Cloudflare API token for wrangler commands

<skill_content name="cloudflare">
# Skill: cloudflare

# Cloudflare Platform Skill

Consolidated skill for building on the Cloudflare platform. Use decision trees below to find the right product, then load detailed references.

## How to Use This Skill

### Reference File Structure

Each product in `./references/<product>/` contains a `README.md` as the entry point, which may be structured in one of two ways:

**Multi-file format (5 files):**
| File | Purpose | When to Read |
|------|---------|--------------|
| `README.md` | Overview, when to use, getting started | **Always read first** |
| `api.md` | Runtime API, types, method signatures | Writing code |
| `configuration.md` | wrangler.toml, bindings, setup | Configuring a project |
| `patterns.md` | Common patterns, best practices | Implementation guidance |
| `gotchas.md` | Pitfalls, limitations, edge cases | Debugging, avoiding mistakes |

**Single-file format:** All information consolidated in `README.md`.

### Reading Order

1. Start with `README.md`
2. Then read additional files relevant to your task (if multi-file format):
   - Building feature → `api.md` + `patterns.md`
   - Setting up project → `configuration.md`
   - Troubleshooting → `gotchas.md`

### Example Paths

```
./references/workflows/README.md         # Start here for Workflows
./references/workflows/api.md            # Workflow class, step methods
./references/durable-objects/gotchas.md  # DO limitations
./references/workers-ai/README.md        # Single-file - all Workers AI docs
```

## Quick Decision Trees

### "I need to run code"

```
Need to run code?
├─ Serverless functions at the edge → workers/
├─ Full-stack web app with Git deploys → pages/
├─ Stateful coordination/real-time → durable-objects/
├─ Long-running multi-step jobs → workflows/
├─ Run containers → containers/
├─ Multi-tenant (customers deploy code) → workers-for-platforms/
└─ Scheduled tasks (cron) → cron-triggers/
```

