Skip to content

Claude → Cloudflare: Programmatic Connection Setup

Project: arlyn.io (ArlynLabs/arlyn-website) Date: March 2026

Overview

Claude connects to Cloudflare via the Cloudflare REST API, authenticated with a scoped API token. This allows Claude to manage Cloudflare Pages projects and deployments programmatically — without browser interaction.

The API token is stored as a plain-text file in the workspace and read by Claude as needed.

Credential: Cloudflare API Token

How to create it

  1. Log into the Cloudflare dashboard at dash.cloudflare.com
  2. Go to My Profile → API Tokens → Create Token
  3. Click Create Custom Token
  4. Configure with these settings:
Setting Value
Token name Cloudflare Pages Deploy (or similar)
Permission Account → Cloudflare Pages → Edit
Account Resources All accounts (or restrict to the specific account)
TTL Set to your preference
  1. Click Continue to summary, then Create Token
  2. Copy the token immediately (shown only once)

Where the token is stored

Save the token to:

.secrets/cloudflare_api_token

This file is in the workspace root (the folder persisted on the user's computer). It is not committed to the git repo — it stays local.

The file contains only the raw token with no surrounding text:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Account ID

The Cloudflare Account ID is also needed for API calls. It does not need to be kept secret — it identifies which Cloudflare account the API token is operating on.

Account ID: e3874665bc48a0819bc5be1dfbdf454d

This is stored in CLAUDE.md for reference and passed as a path component in API calls.

How Claude Uses the Token

Claude reads the token from the secrets file and passes it as a Bearer token in the Authorization header:

CF_TOKEN=$(cat ".secrets/cloudflare_api_token" | tr -d '[:space:]')
CF_ACCOUNT="e3874665bc48a0819bc5be1dfbdf454d"

curl -X GET "https://api.cloudflare.com/client/v4/accounts/$CF_ACCOUNT/pages/projects" \
  -H "Authorization: Bearer $CF_TOKEN" \
  -H "Content-Type: application/json"

Unlike the GitHub setup, Cloudflare credentials do not need to be re-configured each session — the token is read fresh from the file each time it's needed.

What Was Done via the Cloudflare API

The browser UI for connecting Cloudflare Pages to GitHub had a known issue: after installing the Cloudflare GitHub App on the ArlynLabs org, returning to the Cloudflare "Connect GitHub" flow lands back on GitHub's app selection page rather than completing the OAuth handshake. This prevented finishing the Pages project setup in the browser.

All Cloudflare configuration was therefore done directly via the REST API.

Create the Pages project

curl -X POST "https://api.cloudflare.com/client/v4/accounts/$CF_ACCOUNT/pages/projects" \
  -H "Authorization: Bearer $CF_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{
    "name": "arlyn-website",
    "production_branch": "main",
    "source": {
      "type": "github",
      "config": {
        "owner": "ArlynLabs",
        "repo_name": "arlyn-website",
        "production_branch": "main",
        "pr_comments_enabled": true,
        "deployments_enabled": true
      }
    },
    "build_config": {
      "build_command": "",
      "destination_dir": "/",
      "root_dir": ""
    }
  }'

Trigger the initial deployment

curl -X POST "https://api.cloudflare.com/client/v4/accounts/$CF_ACCOUNT/pages/projects/arlyn-website/deployments" \
  -H "Authorization: Bearer $CF_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"branch": "main"}'

Add the custom domain

curl -X POST "https://api.cloudflare.com/client/v4/accounts/$CF_ACCOUNT/pages/projects/arlyn-website/domains" \
  -H "Authorization: Bearer $CF_TOKEN" \
  -H "Content-Type: application/json" \
  --data '{"name": "arlyn.io"}'

GitHub App: The Other Half of the Connection

The Cloudflare Pages → GitHub link depends on a GitHub App that Cloudflare installs on your GitHub organization. This is separate from the API token — it's what allows Cloudflare to receive push notifications from GitHub and pull the repo content for deployment.

The app was installed during the initial Pages setup:

  1. In the Cloudflare dashboard: Workers & Pages → Create application → Pages → Import an existing Git repository → Connect GitHub
  2. GitHub prompted: install the "Cloudflare Workers and Pages" app on ArlynLabs
  3. Repository access was restricted to only arlyn-website
  4. After installation, the Pages project was created via API (above) — which linked it to the existing app installation

The installed app can be seen in GitHub → ArlynLabs org → Settings → Installed GitHub Apps → Cloudflare Workers and Pages.

Auto-Deploy Pipeline (Ongoing)

Once configured, the deployment pipeline is fully automatic:

git push to main
  → GitHub notifies Cloudflare (via GitHub App)
    → Cloudflare pulls repo and deploys
      → Live at arlyn.io within ~1 minute

No Cloudflare API calls are needed for routine deployments — pushing to main is sufficient.

Security Notes

  • The API token is scoped to Cloudflare Pages Edit only — it cannot manage DNS, billing, workers, or other Cloudflare products
  • The token can be revoked at any time from Cloudflare → My Profile → API Tokens without affecting the site's DNS or deployment pipeline
  • The .secrets/ directory should never be committed to git

Key References

Item Value
Cloudflare Pages URL arlyn-website.pages.dev
Custom domain arlyn.io
Cloudflare Account ID e3874665bc48a0819bc5be1dfbdf454d
API token location .secrets/cloudflare_api_token
Auth method Authorization: Bearer <token> header in REST API calls
API base URL https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/pages/
GitHub App Cloudflare Workers and Pages, installed on ArlynLabs org