Cloudflare
Overview
Section titled “Overview”Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable. With the Cloudflare integration in SquadOS, your agents can manage DNS records, zones, WAF lists, firewall rules, tunnels, load-balancer pools, and bot management settings programmatically — without logging into the web dashboard.
- Official website: https://www.cloudflare.com/
- Composio documentation: docs.composio.dev/toolkits/cloudflare
Authentication
Section titled “Authentication”This tool uses an API key (API_KEY) to connect.
You will need the following fields:
| Field | Required | Description |
|---|---|---|
api_key | Yes | Cloudflare API token with the permissions required for your intended operations. |
How to get credentials
Section titled “How to get credentials”- Go to dash.cloudflare.com/profile/api-tokens — the API Tokens page in your profile.
- Click Create Token.
- Choose one of the available templates or click Create Custom Token to configure permissions manually.
- Give the token a descriptive name (e.g.,
SquadOS). - Under Permissions, select the groups and access levels the token will need (e.g., Zone → DNS → Edit to manage DNS records).
- Under Zone Resources, choose which zones the token can access (specific ones or all).
- Optionally restrict the token by source IP or set an expiry date (TTL).
- Click Continue to summary, then Create Token.
- Copy and store the token displayed — it is shown only once.
How to connect in SquadOS
Section titled “How to connect in SquadOS”- Go to Tools in the side menu (
/admin/tools). - Open the Available tab and search for
Cloudflare. - Click the card to open the details and hit Connect.
- You’re taken to the secure connection page hosted by Composio, where you enter the API token obtained above.
- Once done, you’re sent back to SquadOS with the account connected and the tool available to agents. (Connection-flow details in Organization Tools.)
Available actions
Section titled “Available actions”Create DNS record
Section titled “Create DNS record”CLOUDFLARE_CREATE_DNS_RECORD
Tool to create a new DNS record within a specific zone. Requires write privileges and makes live changes to the zone. Use after obtaining the zone ID via CLOUDFLARE_LIST_ZONES to programmatically add DNS entries.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
ttl | integer | No | Time to live in seconds; minimum 1. Use 1 for automatic TTL. |
data | object | No | Additional data object for record types like SRV, LOC, or CAA. |
name | string | Yes | DNS record name (e.g., example.com or www.example.com). |
tags | array | No | List of tags to associate with the record. |
type | string | Yes | DNS record type (A, AAAA, CNAME, MX, TXT, SRV, LOC, CAA). |
comment | string | No | Human-readable comment for the DNS record. |
content | string | Yes | DNS record content (e.g., IP for A records). |
proxied | boolean | No | Whether the record is receiving Cloudflare performance and security benefits. |
priority | integer | No | Priority for MX, SRV, and URI records; required for those types. |
zone_identifier | string | Yes | Zone identifier (UUID) where the DNS record will be created. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Create WAF List
Section titled “Create WAF List”CLOUDFLARE_CREATE_LIST
Create a new empty custom list for use in WAF rules and filters. Lists can contain IP addresses, hostnames, ASNs, or redirects. Once created, use separate actions to add items to the list. List availability depends on plan: Free (1 list), Pro/Business (10 lists), Enterprise (1000 lists).
