Back to Details

cloudflare

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Cloudflare

Cloudflare

Cloudflare provides a comprehensive platform for DNS management, CDN, security, serverless computing (Workers), object storage (R2), and more. Use the REST API to manage zones, DNS records, Workers scripts, KV namespaces, R2 buckets, and firewall rules programmatically.
Official docs: 
https://developers.cloudflare.com/api/
Cloudflare提供了一个涵盖DNS管理、CDN、安全、无服务器计算(Workers)、对象存储(R2)等功能的综合平台。使用REST API可以编程方式管理区域、DNS记录、Workers脚本、KV命名空间、R2存储桶以及防火墙规则。
官方文档: 
https://developers.cloudflare.com/api/

When to Use

使用场景

Use this skill when you need to:
  • Manage DNS records (create, update, delete A, AAAA, CNAME, MX, TXT records)
  • List and configure zones and zone settings
  • Deploy and manage Workers scripts
  • Manage R2 object storage buckets
  • Configure firewall rules and security settings
  • Query analytics and logs
在以下场景中使用该工具:
  • 管理DNS记录(创建、更新、删除A、AAAA、CNAME、MX、TXT记录)
  • 列出并配置区域及区域设置
  • 部署和管理Workers脚本
  • 管理R2对象存储桶
  • 配置防火墙规则和安全设置
  • 查询分析数据和日志

Prerequisites

前置条件

  1. Create a Cloudflare account at https://dash.cloudflare.com/sign-up
  2. Go to My Profile > API Tokens and click Create Token
  3. Choose a template (e.g., "Edit zone DNS") or create a custom token with required permissions
  4. Copy the generated token immediately (it is only shown once)
Set environment variables:
bash
export CLOUDFLARE_TOKEN="your-api-token"
For zone-specific operations, you also need your Zone ID (found on the zone overview page in the dashboard):
bash
export CLOUDFLARE_ZONE_ID="your-zone-id"
For account-level operations (Workers, R2), you need your Account ID (found on the dashboard overview):
bash
export CLOUDFLARE_ACCOUNT_ID="your-account-id"
Important: When using 
$VAR
in a command that pipes to another command, wrap the command containing 
$VAR
in 
bash -c '...'
. Due to a Claude Code bug, environment variables are silently cleared when pipes are used directly.
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
  1. 前往https://dash.cloudflare.com/sign-up创建Cloudflare账户
  2. 进入我的个人资料 > API令牌,点击创建令牌
  3. 选择模板(例如“编辑区域DNS”)或创建具有所需权限的自定义令牌
  4. 立即复制生成的令牌(仅显示一次)
设置环境变量:
bash
export CLOUDFLARE_TOKEN="your-api-token"
对于区域相关操作,你还需要区域ID(可在控制台的区域概览页面找到):
bash
export CLOUDFLARE_ZONE_ID="your-zone-id"
对于账户级操作(Workers、R2),你需要账户ID(可在控制台概览页面找到):
bash
export CLOUDFLARE_ACCOUNT_ID="your-account-id"
重要提示: 当在包含管道的命令中使用
$VAR
时,请将包含
$VAR
的命令用
bash -c '...'
包裹。由于Claude Code的bug,直接使用管道时环境变量会被静默清除。
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

How to Use

使用方法

Base URL

基础URL

All API requests use: 
https://api.cloudflare.com/client/v4
所有API请求使用:
https://api.cloudflare.com/client/v4

1. Verify Token

1. 验证令牌

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/user/tokens/verify" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/user/tokens/verify" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

2. List Zones

2. 列出区域

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

3. Get Zone Details

3. 获取区域详情

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

4. List DNS Records

4. 列出DNS记录

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

5. Create DNS Record

5. 创建DNS记录

Write to 
/tmp/cloudflare_request.json
:
json
{
  "type": "A",
  "name": "sub.example.com",
  "content": "1.2.3.4",
  "ttl": 3600,
  "proxied": false
}
Then run:
bash
bash -c 'curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" --header "Authorization: Bearer $CLOUDFLARE_TOKEN" --header "Content-Type: application/json" -d @/tmp/cloudflare_request.json' | jq .
写入
/tmp/cloudflare_request.json
json
{
  "type": "A",
  "name": "sub.example.com",
  "content": "1.2.3.4",
  "ttl": 3600,
  "proxied": false
}
然后运行:
bash
bash -c 'curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" --header "Authorization: Bearer $CLOUDFLARE_TOKEN" --header "Content-Type: application/json" -d @/tmp/cloudflare_request.json' | jq .