### "I need to store data"

```
Need storage?
├─ Key-val...

<file>
00001| # Cloudflare Wrangler
00002| 
00003| Official CLI for Cloudflare Workers - develop, manage, and deploy Workers from the command line.
00004| 
00005| ## What is Wrangler?
00006| 
00007| Wrangler is the Cloudflare Developer Platform CLI that allows you to:
00008| - Create, develop, and deploy Workers
00009| - Manage bindings (KV, D1, R2, Durable Objects, etc.)
00010| - Configure routing and environments
00011| - Run local development servers
00012| - Execute migrations and manage resources
00013| - Perform integration testing
00014| 
00015| ## Installation
00016| 
00017| ```bash
00018| npm install wrangler --save-dev
00019| # or globally
00020| npm install -g wrangler
00021| ```
00022| 
00023| Run commands: `npx wrangler <command>` (or `pnpm`/`yarn wrangler`)
00024| 
00025| ## Essential Commands
00026| 
00027| ### Project & Development
00028| ```bash
00029| wrangler init [name]              # Create new project
00030| wrangler dev                      # Local dev server
00031| wrangler dev --remote             # Dev with remote resources
00032| wrangler deploy                   # Deploy to production
00033| wrangler deploy --env staging     # Deploy to environment
00034| wrangler versions list            # List versions
00035| wrangler rollback [id]            # Rollback deployment
00036| wrangler login                    # OAuth login
00037| wrangler whoami                   # Check auth status
00038| ```
00039| 
00040| ## Resource Management
00041| 
00042| ### KV
00043| ```bash
00044| wrangler kv namespace create NAME
00045| wrangler kv key put "key" "value" --namespace-id=<id>
00046| wrangler kv key get "key" --namespace-id=<id>
00047| ```
00048| 
00049| ### D1
00050| ```bash
00051| wrangler d1 create NAME
00052| wrangler d1 execute NAME --command "SQL"
00053| wrangler d1 migrations create NAME "description"
00054| wrangler d1 migrations apply NAME
00055| ```
00056| 
00057| ### R2
00058| ```bash
00059| wrangler r2 bucket create NAME
00060| wrangler r2...

<file>
00001| # Wrangler Configuration
00002| 
00003| Configuration reference for wrangler.jsonc (recommended) and wrangler.toml.
00004| 
00005| ## Config Format
00006| 
00007| **wrangler.jsonc recommended** (v3.91.0+) - provides schema validation.
00008| 
00009| ```jsonc
00010| {
00011|   "$schema": "./node_modules/wrangler/config-schema.json",
00012|   "name": "my-worker",
00013|   "main": "src/index.ts",
00014|   "compatibility_date": "2025-01-01",  // Use current date
00015|   "vars": { "API_KEY": "dev-key" },
00016|   "kv_namespaces": [{ "binding": "MY_KV", "id": "abc123" }]
00017| }
00018| ```
00019| 
00020| ## Field Categories
00021| 
00022| ### Top-Level Only
00023| - `keep_vars`, `migrations`, `send_metrics`
00024| 
00025| ### Inheritable (can override per env)
00026| - `name`, `main`, `compatibility_date`, `account_id`
00027| - `workers_dev`, `routes`, `triggers`, `minify`, `observability`
00028| 
00029| ### Non-Inheritable (per-env required)
00030| - `vars`, `kv_namespaces`, `d1_databases`, `r2_buckets`
00031| - `durable_objects`, `vectorize`, `hyperdrive`, `services`, `queues`
00032| 
00033| ## Environments
00034| 
00035| ```jsonc
00036| {
00037|   "name": "my-worker",
00038|   "vars": { "ENV": "dev" },
00039|   "env": {
00040|     "production": {
00041|       "name": "my-worker-prod",
00042|       "vars": { "ENV": "prod" },
00043|       "route": { "pattern": "example.com/*", "zone_name": "example.com" }
00044|     }
00045|   }
00046| }
00047| ```
00048| 
00049| Deploy: `wrangler deploy --env production`
00050| 
00051| ## Routing
00052| 
00053| ```jsonc
00054| // Custom domain (recommended)
00055| { "routes": [{ "pattern": "api.example.com", "custom_domain": true }] }
00056| 
00057| // Zone-based
00058| { "routes": [{ "pattern": "api.example.com/*", "zone_name": "example.com" }] }
00059| 
00060| // workers.dev
00061| { "workers_dev": true }
00062| ```
00063| 
00064| ## Bindings
00065| 
00066| ```jsonc
00067| // Variables
00068| { "vars": { "API_URL": "ht...

<file>
00001| # Wrangler Common Issues
00002| 
00003| Pitfalls, limits, and troubleshooting.
00004| 
00005| ## Common Gotchas
00006| 
00007| ### Binding IDs vs Names
00008| - Bindings use `binding` (code name) and `id`/`database_id`/`bucket_name` (resource ID)
00009| - Preview bindings need separate IDs: `preview_id`, `preview_database_id`
00010| 
00011| ### Environment Inheritance
00012| - Non-inheritable keys (bindings, vars) must be redefined per environment
