python or TypeScript

Install Claude Code

bash
# macOS, Linux, WSL
curl -fsSL https://claude.ai/install.sh | bash

# Windows PowerShell
irm https://claude.ai/install.ps1 | iex

# Windows CMD
curl -fsSL https://claude.ai/install.cmd -o install.cmd && install.cmd && del install.cmd

To install Claude Code, use one of the following methods based on your operating system:

Set up Claude Code

bash
cd your-project-folder
claude

Open a terminal, go to your project folder, and start Claude Code:

  • Claude Code will open in your terminal
  • Follow the prompts to sign in with your Anthropic account
  • Complete the authentication flow
  • Once authenticated, you can start using Claude Code
Claude Code initial setup showing sign-in prompt
Claude Code terminal after successful login

Set up environment variables

bash
COMPOSIO_API_KEY=your_composio_api_key_here
USER_ID=your_user_id_here

Create a .env file in your project root with the following variables:

  • COMPOSIO_API_KEY authenticates with Composio (get it from Composio dashboard)
  • USER_ID identifies the user for session management (use any unique identifier)

Install Composio library

pip install composio-core python-dotenv

Install the Composio Python library to create MCP sessions.

  • composio-core provides the core Composio functionality
  • python-dotenv loads environment variables from your .env file

Generate Composio MCP URL

import os
from composio import Composio
from dotenv import load_dotenv

load_dotenv()

COMPOSIO_API_KEY = os.getenv("COMPOSIO_API_KEY")
USER_ID = os.getenv("USER_ID")

composio_client = Composio(api_key=COMPOSIO_API_KEY)

composio_session = composio_client.create(
    user_id=USER_ID,
    toolkits=["cloudflare"],
)

COMPOSIO_MCP_URL = composio_session.mcp.url

print(f"MCP URL: {COMPOSIO_MCP_URL}")
print(f"\nUse this command to add to Claude Code:")
print(f'claude mcp add --transport http cloudflare-composio "{COMPOSIO_MCP_URL}" --headers "X-API-Key:{COMPOSIO_API_KEY}"')

Create a script to generate a Composio MCP URL for Cloudflare. This URL will be used to connect Claude Code to Cloudflare.

What's happening:

  • We import the Composio client and load environment variables
  • Create a Composio instance with your API key
  • Call create() to create a Tool Router session for Cloudflare
  • The returned mcp.url is the MCP server URL that Claude Code will use
  • The script prints this URL so you can copy it

Run the script and copy the MCP URL

python generate_mcp_url.py

Run your Python script to generate the MCP URL.

  • The script connects to Composio and creates a Tool Router session
  • It prints the MCP URL and the exact command you need to run
  • Copy the entire claude mcp add command from the output

Add Cloudflare MCP to Claude Code

bash
claude mcp add --transport http cloudflare-composio "YOUR_MCP_URL_HERE" --headers "X-API-Key:YOUR_COMPOSIO_API_KEY"

# Then restart Claude Code
exit
claude

In your terminal, add the MCP server using the command from the previous step. The command format is:

  • claude mcp add registers a new MCP server with Claude Code
  • --transport http specifies that this is an HTTP-based MCP server
  • The server name (cloudflare-composio) is how you'll reference it
  • The URL points to your Composio Tool Router session
  • --headers includes your Composio API key for authentication

After running the command, close the current Claude Code session and start a new one for the changes to take effect.

Verify the installation

bash
claude mcp list

Check that your Cloudflare MCP server is properly configured.

  • This command lists all MCP servers registered with Claude Code
  • You should see your cloudflare-composio entry in the list
  • This confirms that Claude Code can now access Cloudflare tools

If everything is wired up, you should see your cloudflare-composio entry listed:

Claude Code MCP list showing the toolkit MCP server

Authenticate Cloudflare

The first time you try to use Cloudflare tools, you'll be prompted to authenticate.

  • Claude Code will detect that you need to authenticate with Cloudflare
  • It will show you an authentication link
  • Open the link in your browser (or copy/paste it)
  • Complete the Cloudflare authorization flow
  • Return to the terminal and start using Cloudflare through Claude Code

Once authenticated, you can ask Claude Code to perform Cloudflare operations in natural language. For example:

  • "Add new A record for my domain"
  • "List all firewall rules for zone"
  • "Show members of my Cloudflare account"

Complete Code

Here's the complete code to get you started with Cloudflare and Claude Code:

import os
from composio import Composio
from dotenv import load_dotenv

load_dotenv()

COMPOSIO_API_KEY = os.getenv("COMPOSIO_API_KEY")
USER_ID = os.getenv("USER_ID")

composio_client = Composio(api_key=COMPOSIO_API_KEY)

composio_session = composio_client.create(
    user_id=USER_ID,
    toolkits=["cloudflare"],
)

COMPOSIO_MCP_URL = composio_session.mcp.url

print(f"MCP URL: {COMPOSIO_MCP_URL}")
print(f"\nUse this command to add to Claude Code:")
print(f'claude mcp add --transport http cloudflare-composio "{COMPOSIO_MCP_URL}" --headers "X-API-Key:{COMPOSIO_API_KEY}"')

Conclusion

You've successfully integrated Cloudflare with Claude Code using Composio's MCP server. Now you can interact with Cloudflare directly from your terminal using natural language commands.

Key features of this setup:

  • Terminal-native experience without switching contexts
  • Natural language commands for Cloudflare operations
  • Secure authentication through Composio's managed MCP
  • Tool Router for dynamic tool discovery and execution

Next steps:

  • Try asking Claude Code to perform various Cloudflare operations
  • Add more toolkits to your Tool Router session for multi-app workflows
  • Integrate this setup into your development workflow for increased productivity

You can extend this by adding more toolkits, implementing custom workflows, or building automation scripts that leverage Claude Code's capabilities.

How to build Cloudflare MCP Agent with another framework

FAQ

What are the differences in Tool Router MCP and Cloudflare MCP?

With a standalone Cloudflare MCP server, the agents and LLMs can only access a fixed set of Cloudflare tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from Cloudflare and many other apps based on the task at hand, all through a single MCP endpoint.

Can I use Tool Router MCP with Claude Code?

Yes, you can. Claude Code fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right Cloudflare tools.

Can I manage the permissions and scopes for Cloudflare while using Tool Router?

Yes, absolutely. You can configure which Cloudflare scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do.

How safe is my data with Composio Tool Router?

All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your Cloudflare data and credentials are handled as safely as possible.

Used by agents from

Context
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai
Context
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai
Context
Letta
glean
HubSpot
Agent.ai
Altera
DataStax
Entelligence
Rolai

Never worry about agent reliability

We handle tool reliability, observability, and security so you never have to second-guess an agent action.