Cloudflare Auth

There are three supported ways of authorizing Alchemy with Cloudflare:

API Token - a token you create once with limited scopes
OAuth - a token created by wrangler login
Global API Key (legacy) - the global, highly permissive API key

API Token

First you need to create an API Token and then use it in your Alchemy app.

By default, Alchemy will use the CLOUDFLARE_API_TOKEN environment variable if set.

You can store the token in your .env file

CLOUDFLARE_API_TOKEN=<token>

Or set when deploying your app:

CLOUDFLARE_API_TOKEN=<token> bun alchemy deploy

CLOUDFLARE_API_TOKEN=<token> npx alchemy deploy

CLOUDFLARE_API_TOKEN=<token> pnpm alchemy deploy

CLOUDFLARE_API_TOKEN=<token> yarn alchemy deploy

You can explciitly set an apiToken when creating a Cloudflare Resource, such as a Worker:

await Worker("my-worker", {
  apiToken: alchemy.secret(process.env.MY_TOKEN)
});

OAuth Token

If you don’t specify CLOUDFLARE_API_KEY or CLOUDFLARE_API_TOKEN, then Alchemy will use the OAuth Token and Refresh Token to authenticate with Cloudflare.

First, make sure you’ve logged in with wrangler:

bun wrangler login

npx wrangler login

pnpm wrangler login

yarn wrangler login

Then, deploy your app (without CLOUDFLARE_API_KEY or CLOUDFLARE_API_TOKEN environment variables):

bun alchemy deploy

npx alchemy deploy

pnpm alchemy deploy

yarn alchemy deploy

Global API Key

After you verify your Cloudflare Account’s Email, you will be given a Global API Key.

By default, Alchemy will use the CLOUDFLARE_API_KEY environment variable if set.

You can store the token in your .env file

CLOUDFLARE_API_KEY=<token>

Or set when deploying your app:

CLOUDFLARE_API_KEY=<token> bun alchemy deploy

CLOUDFLARE_API_KEY=<token> npx alchemy deploy

CLOUDFLARE_API_KEY=<token> pnpm alchemy deploy

CLOUDFLARE_API_KEY=<token> yarn alchemy deploy

You can explciitly set an apiKey when creating a Cloudflare Resource, such as a Worker:

await Worker("my-worker", {
  apiKey: alchemy.secret(process.env.MY_GLOBAL_KEY)
});

Email

When using Global API Keys, Alchemy must be configured with the API Key’s email.

By default, Alchemy will use the CLOUDFLARE_EMAIL if set

CLOUDFLARE_EMAIL=me@example.com CLOUDFLARE_API_KEY=<token> bun alchemy deploy

CLOUDFLARE_EMAIL=me@example.com CLOUDFLARE_API_KEY=<token> npx alchemy deploy

CLOUDFLARE_EMAIL=me@example.com CLOUDFLARE_API_KEY=<token> pnpm alchemy deploy

CLOUDFLARE_EMAIL=me@example.com CLOUDFLARE_API_KEY=<token> yarn alchemy deploy

You can explicitly set email when creating a Cloudlfare Resource:

await Worker("my-worker", {
  apiKey: alchemy.secret(process.env.MY_GLOBAL_KEY),
  email: "me@example.com"
});

Account ID

By default, Alchemy will resolve the account ID from the API or OAuth token.

# will use wrangler login and resolve the first account you have acces to (ideal for personal accounts)
bun alchemy deploy

# will use wrangler login and resolve the first account you have acces to (ideal for personal accounts)
npx alchemy deploy

# will use wrangler login and resolve the first account you have acces to (ideal for personal accounts)
pnpm alchemy deploy

# will use wrangler login and resolve the first account you have acces to (ideal for personal accounts)
yarn alchemy deploy

You can override the default account ID with the CLOUDFLARE_ACCOUNT_ID environment variable:

CLOUDFLARE_ACCOUNT_ID=<account-id> bun alchemy deploy

CLOUDFLARE_ACCOUNT_ID=<account-id> npx alchemy deploy

CLOUDFLARE_ACCOUNT_ID=<account-id> pnpm alchemy deploy

CLOUDFLARE_ACCOUNT_ID=<account-id> yarn alchemy deploy

Or by setting accountId when creating a Cloudflare Resource:

await Worker("my-worker", {
  accountId: "my-account-id",
});