00013| - Inheritable keys (routes, compatibility_date) can be overridden
00014| 
00015| ### Local vs Remote Dev
00016| - `wrangler dev` (default): Local simulation, fast, limited accuracy
00017| - `wrangler dev --remote`: Remote execution, slower, production-accurate
00018| 
00019| ### Compatibility Dates
00020| Always set `compatibility_date` to avoid unexpected runtime changes:
00021| ```jsonc
00022| { "compatibility_date": "2025-01-01" }
00023| ```
00024| 
00025| ### Durable Objects Need script_name
00026| With `getPlatformProxy`, always specify `script_name`:
00027| ```jsonc
00028| {
00029|   "durable_objects": {
00030|     "bindings": [
00031|       { "name": "MY_DO", "class_name": "MyDO", "script_name": "my-worker" }
00032|     ]
00033|   }
00034| }
00035| ```
00036| 
00037| ### Secrets in Local Dev
00038| Secrets set with `wrangler secret put` only work in deployed Workers. For local dev, use `.dev.vars`.
00039| 
00040| ### Node.js Compatibility
00041| Some bindings (Hyperdrive with `pg`) require Node.js compatibility:
00042| ```jsonc
00043| { "compatibility_flags": ["nodejs_compat_v2"] }
00044| ```
00045| 
00046| ## Troubleshooting
00047| 
00048| ### Authentication Issues
00049| ```bash
00050| wrangler logout
00051| wrangler login
00052| wrangler whoami
00053| ```
00054| 
00055| ### Configuration Errors
00056| ```bash
00057| wrangler check  # Validate config
00058| ```
00059| Use wrangler.jsonc with `$schema` for validation.
00060| 
00061| ### Binding Not Available
00062| - Check binding exists in con...

---
title: Account API tokens · Cloudflare Fundamentals docs
description: Learn what account API tokens are, when to use them, and what they
  currently work with
lastUpdated: 2026-01-13T16:32:00.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/
  md: https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/
---

While user tokens act on behalf of a particular user and inherit a subset of that user's permissions, account API tokens allow you to set up durable integrations that can act as service principals with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it is important that the integration continues working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal and durability is less of a concern.

## Create an account owned token

Note

Creating an account owned token requires Super Administrator permission on the account

1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
2. Go to **Manage Account** > **Account API Tokens**.
3. Select **Create Token** and fill in the token name, permissions, and the optional expiration date for the token.
4. Select **Continue to summary** and review the details.
5. Select **Create Token**.

Alternatively, you can create a token using the [account API token creation API](https://developers.cloudflare.com/api/resources/accounts/subresources/tokens/methods/create/).

Refer to the [blog post](https://blog.cloudflare.com/account-owned-tokens-automated-actions-zaraz/) for more information.

## Compatibility matrix

Account API tokens are generally available for all accounts. Some services may not support account API tokens yet. Refer to the compatibility matrix belo...

<file>
00001| # Wrangler Development Patterns
00002| 
00003| Common workflows and best practices.
00004| 
00005| ## New Worker Project
00006| 
00007| ```bash
00008| wrangler init my-worker && cd my-worker
00009| wrangler dev              # Develop locally
00010| wrangler deploy           # Deploy
00011| ```
00012| 
00013| ## Local Development
00014| 
00015| ```bash
00016| wrangler dev              # Local (fast, limited accuracy)
00017| wrangler dev --remote     # Remote (slower, production-accurate)
00018| wrangler dev --env staging
00019| wrangler dev --port 8787
00020| ```
00021| 
00022| ## Secrets
00023| 
00024| **Never commit secrets.** Use `wrangler secret put` for production, `.dev.vars` for local.
00025| 
00026| ```bash
00027| # Production
00028| echo "secret-value" | wrangler secret put SECRET_KEY
00029| wrangler secret list
00030| wrangler secret delete SECRET_KEY
00031| ```
00032| 
00033| `.dev.vars` (gitignored):
00034| ```
00035| SECRET_KEY=local-dev-key
00036| ```
00037| 
00038| ## Adding KV
00039| 
00040| ```bash
00041| wrangler kv namespace create MY_KV
00042| wrangler kv namespace create MY_KV --preview
00043| # Add to wrangler.jsonc: { "binding": "MY_KV", "id": "abc123" }
00044| wrangler deploy
00045| ```
00046| 
00047| ## Adding D1
00048| 
00049| ```bash
00050| wrangler d1 create my-db
00051| wrangler d1 migrations create my-db "initial_schema"
00052| # Edit migration file, then:
00053| wrangler d1 migrations apply my-db --local
00054| wrangler deploy
00055| wrangler d1 migrations apply my-db --remote
00056| ```
00057| 
00058| ## Multi-Environment
00059| 
00060| ```bash
00061| wrangler deploy --env staging
00062| wrangler deploy --env production
00063| ```
00064| 
00065| ```jsonc
00066| { "env": { "staging": { "vars": { "ENV": "staging" } } } }
00067| ```
00068| 
00069| ## Testing
00070| 
00071| ```typescript
00072| import { unstable_startWorker } from "wrangler";
00073| 
00074| const worker = await unstable_startWorker({ config: "wrangler.jsonc" ...

Found 22 matches
/home/jm/.config/opencode/skill/cloudflare/references/wrangler/patterns.md:
  Line 10: wrangler deploy           # Deploy
  Line 44: wrangler deploy
  Line 54: wrangler deploy
  Line 61: wrangler deploy --env staging
  Line 62: wrangler deploy --env production
  Line 82: wrangler tail                 # Real-time logs
  Line 83: wrangler tail --status error  # Filter errors
  Line 84: wrangler tail --env production
  Line 92: wrangler deployments list

/home/jm/.config/opencode/skill/cloudflare/references/wrangler/gotchas.md:
  Line 38: Secrets set with `wrangler secret put` only work in deployed Workers. For local dev, use `.dev.vars`.
  Line 68: wrangler tail              # Check logs
  Line 69: wrangler deploy --dry-run  # Validate

/home/jm/.config/opencode/skill/cloudflare/references/wrangler/configuration.md:
  Line 49: Deploy: `wrangler deploy --env production`
  Line 113: // Auto-Provisioning (Beta) - IDs written back on deploy

/home/jm/.config/opencode/skill/cloudflare/references/wrangler/README.md:
  Line 3: Official CLI for Cloudflare Workers - develop, manage, and deploy Workers from the command line.
  Line 8: - Create, develop, and deploy Workers
  Line 32: wrangler deploy                   # Deploy to production
  Line 33: wrangler deploy --env staging     # Deploy to environment
  Line 35: wrangler rollback [id]            # Rollback deployment
  Line 80: wrangler tail                     # Real-time logs
  Line 81: wrangler tail --env production    # Tail specific env
  Line 82: wrangler tail --status error      # Filter by status

MCP error -32602: Input validation error: Invalid arguments for tool web_search_exa: [
  {
    "received": "deep",
    "code": "invalid_enum_value",
    "options": [
      "auto",
      "fast"
    ],
    "path": [
      "type"
    ],
    "message": "Invalid enum value. Expected 'auto' | 'fast', received 'deep'"
  }
]

Title: Which permissions are required to run wrangler pages ...
Author: 
Published Date: 2025-02-15T00:00:00.000Z
URL: https://community.cloudflare.com/t/which-permissions-are-required-to-run-wrangler-pages-deployments-tail/770049
Text: 
 
 You are missing out on key features like WAF protection, automatic image optimization, and expanded protection against bad bots. 
 
 
 
 
 
 
 
 
 For Workers & Pages, what is the name of the domain? 
 releasedhub.com 
 What is the error number? 
 10000 
 What is the error message? 
 Authentication error [code: 10000] 
 What is the issue or error you’re encountering 
 Cannot run wrangler pages deployment tail --format json --project-name $project --environment preview $deploymentUrl 
 What steps have you taken to resolve the issue? 
 I have created an API Token with the following permissions: 
 Permissions 
Account > Cloudflare Pages > Read 
Account > Workers Tail > Read 
Account > Logs > Read 
User > Memberships > Read 
User > User Details > Read 
Zone > Logs > Read 
 Account > Released 
 Zone > All zones 
 This is apparently not enough for me to run: 
 What are the steps to reproduce the issue? 
 Run wrangler pages deployment tail --format json 

Title: Configuration · Cloudflare Workers docs
Published Date: 2026-01-29T00:00:00.000Z
URL: https://developers.cloudflare.com/workers/ci-cd/builds/configuration/
Text: Configuration ·Cloudflare Workers docs[Skip to content] 
[![] Cloudflare Docs] 
Search
[Docs Directory] [APIs] [SDKs] Help
[Log in] Select themeDarkLightAuto
## Was this helpful?
[Edit] [Issue] 
Copy page
# Configuration
When connecting your Git repository to your Worker, you can customize the configurations needed to build and deploy your Worker.
## Build settings
[] 
Build settings can be found by navigating to**Settings**\>**Build**within your Worker.
Note that when you update and save build settings, the updated settings will be applied to your*next*build. When you*retry...

---
title: Commands - Wrangler · Cloudflare Workers docs
description: Create, develop, and deploy your Cloudflare Workers with Wrangler commands.
