Integrations · Development

Connect Cloudflare to Well

Link Cloudflare DNS record, domain, and page rule to the customer and revenue context they affect.

Connect CloudflareSee what Well does

What Well pulls from Cloudflare

Cloudflare feeds DNS record, domain, page rule into Well as a source. The connection is read-only; disconnect at any time from your workspace settings to revoke Cloudflare’s access.

From CloudflareIn Well
DNS record
Infrastructure config
Domain
Workspace context
Page rule
Policy
Cloudflare logo
Sync mode
MCP hybrid
Refresh
live + reconciliation reads
Direction
Cloudflare → Well

What Well does with your Cloudflare connection

Connect

Connect Cloudflare over OAuth (MCP DCR): Well registers a client through Cloudflare's OAuth Dynamic Client Registration and you approve on Cloudflare's side, so the password never reaches Well; Well holds only a scoped token it can refresh.

Sync

Well brings DNS record, domain, and page rule in from Cloudflare on live events backed by periodic reconciliation reads. The first sync backfills history in the background and the connection stays live after.

Enrich

Well resolves each Cloudflare entity into infrastructure config, workspace context, and policy, assigns categories, and links every record to an audit trail across the rest of your connected tools.

Available

Your data from Cloudflare lands in the workspace as infrastructure config, workspace context, and policy you can search, chart, and automate.

Questions Cloudflare unlocks

Ask in plain language. Well answers from your connected Cloudflare connection, resolved against the rest of your stack.

Ask Well

Ask anything about your Cloudflare connection

Summarise this month
What needs attention?
Find unmatched records

Ask about your Cloudflare connection…

Connect Cloudflare in three steps

  1. 01

    Authorise Cloudflare via MCP

    From Well's Connections panel, search for Cloudflare and click Connect. Well discovers Cloudflare's MCP OAuth metadata from its .well-known endpoint, registers a client via Dynamic Client Registration, and routes you through the authorize prompt on Cloudflare's side. No client credentials to paste.

    • AuthOAuth (MCP DCR)
    • DiscoveryMCP .well-known
    • MCP serverbindings.mcp.cloudflare.com/mcp
  2. 02

    Map your entities

    Well's MCP client discovers DNS record, domain, and page rule from Cloudflare that Cloudflare's MCP server exposes and brings them into your workspace using the canonical mappings defined in Well's data-views layer. You can inspect the workspace data model from Settings > Data Model.

    • Mappingpreconfigured by Well
  3. 03

    Use the data

    Ask questions in conversation, build records tables, or let agents act on Cloudflare records. Because Cloudflare ships through MCP, Well treats every entity it exposes as queryable graph state alongside the rest of your connected tools.

    • First syncstarts as soon as connect completes

MCP handshake typically completes under a minute on warm connections. Resource enumeration runs immediately after; full backfill of historical Cloudflare records happens in the background.

How Cloudflare stays secure with Well

Well connects to Cloudflare's MCP server (bindings.mcp.cloudflare.com/mcp) via the Model Context Protocol. The MCP server itself handles credential issuance through OAuth Dynamic Client Registration; Well never sees a long-lived Cloudflare secret. Tokens are scoped to the DNS record, domain, and page rule Cloudflare exposes and refreshed server-side. Reads only, Well cannot modify or delete Cloudflare records.

OAuth (MCP DCR)Encrypted at restGDPR compliant
Read the full privacy and security policy
Scopes Well requestsbindings.mcp.cloudflare.com/mcp

  • Read Cloudflare records

    Resources the Cloudflare MCP server exposes, scoped by your OAuth approval.

    granted

  • Resolve DNS record, domain, and page rule across your stack

    Match identifiers in Cloudflare against the same entities your other connected tools expose, so each record carries cross-tool context.

    granted

  • Modify or delete Cloudflare records

    Not granted; Cloudflare is read-only in Well. Write-back is opt-in per connector when a write surface exists.

    refused

  • Store Cloudflare passwords or session cookies

    Authentication runs through OAuth (MCP DCR) tokens we never see.

    refused
Disconnect any time from Well settings or Cloudflare’s admin panel.

Frequently asked questions about Cloudflare and Well

From Well, open Connections, find Cloudflare, and click Connect. Well discovers the OAuth metadata at bindings.mcp.cloudflare.com/mcp/.well-known/oauth-authorization-server, registers a client on the fly via Dynamic Client Registration, and walks you through the authorize prompt on Cloudflare's side. No client_id or client_secret to paste; the handshake takes roughly a minute.

Well brings in DNS record, domain, and page rule from Cloudflare and reshapes each entity into your workspace: DNS record becomes infrastructure config; domain becomes workspace context. Every record arrives with the source identifier preserved, so Cloudflare stays the source of truth while Well lets you query the data alongside the rest of your stack.

Well links Cloudflare activity (issues, commits, deploys, runs) to the customer accounts in your CRM that originated each request. A bug report from a top-revenue customer shows that revenue context inline; a deploy mentions the customer-facing features that just shipped.

Every workspace infrastructure config built from Cloudflare carries the source DNS record identifier plus a deep link back to the original record. From a workspace page, one click takes you to the Cloudflare record; from Cloudflare, the workspace identifier travels back so you can search either direction. The link survives every subsequent enrichment Well runs.

Well combines live Cloudflare events with periodic reconciliation reads of DNS record, domain, and page rule. New rows appear within seconds when Cloudflare pushes them; periodic reads catch anything a push missed. The first connect backfills history from Cloudflare in the background.

Open Connections > Cloudflare in Well and click Disconnect. Well calls Cloudflare's token revocation endpoint and stops calling Cloudflare immediately on its side; provider-side propagation to Cloudflare's admin panel varies by provider. The DNS record, domain, and page rule Well already synced stay in your workspace by default; ask Support to purge them if your compliance flow requires it.

Cloudflare records are stored in the region Well operates for your workspace. Specific region details and the steps to change region are available from Support. See /privacy for the current data-handling policy.

Pairs well with Cloudflare

More in Development

Context7 logo

Context7

Connect Context7 to Well over its MCP server so your agents can reach it, with no structured data sync.

DocFork logo

DocFork

Connect DocFork to Well over its MCP server so your agents can reach it, with no structured data sync.

GitLab logo

GitLab

Connect GitLab to Well to sync development tools and infrastructure data.

Hugging Face logo

Hugging Face

Connect Hugging Face to Well to sync development tools and infrastructure data.

Popular cross-category

Stripe logo

Stripe

Connect Stripe to Well to sync payments and transaction data.

Gmail logo

Gmail

Connect Gmail to Well to collect and process invoices from your inbox.

QuickBooks logo

QuickBooks

Connect QuickBooks to Well to sync accounting data and ledger records.

Xero logo

Xero

Connect Xero to Well to sync accounting data and ledger records.

Cloudflare logo

Ready to connect Cloudflare?

Connect once. Every DNS record, domain, page rule from Cloudflare becomes searchable, queryable, and ready for your agents and tables. Disconnect any time.

Connect CloudflareTalk to us