Agent skill
cloudflare-tunnel
Cloudflare Tunnel API for secure tunnels. Use when user mentions "Cloudflare tunnel", "argo tunnel", or secure connectivity.
Install this agent skill to your Project
npx add-skill https://github.com/vm0-ai/vm0-skills/tree/main/cloudflare-tunnel
SKILL.md
Cloudflare Tunnel / Access Authentication
Authenticate HTTP requests to services protected by Cloudflare Access using Service Token headers.
When to Use
- Access internal services exposed via Cloudflare Tunnel
- Authenticate to Cloudflare Zero Trust protected applications
- Make API calls to services behind Cloudflare Access
- Bypass Cloudflare Access login page for automated requests
Prerequisites
export CF_ACCESS_CLIENT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.access
export CF_ACCESS_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Create Service Token
- Go to Cloudflare Zero Trust Dashboard
- Navigate to Access → Service Auth → Service Tokens
- Click Create Service Token
- Name your token and click Generate token
- Copy both Client ID and Client Secret (shown only once!)
Configure Access Policy
Ensure your Access Application allows service token authentication:
- Go to Access → Applications → Select your app
- Add a policy with Service Token as Include rule
- Select your created token
Usage
Basic curl Request
Add two headers to authenticate through Cloudflare Access:
curl -s \
-H "CF-Access-Client-Id: $(printenv CF_ACCESS_CLIENT_ID)" \
-H "CF-Access-Client-Secret: $(printenv CF_ACCESS_CLIENT_SECRET)" \
"https://your-protected-service.example.com/api/endpoint"
With Additional Authentication
Many services require both Cloudflare Access AND their own authentication:
curl -s \
-H "CF-Access-Client-Id: $(printenv CF_ACCESS_CLIENT_ID)" \
-H "CF-Access-Client-Secret: $(printenv CF_ACCESS_CLIENT_SECRET)" \
-H "Authorization: Bearer $(printenv API_TOKEN)" \
"https://your-protected-service.example.com/api/endpoint"
With Basic Auth
curl -s \
-H "CF-Access-Client-Id: $(printenv CF_ACCESS_CLIENT_ID)" \
-H "CF-Access-Client-Secret: $(printenv CF_ACCESS_CLIENT_SECRET)" \
-u "username:password" \
"https://your-protected-service.example.com/api/endpoint"
POST Request with JSON Body
Write to /tmp/request.json:
{
"key": "value"
}
Then run:
curl -s -X POST \
-H "CF-Access-Client-Id: $(printenv CF_ACCESS_CLIENT_ID)" \
-H "CF-Access-Client-Secret: $(printenv CF_ACCESS_CLIENT_SECRET)" \
-H "Content-Type: application/json" \
-d @/tmp/request.json \
"https://your-protected-service.example.com/api/endpoint"
Download File
curl -s -o /tmp/output.file \
-H "CF-Access-Client-Id: $(printenv CF_ACCESS_CLIENT_ID)" \
-H "CF-Access-Client-Secret: $(printenv CF_ACCESS_CLIENT_SECRET)" \
"https://your-protected-service.example.com/file"
Skip SSL Verification (Self-signed certs)
Add -k flag for services with self-signed certificates:
curl -k -s \
-H "CF-Access-Client-Id: $(printenv CF_ACCESS_CLIENT_ID)" \
-H "CF-Access-Client-Secret: $(printenv CF_ACCESS_CLIENT_SECRET)" \
"https://your-protected-service.example.com/api/endpoint"
Required Headers
| Header | Value | Description |
|---|---|---|
CF-Access-Client-Id |
<client-id>.access |
Service Token Client ID |
CF-Access-Client-Secret |
<secret> |
Service Token Client Secret |
Common Errors
| Error | Cause | Solution |
|---|---|---|
| 403 Forbidden | Invalid or missing headers | Check Client ID and Secret |
| 403 Forbidden | Token not in Access policy | Add token to application's Access policy |
| 401 Unauthorized | Service's own auth failed | Check service-specific credentials |
| Connection refused | Tunnel not running | Verify cloudflared is running |
Tips
- Header order doesn't matter - CF headers can be anywhere in the request
- Works with any HTTP method - GET, POST, PUT, DELETE, etc.
- Combine with other auth - CF Access + Basic Auth, Bearer Token, etc.
- Token rotation - Rotate secrets periodically in Zero Trust dashboard
API Reference
- Cloudflare Access: https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/
- Zero Trust Dashboard: https://one.dash.cloudflare.com/
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
brave-search
Brave Search API for web search. Use when user says "search web", "Brave search", or asks to "find on web" without specifying Google.
supadata
Supadata API for YouTube/web data. Use when user mentions "Supadata", "YouTube data", "channel stats", or web scraping data.
roadmap-planning
Build and prioritize product roadmaps using scoring models like RICE, ICE, and value-effort matrices. Activate when creating a product roadmap, prioritizing features, sequencing initiatives, mapping dependencies, balancing team capacity, choosing between Now/Next/Later or quarterly planning, or communicating roadmap tradeoffs to executives and stakeholders.
qdrant
Qdrant API for vector search. Use when user mentions "Qdrant", "vector database", "semantic search", or embeddings storage.
calendly
Calendly scheduling API. Use when user mentions "Calendly", "calendly.com", "schedule a meeting", "booking link", "event types", or asks about interview scheduling.
stripe
Stripe API for payments. Use when user mentions "Stripe", "payment", "subscription", "billing", "invoice", or asks about payment processing.
Didn't find tool you were looking for?