lastUpdated: 2026-02-03T16:46:11.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/workers/wrangler/commands/
  md: https://developers.cloudflare.com/workers/wrangler/commands/
---

Wrangler offers a number of commands to manage your Cloudflare Workers.

* [`docs`](#docs) - Open this page in your default browser.
* [`init`](#init) - Create a new project from a variety of web frameworks and templates.
* [`complete`](#complete) - Generate shell completion scripts for Wrangler commands.
* [`containers`](#containers) - Interact with Containers.
* [`d1`](#d1) - Interact with D1.
* [`vectorize`](#vectorize) - Interact with Vectorize indexes.
* [`hyperdrive`](#hyperdrive) - Manage your Hyperdrives.
* [`deploy`](#deploy) - Deploy your Worker to Cloudflare.
* [`dev`](#dev) - Start a local server for developing your Worker.
* [`delete`](#delete) - Delete your Worker from Cloudflare.
* [`kv namespace`](#kv-namespace) - Manage Workers KV namespaces.
* [`kv key`](#kv-key) - Manage key-value pairs within a Workers KV namespace.
* [`kv bulk`](#kv-bulk) - Manage multiple key-value pairs within a Workers KV namespace in batches.
* [`r2 bucket`](#r2-bucket) - Manage Workers R2 buckets.
* [`r2 object`](#r2-object) - Manage Workers R2 objects.
* [`r2 sql`](#r2-sql) - Query tables in R2 Data Catalog with R2 SQL.
* [`setup`](#setup) - Configure your framework for Cloudflare automatically.
* [`secret`](#secret) - Manage the secret variables for a Worker.
* [`secret bulk`](#secret-bulk) - Manage multiple secret variables for a Worker.
* [`secrets-store secret`](#secrets-store-secret) - Manage account secrets within a secrets store.
* [`secrets-store store`](#secrets-store-store) - Manage your store within secrets store.
* [`workflows`](#workflows) - Manage and configure Workflows.
* [`tail`](#tail) - Start a se...

---
title: Commands - Wrangler · Cloudflare Workers docs
description: Create, develop, and deploy your Cloudflare Workers with Wrangler commands.
lastUpdated: 2026-02-03T16:46:11.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/workers/wrangler/commands/
  md: https://developers.cloudflare.com/workers/wrangler/commands/
---

Wrangler offers a number of commands to manage your Cloudflare Workers.

* [`docs`](#docs) - Open this page in your default browser.
* [`init`](#init) - Create a new project from a variety of web frameworks and templates.
* [`complete`](#complete) - Generate shell completion scripts for Wrangler commands.
* [`containers`](#containers) - Interact with Containers.
* [`d1`](#d1) - Interact with D1.
* [`vectorize`](#vectorize) - Interact with Vectorize indexes.
* [`hyperdrive`](#hyperdrive) - Manage your Hyperdrives.
* [`deploy`](#deploy) - Deploy your Worker to Cloudflare.
* [`dev`](#dev) - Start a local server for developing your Worker.
* [`delete`](#delete) - Delete your Worker from Cloudflare.
* [`kv namespace`](#kv-namespace) - Manage Workers KV namespaces.
* [`kv key`](#kv-key) - Manage key-value pairs within a Workers KV namespace.
* [`kv bulk`](#kv-bulk) - Manage multiple key-value pairs within a Workers KV namespace in batches.
* [`r2 bucket`](#r2-bucket) - Manage Workers R2 buckets.
* [`r2 object`](#r2-object) - Manage Workers R2 objects.
* [`r2 sql`](#r2-sql) - Query tables in R2 Data Catalog with R2 SQL.
* [`setup`](#setup) - Configure your framework for Cloudflare automatically.
* [`secret`](#secret) - Manage the secret variables for a Worker.
* [`secret bulk`](#secret-bulk) - Manage multiple secret variables for a Worker.
* [`secrets-store secret`](#secrets-store-secret) - Manage account secrets within a secrets store.
* [`secrets-store store`](#secrets-store-store) - Manage your store within secrets store.
* [`workflows`](#workflows) - Manage and configure Workflows.
* [`tail`](#tail) - Start a se...

Title: Configuration · Cloudflare Workers docs
Published Date: 2026-01-29T00:00:00.000Z
URL: https://developers.cloudflare.com/workers/ci-cd/builds/configuration/
Text: Configuration ·Cloudflare Workers docs[Skip to content] 
[![] Cloudflare Docs] 
Search
[Docs Directory] [APIs] [SDKs] Help
[Log in] Select themeDarkLightAuto
## Was this helpful?
[Edit] [Issue] 
Copy page
# Configuration
When connecting your Git repository to your Worker, you can customize the configurations needed to build and deploy your Worker.
## Build settings
[] 
Build settings can be found by navigating to**Settings**\>**Build**within your Worker.