6. Update DNS Record

6. 更新DNS记录

Write to 
/tmp/cloudflare_request.json
:
json
{
  "type": "A",
  "name": "sub.example.com",
  "content": "5.6.7.8",
  "ttl": 3600,
  "proxied": true
}
Then run:
bash
bash -c 'curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/RECORD_ID" --header "Authorization: Bearer $CLOUDFLARE_TOKEN" --header "Content-Type: application/json" -d @/tmp/cloudflare_request.json' | jq .
写入
/tmp/cloudflare_request.json
json
{
  "type": "A",
  "name": "sub.example.com",
  "content": "5.6.7.8",
  "ttl": 3600,
  "proxied": true
}
然后运行:
bash
bash -c 'curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/RECORD_ID" --header "Authorization: Bearer $CLOUDFLARE_TOKEN" --header "Content-Type: application/json" -d @/tmp/cloudflare_request.json' | jq .

7. Delete DNS Record

7. 删除DNS记录

bash
bash -c 'curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/RECORD_ID" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/RECORD_ID" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

8. List Workers Scripts

8. 列出Workers脚本

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/workers/scripts" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

9. List KV Namespaces

9. 列出KV命名空间

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/storage/kv/namespaces" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/storage/kv/namespaces" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

10. List R2 Buckets

10. 列出R2存储桶

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/r2/buckets" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/r2/buckets" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

11. Purge Zone Cache

11. 清除区域缓存

Write to 
/tmp/cloudflare_request.json
:
json
{
  "purge_everything": true
}
Then run:
bash
bash -c 'curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache" --header "Authorization: Bearer $CLOUDFLARE_TOKEN" --header "Content-Type: application/json" -d @/tmp/cloudflare_request.json' | jq .
写入
/tmp/cloudflare_request.json
json
{
  "purge_everything": true
}
然后运行:
bash
bash -c 'curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/purge_cache" --header "Authorization: Bearer $CLOUDFLARE_TOKEN" --header "Content-Type: application/json" -d @/tmp/cloudflare_request.json' | jq .

12. List Firewall Rules

12. 列出防火墙规则

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/firewall/rules" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/firewall/rules" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

13. Get Zone Analytics

13. 获取区域分析数据

bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/analytics/dashboard?since=-1440&continuous=true" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .
bash
bash -c 'curl -s "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/analytics/dashboard?since=-1440&continuous=true" --header "Authorization: Bearer $CLOUDFLARE_TOKEN"' | jq .

Common DNS Record Types

常见DNS记录类型

TypePurposeExample Content
AIPv4 address
1.2.3.4
AAAAIPv6 address
2001:db8::1
CNAMEAlias to another domain
example.com
MXMail server
mail.example.com
(with priority)
TXTText record (SPF, DKIM, etc.)
v=spf1 include:_spf.google.com ~all
NSName server
ns1.example.com
SRVService locatorService-specific format
类型用途示例内容
AIPv4地址
1.2.3.4
AAAAIPv6地址
2001:db8::1
CNAME指向其他域名的别名
example.com
MX邮件服务器
mail.example.com
(带优先级)
TXT文本记录(SPF、DKIM等)
v=spf1 include:_spf.google.com ~all
NS域名服务器
ns1.example.com
SRV服务定位器服务特定格式

Guidelines

注意事项

  1. Use API Tokens over Global API Key: API tokens provide scoped, least-privilege access and are the recommended authentication method
  2. Pagination: List endpoints return paginated results (default 20-100 per page). Use 
    page
    and 
    per_page
    query parameters to iterate
  3. Response Structure: All responses include 
    success
    , 
    errors
    , 
    messages
    , and 
    result
    fields. Always check 
    success
    before using 
    result
  4. Proxied Records: Setting 
    proxied: true
    routes traffic through Cloudflare CDN and enables security features. Not all record types support proxying
  5. Zone ID vs Domain Name: Most API endpoints require the Zone ID (a 32-character hex string), not the domain name
  6. Account ID: Workers, R2, KV, and other account-level resources require the Account ID instead of Zone ID
  7. Rate Limits: Cloudflare API has rate limits per token. Monitor response headers and implement backoff if you receive 429 responses
  1. 优先使用API令牌而非全局API密钥:API令牌提供范围化的最小权限访问,是推荐的认证方式
  2. 分页处理:列表接口返回分页结果(默认每页20-100条)。使用
    page
    per_page
    查询参数进行遍历
  3. 响应结构:所有响应包含
    success
    errors
    messages
    result
    字段。使用
    result
    前务必检查
    success
    状态
  4. 代理记录:设置
    proxied: true
    会将流量通过Cloudflare CDN路由并启用安全功能。并非所有记录类型都支持代理
  5. 区域ID vs 域名:大多数API接口需要区域ID(32位十六进制字符串),而非域名
  6. 账户ID:Workers、R2、KV及其他账户级资源需要使用账户ID而非区域ID
  7. 速率限制:Cloudflare API对每个令牌有速率限制。监控响应头,若收到429响应请实现退避机制