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
kind | string | Yes | Type of the list: ip, redirect, hostname, or asn. |
name | string | Yes | Informative name for the list (max 50 characters). Used in filter and rule expressions. |
account_id | string | Yes | Cloudflare account identifier (max 32 characters). |
description | string | No | Optional description of the list (max 500 characters). |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Create Zone
Section titled “Create Zone”CLOUDFLARE_CREATE_ZONE
Creates a new DNS zone (domain) in Cloudflare. A zone represents a domain and its DNS records. Use this when adding a new domain to manage with Cloudflare. Requires account ID (obtainable via CLOUDFLARE_LIST_ACCOUNTS). The zone will be in pending status until nameservers are updated at the domain registrar.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
name | string | Yes | The domain name for the new zone. |
type | string | No | Zone setup mode: full (DNS hosted by Cloudflare), partial (CNAME setup), or secondary (secondary DNS). |
account | object | No | Container for account ID. If not provided, the zone will be created under the default account associated with the API credentials. Must be structured as {'id': '<account_id>'} where id is obtained via CLOUDFLARE_LIST_ACCOUNTS. |
jump_start | boolean | No | Auto-import existing DNS records from the domain. Ignored for partial zones. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Delete DNS Record
Section titled “Delete DNS Record”CLOUDFLARE_DELETE_DNS_RECORD
Tool to delete a DNS record within a specific zone. Deletion is immediate and irreversible. Use only after confirming both zone and record IDs. Requires write privileges on the zone.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
identifier | string | Yes | Identifier of the DNS record to delete (e.g., 372e67954025e0ba6aaa6d586b9e0b59). |
zone_identifier | string | Yes | Identifier of the DNS zone (e.g., 023e105f4ecef8ad9ca31a8372d0c353). |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Delete WAF List
Section titled “Delete WAF List”CLOUDFLARE_DELETE_LIST
Tool to delete a WAF list. Use when you need to remove a list after verifying no filters reference it.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
list_id | string | Yes | Unique identifier of the WAF list to delete. |
account_id | string | Yes | Cloudflare account identifier. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Delete Zone
Section titled “Delete Zone”CLOUDFLARE_DELETE_ZONE
Tool to delete a zone. Use after confirming the zone identifier to permanently remove a DNS zone and all its DNS records from your Cloudflare account.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
zone_identifier | string | Yes | Identifier of the zone to delete (32-character hex string). |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Get Bot Management Settings
Section titled “Get Bot Management Settings”CLOUDFLARE_GET_BOT_MANAGEMENT_SETTINGS
Tool to retrieve a zone’s Bot Management configuration (Bot Fight Mode / Super Bot Fight Mode / Enterprise Bot Management). Use after identifying the correct zone_id (e.g., via CLOUDFLARE_LIST_ZONES). This tool is the canonical way to audit bot-related configuration; firewall rules are adjacent controls but not equivalent to Bot Management settings.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
zone_id | string | Yes | Zone identifier (UUID) to retrieve Bot Management settings for. Obtain this from List Zones action. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List WAF Lists
Section titled “List WAF Lists”CLOUDFLARE_GET_LISTS
Tool to fetch all WAF lists (no items) for an account. Results are paginated; iterate using page and per_page parameters until result_info.total_pages is reached to retrieve all lists.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
account_id | string | Yes | Cloudflare account identifier (32 hexadecimal characters). Must match the account owning the target zone to avoid cross-account data mixing. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List Account Members
Section titled “List Account Members”CLOUDFLARE_LIST_ACCOUNT_MEMBERS
Lists all members of a Cloudflare account with their roles, permissions, and status. Returns detailed information about each account member including their user details (name, email, 2FA status), assigned roles with granular permissions, membership status (accepted/pending/rejected), and access policies. Supports filtering by status, sorting by various fields, and pagination.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
page | integer | No | Page number for pagination (must be >= 1). Defaults to 1 if not specified. |
order | string | No | Field to sort results by: user.first_name, user.last_name, user.email, or status. |
status | string | No | Filter members by membership status: accepted (active members), pending (invited but not yet accepted), or rejected (declined invitations). Omit to return all members. |
per_page | integer | No | Number of results per page (between 5 and 50). API default: 20. |
direction | string | No | Sort direction: asc for ascending or desc for descending. |
account_id | string | Yes | The unique identifier (32-character hex string) of the Cloudflare account whose members you want to list. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List Accounts