Note that when you update and save build settings, the updated settings will be applied to your*next*build. When you*retry*a build, the build configurations that exist when the build is retried will be applied.
### Overview
[] 
|Setting|Description|
**Git account**|Select the Git account you would like to use. After the initial connection, you can continue to use this

Title: Which permissions are required to run wrangler pages ...
Author: 
Published Date: 2025-02-15T00:00:00.000Z
URL: https://community.cloudflare.com/t/which-permissions-are-required-to-run-wrangler-pages-deployments-tail/770049
Text: 
 
 You are missing out on key features like WAF protection, automatic image optimization, and expanded protection against bad bots. 
 
 
 
 
 
 
 
 
 For Workers & Pages, what is the name of the domain? 
 releasedhub.com 
 What is the error number? 
 10000 
 What is the error message? 
 Authentication error [code: 10000] 
 What is the issue or error you’re encountering 
 Cannot run wrangler pages deployment tail --format json --project-name $project --environment preview $deploymentUrl 
 What steps have you taken to resolve the issue? 
 I have created an API Token with the following permissions: 
 Permissions 
Account > Cloudflare Pages > Read 
Account > Workers Tail > Read 
Account > Logs > Read 
User > Memberships > Read

...

---
title: API token permissions · Cloudflare Fundamentals docs
description: "Permissions are segmented into three categories based on resource:"
lastUpdated: 2025-08-22T14:24:45.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/fundamentals/api/reference/permissions/
  md: https://developers.cloudflare.com/fundamentals/api/reference/permissions/
---

Permissions are segmented into three categories based on resource:

* Zone permissions
* Account permissions
* User permissions

Each category contains permission groups related to those resources. DNS permissions belong to the Zone category, while Billing permissions belong to the Account category. Below is a list of the available token permissions.

To obtain an updated list of token permissions, including the permission ID and the scope of each permission, use the [List permission groups](https://developers.cloudflare.com/api/resources/user/subresources/tokens/subresources/permission_groups/methods/list/) endpoint.

## User permissions

The applicable scope of user permissions is `com.cloudflare.api.user`.

* Dashboard

  | Name | Description |
  | - | - |
  | API Tokens Read | Grants read access to user's [API tokens](https://developers.cloudflare.com/fundamentals/api/reference/permissions/). |
  | API Tokens Edit | Grants write access to user's [API tokens](https://developers.cloudflare.com/fundamentals/api/reference/permissions/). |
  | Memberships Read | Grants read access to a user's [account memberships](https://developers.cloudflare.com/fundamentals/manage-members/manage/). |
  | Memberships Edit | Grants write access to a user's [account memberships](https://developers.cloudflare.com/fundamentals/manage-members/manage/). |
  | User Details Read | Grants read access to user details. |
  | User Details Edit | Grants write access to user details. |

* API

  | Name | Description |
  | - | - |
  | API Tokens Read | Grants read access to user's [API tokens](https://developers.c...

---
title: External CI/CD · Cloudflare Workers docs
description: Integrate Workers development into your existing continuous
  integration and continuous development workflows, such as GitHub Actions or
  GitLab Pipelines.
lastUpdated: 2025-01-28T14:11:51.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/workers/ci-cd/external-cicd/
  md: https://developers.cloudflare.com/workers/ci-cd/external-cicd/index.md
---

Deploying Cloudflare Workers with CI/CD ensures reliable, automated deployments for every code change.

If you prefer to use your existing CI/CD provider instead of [Workers Builds](https://developers.cloudflare.com/workers/ci-cd/builds/), this section offers guides for popular providers:

* [**GitHub Actions**](https://developers.cloudflare.com/workers/ci-cd/external-cicd/github-actions/)
* [**GitLab CI/CD**](https://developers.cloudflare.com/workers/ci-cd/external-cicd/gitlab-cicd/)

Other CI/CD options including but not limited to Terraform, CircleCI, Jenkins, and more, can also be used to deploy Workers following a similar set up process.

---
title: GitHub Actions · Cloudflare Workers docs
description: Integrate Workers development into your existing GitHub Actions workflows.
lastUpdated: 2025-09-09T12:12:09.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/workers/ci-cd/external-cicd/github-actions/
