Integrate the Cloudflare Model Context Protocol (MCP) server with Atomicwork to give your AI Coworkers, automated workflows, and coding agents access to the entire Cloudflare API. By connecting this server, your AI Workforce can securely interact with your Cloudflare environment to manage DNS records, Workers, R2 storage, Zero Trust configurations, and more directly within your workspace.
This integration uses API token authentication, which acts as a service principal or service account. If you need standard workflow integrations, see our guide on Cloudflare: Permissions and setup.
Check the prerequisites
Before you begin the setup, ensure that you meet the following requirements:
Atomicwork admin access: You need organization administrator permissions in Atomicwork to access the MCP Store.
Cloudflare administrator access: You need a Cloudflare account. If you plan to use an account-owned token, you must have Super Administrator or Administrator access in Cloudflare.
Resource planning: Determine which Cloudflare resources (accounts, zones) and permission levels your integration requires.
Create a Cloudflare API token
To establish a secure connection, you must generate an API token in your Cloudflare dashboard. A user API token inherits your individual account permissions, while an account token acts as a service principal not tied to any single person. We recommend using an account-owned token for shared automation.
Log in to your Cloudflare dashboard.
Navigate to My Profile > API Tokens for a user token, or Manage Account > API Tokens for an account token.
Click Create Token, and then select a template or click Create Custom Token.
Enter a descriptive name for your token in the Token name field.
Under Permissions, select a group (such as Account, User, or Zone) and choose a permission level of either Read or Edit. You can add multiple permission rows as needed. If you are using an account token, you must include Account Resources: Read so the server can automatically detect your account ID.
Under Account / Zone Resources, select the specific resources that this token is allowed to access. Do not enable Client IP Address Filtering, as the MCP server does not support tokens with IP filtering.
Click Create Token, and then copy the generated token immediately. Store this token securely in a secrets manager, as Cloudflare only displays it once.
Connect the server in your MCP Store
Once you have generated your Cloudflare API token, you can connect the server in your Atomicwork workspace.
Log in to Atomicwork and navigate to the MCP Store.
Select the Cloudflare server and click Connect.
Choose API key / token as your authentication method.
Paste your copied Cloudflare API token into the credential field.
Complete the setup process to save your credentials. The server connects to the endpoint
https://mcp.cloudflare.com/mcpusing your token as a Bearer credential.
Understand permissions and access
The connected AI client can only perform actions that your API token permissions allow. To maintain a secure workspace, follow the principle of least privilege and grant only the minimum necessary capabilities.
Refer to the following table for suggested token scopes based on your goals:
Goal | Suggested token scope |
Read-only analysis and reporting | Read on the relevant products (such as Zone DNS Read or Workers Read), scoped to specific zones or accounts. |
Make changes (create, update, or delete) | Edit on the relevant products, scoped narrowly to specific resources. |
Account auto-detection (for account tokens) | Include Account Resources: Read. |
Explore next steps
After completing the setup, you can control which tools your AI Coworkers can access. Go to AI Workforce > [Agent] > Tools to grant granular or complete access to the available Cloudflare tools. For detailed instructions on configuring your agents, see our guide on Setting up an AI Coworker.
In addition to standard agents, the Admin Assist workflow builder and the coding agent automatically have access to the Cloudflare MCP server while building workflows and writing custom code scripts respectively.