Section titled “List Accounts”CLOUDFLARE_LIST_ACCOUNTS
List all Cloudflare accounts you have ownership or verified access to. Retrieves a paginated list of accounts with their details including account ID, name, type, settings, and creation date. An empty or partial result may indicate insufficient API token scope or permissions, not the absence of accounts.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
name | string | No | Filter accounts by name. May return multiple results for similar names; always verify the correct account_id from the response. |
page | integer | No | Page number to retrieve, starting from 1. |
per_page | integer | No | Number of results per page, between 5 and 50. |
direction | string | No | Direction to order results: asc or desc. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List DNS records
Section titled “List DNS records”CLOUDFLARE_LIST_DNS_RECORDS
Tool to list and search DNS records in a Cloudflare zone. Use when you need to find existing DNS record IDs for update or delete operations, especially after a “record already exists” error during creation.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
name | string | No | Filter by exact DNS record name (FQDN). |
page | integer | No | Page number for pagination. Start at 1. |
type | string | No | Filter by DNS record type (A, AAAA, CAA, CERT, CNAME, DNSKEY, DS, HTTPS, LOC, MX, NAPTR, NS, PTR, SMIMEA, SRV, SSHFP, SVCB, TLSA, TXT, URI). |
match | string | No | Filter matching logic: all requires all filters to match (AND), any requires at least one (OR). Defaults to all. |
content | string | No | Filter by exact DNS record content/value. |
proxied | boolean | No | Filter by proxy status: true for proxied records, false for DNS-only records. |
zone_id | string | Yes | Zone identifier (UUID) to list DNS records from. |
per_page | integer | No | Number of records per page (1–5,000,000). Defaults to 100. |
name_contains | string | No | Filter by DNS record names containing this substring. |
comment_contains | string | No | Filter by comments containing this substring. |
content_contains | string | No | Filter by DNS record content containing this substring. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List Firewall Rules
Section titled “List Firewall Rules”CLOUDFLARE_LIST_FIREWALL_RULES
Tool to list firewall rules for a specific DNS zone. Use after confirming the zone ID to retrieve and audit current firewall rules. Does not expose Workers routes or other routing constructs.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
page | integer | No | Page number for paginated results, starting from 1. Check result_info.total_pages in the response to determine when all pages have been retrieved. |
match | string | No | Match criteria when multiple filters provided: all or any. |
order | string | No | Field to order results by (e.g., priority, created_on). |
zone_id | string | Yes | UUID of the zone to list firewall rules for. |
per_page | integer | No | Number of items per page (1–1000). |
direction | string | No | Sort direction: asc or desc. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List Monitors
Section titled “List Monitors”CLOUDFLARE_LIST_MONITORS
Tool to list all load-balancer monitors in a Cloudflare account. Use after creating or updating monitors to retrieve a paginated list. Response includes result_info.total_pages to determine when all pages have been fetched.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
page | integer | No | Page number for paginated results (1-indexed). |
order | string | No | Field to sort by (e.g., created_on, description). |
per_page | integer | No | Number of monitors per page (max 100). |
direction | string | No | Sort direction: asc or desc. |
account_id | string | Yes | Cloudflare account identifier. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List Pools
Section titled “List Pools”CLOUDFLARE_LIST_POOLS
Tool to list all load balancer pools in a Cloudflare account. Use after confirming account ID to discover pool IDs. Paginate using page and per_page; check result_info.total_pages in the response to determine if additional pages exist.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
page | integer | No | Page number for pagination (1-based). |
monitor | string | No | Filter pools by monitor ID. Only returns pools using this specific health check monitor. |
per_page | integer | No | Number of pools to return per page (1–50). Defaults to returning all pools if not specified. |
account_id | string | Yes | Cloudflare account identifier (UUID). |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List Tunnels
Section titled “List Tunnels”CLOUDFLARE_LIST_TUNNELS
List Cloudflare Tunnel (cloudflared) tunnels in an account to discover tunnel IDs, names, and statuses. Use when you need to find a tunnel_id before performing tunnel operations like routing, DNS configuration, or debugging.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
name | string | No | Filter tunnels by name. |
page | integer | No | Page number for pagination, starting from 1. |
per_page | integer | No | Number of tunnels per page. |
account_id | string | Yes | Cloudflare account identifier. |