  md: https://developers.cloudflare.com/workers/ci-cd/external-cicd/github-actions/
---

You can deploy Workers with [GitHub Actions](https://github.com/marketplace/actions/deploy-to-cloudflare-workers-with-wrangler). Here is how you can set up your GitHub Actions workflow.

## 1. Authentication

When running Wrangler locally, authentication to the Cloudflare API happens via the [`wrangler login`](https://developers.cloudflare.com/workers/wrangler/commands/#login) command, which initiates an interactive authentication flow. Since CI/CD environments are non-interactive, Wrangler requires a [Cloudflare API token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) and [account ID](https://developers.cloudflare.com/fundamentals/account/find-account-and-zone-ids/) to authenticate with the Cloudflare API.

### Cloudflare account ID

To find your Cloudflare account ID, refer to [Find account and zone IDs](https://developers.cloudflare.com/fundamentals/account/find-account-and-zone-ids/).

### API token

To create an API token to authenticate Wrangler in your CI job:

1. In the Cloudflare dashboard, go to the **Account API tokens** page.

   [Go to **Account API tokens**](https://dash.cloudflare.com/?to=/:account/api-tokens)

2. Select **Create Token** > find **Edit Cloudflare Workers** > select **Use Template**.

3. Customize your token name.

4. Scope your token.

You will need to choose the account and zone resources that the generated API token will have access to. We recommend scoping these down as much as possible to limit the access of your token. For example, if you have access to three different Cloudflare accounts, you should restrict the g...

---
title: External CI/CD · Cloudflare Workers docs
description: Integrate Workers development into your existing continuous
  integration and continuous development workflows, such as GitHub Actions or
  GitLab Pipelines.
lastUpdated: 2025-01-28T14:11:51.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/workers/ci-cd/external-cicd/
  md: https://developers.cloudflare.com/workers/ci-cd/external-cicd/index.md
---

Deploying Cloudflare Workers with CI/CD ensures reliable, automated deployments for every code change.

If you prefer to use your existing CI/CD provider instead of [Workers Builds](https://developers.cloudflare.com/workers/ci-cd/builds/), this section offers guides for popular providers:

* [**GitHub Actions**](https://developers.cloudflare.com/workers/ci-cd/external-cicd/github-actions/)
* [**GitLab CI/CD**](https://developers.cloudflare.com/workers/ci-cd/external-cicd/gitlab-cicd/)

Other CI/CD options including but not limited to Terraform, CircleCI, Jenkins, and more, can also be used to deploy Workers following a similar set up process.

---
title: System environment variables · Cloudflare Workers docs
description: Local environment variables that can change Wrangler's behavior.
lastUpdated: 2025-11-28T09:56:31.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/workers/wrangler/system-environment-variables/
  md: https://developers.cloudflare.com/workers/wrangler/system-environment-variables/
---

System environment variables are local environment variables that can change Wrangler's behavior. There are three ways to set system environment variables:

1. Create an `.env` file in your project directory. Set the values of your environment variables in your [`.env`](https://developers.cloudflare.com/workers/wrangler/system-environment-variables/#example-env-file) file. This is the recommended way to set these variables, as it persists the values between Wrangler sessions.

2. Inline the values in your Wrangler command. For example, `WRANGLER_LOG="debug" npx wrangler deploy` will set the value of `WRANGLER_LOG` to `"debug"` for this execution of the command.

3. Set the values in your shell environment. For example, if you are using Z shell, adding `export CLOUDFLARE_API_TOKEN=...` to your `~/.zshrc` file will set this token as part of your shell configuration.

Note

To set different system environment variables for each environment, create files named `.env.<environment-name>`. When you use `wrangler <command> --env <environment-name>`, the corresponding environment-specific file will be loaded instead of the `.env` file, so the two files are not merged.

Note

During local development, the values in `.env` files are also loaded into the `env` object in your Worker, so you can access them in your Worker code.

For example, if you set `API_HOST="localhost:3000"` in your `.env` file, you can access it in your Worker like this:

