Model Context Protocol · Cloudflare API v4
An MCP server that connects Claude to your Cloudflare account — publish landing pages in seconds, deploy server-side tracking for Meta CAPI, GA4 and TikTok, manage zones, DNS and domains, and store media in R2 without opening the dashboard. Status: LIVE.
MCP CLOUDFLARE B2 TECH is a Model Context Protocol server that gives Claude real access to your account — not a chatbot that guesses, but typed calls against the Cloudflare API v4.
Ask for a landing page and it goes live on a URL in seconds — a single-file Worker or a multi-file Pages site. Create the zone, point the DNS, attach the custom domain and upload ad creatives to R2, all by talking to Claude.
Part of the B2Tech connector fleet (Meta Ads, Google Ads, GTM, Instagram). The whole cycle: publish_landing_page → publish_tracking_endpoint → run ads through the sibling MCPs → read insights. No tool switching.
Multi-tenant deploy at mcp-cloudflare.vercel.app — BYOT token encrypted in Supabase, cache in Upstash, and we are the OAuth 2.1 Authorization Server. Same stack as the Meta Ads, Google Ads, GTM and Instagram MCPs.
29 tools grouped by function — from publishing landing pages to pointing DNS, from server-side tracking to media uploads in R2. Everything below is implemented and live.
*.workers.dev URL in seconds; idempotent per name.confirm).confirm).PageView, window.b2track(), _fbp/_fbc/ttclid capture and the event_id for browser-pixel dedup.confirm).confirm).track.client.com for first-party tracking.confirm).From zero to live in one conversation: publish_landing_page → publish_tracking_endpoint → attach_worker_domain → run ads through the sibling MCPs.
Deleting a zone or a site is irreversible — so every write goes through explicit barriers, and your tokens never show up anywhere.
Destructive tools require confirm=true
delete_site, delete_pages_project, delete_zone, delete_dns_record and delete_r2_object. Without confirm, the tool returns a preview and executes nothing.
Reads flagged with readOnlyHint
The MCP client knows exactly what only reads and what writes — the risk map is declared tool by tool.
Tracking is a fixed template, never generated code
publish_tracking_endpoint deploys a versioned, human-reviewed Worker; the tool only parameterizes it via bindings. Code written in a conversation never reaches your production traffic.
Secrets become secret_text bindings
Meta, GA4 and TikTok tokens live as Worker secrets — never in the script, tool results or logs. Republishing the same name replaces all bindings: that's rotation.
Tenant is never an argument
The tenant is derived from the embedded Authorization Server's access token and resolved per request. No tool accepts "which client" — operating the wrong account is impossible.
PII hashed, clean logs
Email, phone and name are SHA-256-hashed server-side before the fan-out; the BYOT token is AES-256-GCM-encrypted in Supabase and the structured logs carry no PII and no tokens.
Hosted, multi-tenant, zero setup: add the connector, paste your token and Claude is operating your account. Then just ask.
Add the MCP server as a connector in Claude and paste your token on the login screen. Nothing to install; we store the token encrypted.
https://mcp-cloudflare.vercel.app/api/mcp. In Claude Code, use the command below.# Claude Code claude mcp add --transport http \ cloudflare https://mcp-cloudflare.vercel.app/api/mcp
dash.cloudflare.com/profile/api-tokens). It's stored AES-256-GCM-encrypted; in Claude Code, complete via /mcp.verify_token to validate the credential and list_zones to see your domains. Ready to operate.Real requests the server handles end to end — in natural language, without touching the dashboard.
# you, in the chat: "Publish a landing page called summer-promo with this HTML" # → *.workers.dev URL live in seconds
"Create a tracking endpoint with my
Pixel + CAPI token and give me the snippet"
# → first-party Worker + snippet ready"Attach track.mysite.com to that
Worker and create the CNAME"
# → first-party, immune to ad blockersStill unsure about something? Write to bruno@b2tech.io.
delete_site, delete_pages_project, delete_zone, delete_dns_record, delete_r2_object) is gated by confirm=true — without it, the tool returns only a preview of what it would do and executes nothing. Read tools carry readOnlyHint.sendBeacon to POST /events, the Worker validates, hashes PII with SHA-256, enriches (fbp/fbc, ttclid, event_id) and fans out concurrently to the Meta Conversions API, GA4 Measurement Protocol and TikTok Events API. With a first-party domain via attach_worker_domain (e.g. track.client.com), it survives ad blockers and ITP.publish_tracking_endpoint deploys a fixed, versioned, human-reviewed template: the tool only parameterizes the script via bindings. Code generated in a conversation never reaches your production traffic.secret_text bindings on the Worker in your account: they never appear in the script, tool results or logs. Republishing the same name replaces all bindings — that is the rotation procedure.dash.cloudflare.com/profile/api-tokens with only what you'll use — verify_token reports its status and expiry.mcp-cloudflare.vercel.app) and the source code is private — there is no version to run on your own machine. You just add the connector in Claude and paste your Cloudflare token on the login screen; we handle the rest.Landing pages, server-side tracking, zones, DNS, custom domains and R2 media — from zero to live in one conversation, with destructive tools locked behind confirm=true. Free and live.
29 tools · BYOT token · multi-tenant on Vercel