is_deleted | boolean | No | Filter by deletion status. Set to true to include deleted tunnels, false to exclude them. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
List Zones
Section titled “List Zones”CLOUDFLARE_LIST_ZONES
Lists, searches, sorts, and filters zones in the authenticated account. Use page/per_page to paginate; check result_info.total_pages in the response to iterate all pages. Does not return DNS records — extract zone_id from results before passing to zone-scoped tools (DNS, firewall, etc.). Only zones delegated to Cloudflare nameservers appear; empty results indicate scope or delegation constraints, not errors.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
name | string | No | A domain name. Optional filter operators can be provided to extend and refine the search. |
page | integer | No | Page number of paginated results. |
match | string | No | Whether to match all search requirements (all) or at least one (any). |
order | string | No | Field to order zones by: name, status, account.id, account.name, or plan.id. |
status | string | No | A zone status: initializing, pending, active, or moved. |
account | object | No | Filter zones by account ID and/or account name. |
per_page | integer | No | Number of zones per page. |
direction | string | No | Direction to order zones: asc or desc. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Update DNS record
Section titled “Update DNS record”CLOUDFLARE_UPDATE_DNS_RECORD
Tool to update an existing DNS record within a specific zone. Use after confirming both zone and record identifiers; only provided fields are modified. Updates to records used by active tunnels take effect immediately and can disrupt live traffic.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
ttl | integer | No | Time to live in seconds; use 1 for automatic TTL. |
data | object | No | Additional record-specific data for LOC, SRV, and CAA records. |
name | string | No | DNS record name (e.g., example.com). |
type | string | No | DNS record type (A, AAAA, CNAME, CERT, DNSKEY, DS, LOC, MX, NS, PTR, SPF, SRV, SSHFP, TLSA, TXT, URI). |
content | string | No | DNS record content (e.g., IP address for A records). |
proxied | boolean | No | Whether the record is receiving Cloudflare’s benefits. |
priority | integer | No | Priority for MX, SRV, and URI records; required for these record types. |
identifier | string | Yes | DNS record identifier (UUID) to update. |
zone_identifier | string | Yes | Zone identifier (UUID) of the DNS record to update. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Update WAF List
Section titled “Update WAF List”CLOUDFLARE_UPDATE_LIST
Tool to update the description of a WAF list (cannot update items). Use after confirming list metadata.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
list_id | string | Yes | Unique identifier of the WAF list. |
account_id | string | Yes | Cloudflare account identifier. |
description | string | Yes | New description for the WAF list. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Update Tunnel Configuration
Section titled “Update Tunnel Configuration”CLOUDFLARE_UPDATE_TUNNEL_CONFIGURATION
Tool to update a remotely-managed Cloudflare Tunnel’s configuration (ingress rules and routing). Use when you need to programmatically configure hostname-to-origin mappings for a tunnel. WARNING: This operation REPLACES the entire configuration — incorrect configuration can break routing and make services unreachable. Best practice: fetch current configuration first (if patching) to preserve existing rules. At least one ingress rule is required, and the last rule should typically be a catch-all (hostname=’*’ or omitted) with service=‘http_status:404’.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
config | object | Yes | Complete tunnel configuration object including ingress rules. This REPLACES the entire configuration — fetch current config first if you need to patch rather than replace. |
tunnel_id | string | Yes | UUID of the tunnel to configure. |
account_id | string | Yes | Cloudflare account identifier where the tunnel resides. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |
Update Zone
Section titled “Update Zone”CLOUDFLARE_UPDATE_ZONE
Tool to update properties of an existing zone; changes apply immediately to the live zone. Confirm zone ID and intended change before calling. Only one field can be modified per call.
Input parameters
Section titled “Input parameters”| Name | Type | Required | Description |
|---|---|---|---|
type | string | No | Zone type: full, partial, or secondary. Only one of paused, type, or vanity_name_servers can be updated per call. |
paused | boolean | No | Whether to pause the zone (true to pause, false to unpause). Only one of paused, type, or vanity_name_servers can be updated per call. |
zone_id | string | Yes | Zone identifier (UUID). |
vanity_name_servers | array | No | Custom name servers for vanity mode. Only one of paused, type, or vanity_name_servers can be updated per call. |
Output
Section titled “Output”| Name | Type | Required | Description |
|---|---|---|---|
data | string | Yes | Data from the action execution. |
error | string | No | Error message if execution failed. |
successful | boolean | Yes | Whether the action executed successfully. |