```js
const apiHost = env.API_HOST;
```

See the [Environment variables and secrets](https://developers.cloudflare.com/workers/development-test...

---
title: Commands - Wrangler · Cloudflare Workers docs
description: Create, develop, and deploy your Cloudflare Workers with Wrangler commands.
lastUpdated: 2026-02-03T16:46:11.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/workers/wrangler/commands/
  md: https://developers.cloudflare.com/workers/wrangler/commands/
---

Wrangler offers a number of commands to manage your Cloudflare Workers.

* [`docs`](#docs) - Open this page in your default browser.
* [`init`](#init) - Create a new project from a variety of web frameworks and templates.
* [`complete`](#complete) - Generate shell completion scripts for Wrangler commands.
* [`containers`](#containers) - Interact with Containers.
* [`d1`](#d1) - Interact with D1.
* [`vectorize`](#vectorize) - Interact with Vectorize indexes.
* [`hyperdrive`](#hyperdrive) - Manage your Hyperdrives.
* [`deploy`](#deploy) - Deploy your Worker to Cloudflare.
* [`dev`](#dev) - Start a local server for developing your Worker.
* [`delete`](#delete) - Delete your Worker from Cloudflare.
* [`kv namespace`](#kv-namespace) - Manage Workers KV namespaces.
* [`kv key`](#kv-key) - Manage key-value pairs within a Workers KV namespace.
* [`kv bulk`](#kv-bulk) - Manage multiple key-value pairs within a Workers KV namespace in batches.
* [`r2 bucket`](#r2-bucket) - Manage Workers R2 buckets.
* [`r2 object`](#r2-object) - Manage Workers R2 objects.
* [`r2 sql`](#r2-sql) - Query tables in R2 Data Catalog with R2 SQL.
* [`setup`](#setup) - Configure your framework for Cloudflare automatically.
* [`secret`](#secret) - Manage the secret variables for a Worker.
* [`secret bulk`](#secret-bulk) - Manage multiple secret variables for a Worker.
* [`secrets-store secret`](#secrets-store-secret) - Manage account secrets within a secrets store.
* [`secrets-store store`](#secrets-store-store) - Manage your store within secrets store.
* [`workflows`](#workflows) - Manage and configure Workflows.
* [`tail`](#tail) - Start a se...

---
title: Commands - Wrangler · Cloudflare Workers docs
description: Create, develop, and deploy your Cloudflare Workers with Wrangler commands.
lastUpdated: 2026-02-03T16:46:11.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/workers/wrangler/commands/
  md: https://developers.cloudflare.com/workers/wrangler/commands/
---

Wrangler offers a number of commands to manage your Cloudflare Workers.

* [`docs`](#docs) - Open this page in your default browser.
* [`init`](#init) - Create a new project from a variety of web frameworks and templates.
* [`complete`](#complete) - Generate shell completion scripts for Wrangler commands.
* [`containers`](#containers) - Interact with Containers.
* [`d1`](#d1) - Interact with D1.
* [`vectorize`](#vectorize) - Interact with Vectorize indexes.
* [`hyperdrive`](#hyperdrive) - Manage your Hyperdrives.
* [`deploy`](#deploy) - Deploy your Worker to Cloudflare.
* [`dev`](#dev) - Start a local server for developing your Worker.
* [`delete`](#delete) - Delete your Worker from Cloudflare.
* [`kv namespace`](#kv-namespace) - Manage Workers KV namespaces.
* [`kv key`](#kv-key) - Manage key-value pairs within a Workers KV namespace.
* [`kv bulk`](#kv-bulk) - Manage multiple key-value pairs within a Workers KV namespace in batches.
* [`r2 bucket`](#r2-bucket) - Manage Workers R2 buckets.
* [`r2 object`](#r2-object) - Manage Workers R2 objects.
* [`r2 sql`](#r2-sql) - Query tables in R2 Data Catalog with R2 SQL.
* [`setup`](#setup) - Configure your framework for Cloudflare automatically.
* [`secret`](#secret) - Manage the secret variables for a Worker.
* [`secret bulk`](#secret-bulk) - Manage multiple secret variables for a Worker.
* [`secrets-store secret`](#secrets-store-secret) - Manage account secrets within a secrets store.
* [`secrets-store store`](#secrets-store-store) - Manage your store within secrets store.
* [`workflows`](#workflows) - Manage and configure Workflows.
* [`tail`](#tail) - Start a se...

---
title: Create API token · Cloudflare Fundamentals docs
description: Learn how to create a token to perform actions using the Cloudflare API.
lastUpdated: 2025-09-25T18:24:36.000Z
chatbotDeprioritize: false
source_url:
  html: https://developers.cloudflare.com/fundamentals/api/get-started/create-token/
  md: https://developers.cloudflare.com/fundamentals/api/get-started/create-token/
---

Prerequisite

Before you begin, [find your zone and account IDs](https://developers.cloudflare.com/fundamentals/account/find-account-and-zone-ids/).

1. Determine if you want a user token or an [Account API token](https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/). Use Account API tokens if you prefer service tokens that are not associated with users and your [desired API endpoints are compatible](https://developers.cloudflare.com/fundamentals/api/get-started/account-owned-tokens/#compatibility-matrix).

2. From the [Cloudflare dashboard](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** > **API Tokens** for user tokens. For Account Tokens, go to **Manage Account** > **API Tokens**.

3. Select **Create Token**.

4. Select a template from the available [API token templates](https://developers.cloudflare.com/fundamentals/api/reference/template/) or create a custom token. The following example uses the **Edit zone DNS** template.

5. Add or edit the token name to describe why or how the token is used. Templates are prefilled with a token name and permissions.

   ![Token template overview screen](https://developers.cloudflare.com/_astro/template-customize.DcB2c3lZ_ser64.webp)

6. Modify the token's permissions. After selecting a permissions group (*Account*, *User*, or *Zone*), choose what level of access to grant the token. Most groups offer `Edit` or `Read` options. `Edit` is full CRUDL (create, read, update, delete, list) access, while `Read` is the read permission and list where appropriate. Refer to the [available token p...