Cloudflare

There are three supported ways of authorizing Alchemy with Cloudflare:

API Token - a token you create once with limited scopes
OAuth - a token created by wrangler login
Global API Key (legacy) - the global, highly permissive API key

API Token

First you need to create an API Token and then use it in your Alchemy app.

By default, Alchemy will use the CLOUDFLARE_API_TOKEN environment variable if set.

You can store the token in your .env file

CLOUDFLARE_API_TOKEN=<token>

Or set when running your script:

CLOUDFLARE_API_TOKEN=<token> bun ./alchemy.run.ts

CLOUDFLARE_API_TOKEN=<token> npx tsx ./alchemy.run.ts

CLOUDFLARE_API_TOKEN=<token> pnpm tsx ./alchemy.run.ts

CLOUDFLARE_API_TOKEN=<token> yarn tsx ./alchemy.run.ts

You can explciitly set an apiToken when creating a Cloudflare Resource, such as a Worker:

await Worker("my-worker", {
  apiToken: alchemy.secret(process.env.MY_TOKEN)
});

OAuth Token

If you don’t specify CLOUDFLARE_API_KEY or CLOUDFLARE_API_TOKEN, then Alchemy will use the OAuth Token and Refresh Token to authenticate with Cloudflare.

First, make sure you’ve logged in with wrangler:

bun wrangler login

npx wrangler login

pnpm wrangler login

yarn wrangler login

Then, run your script (without CLOUDFLARE_API_KEY or CLOUDFLARE_API_TOKEN environment variables):

bun ./alchemy.run.ts

npx tsx ./alchemy.run.ts

pnpm tsx ./alchemy.run.ts

yarn tsx ./alchemy.run.ts

Global API Key

After you verify your Cloudflare Account’s Email, you will be given a Global API Key.

By default, Alchemy will use the CLOUDFLARE_API_KEY environment variable if set.

You can store the token in your .env file

CLOUDFLARE_API_KEY=<token>

Or set when running your script:

CLOUDFLARE_API_KEY=<token> bun ./alchemy.run.ts

CLOUDFLARE_API_KEY=<token> npx tsx ./alchemy.run.ts

CLOUDFLARE_API_KEY=<token> pnpm tsx ./alchemy.run.ts

CLOUDFLARE_API_KEY=<token> yarn tsx ./alchemy.run.ts

You can explciitly set an apiKey when creating a Cloudflare Resource, such as a Worker:

await Worker("my-worker", {
  apiKey: alchemy.secret(process.env.MY_GLOBAL_KEY)
});

Email

When using Global API Keys, Alchemy must be configured with the API Key’s email.

By default, Alchemy will use the CLOUDFLARE_EMAIL if set

CLOUDFLARE_EMAIL=me@example.com CLOUDFLARE_API_KEY=<token> bun ./alchemy.run.ts

CLOUDFLARE_EMAIL=me@example.com CLOUDFLARE_API_KEY=<token> npx tsx ./alchemy.run.ts

CLOUDFLARE_EMAIL=me@example.com CLOUDFLARE_API_KEY=<token> pnpm tsx ./alchemy.run.ts

CLOUDFLARE_EMAIL=me@example.com CLOUDFLARE_API_KEY=<token> yarn tsx ./alchemy.run.ts

You can explicitly set email when creating a Cloudlfare Resource:

await Worker("my-worker", {
  apiKey: alchemy.secret(process.env.MY_GLOBAL_KEY),
  email: "me@example.com"
});

Account ID

By default, Alchemy will resolve the account ID from the API or OAuth token.

# will use wrangler login and resolve the first account you have acces to (ideal for personal accounts)
bun ./alchemy.run.ts

# will use wrangler login and resolve the first account you have acces to (ideal for personal accounts)
npx tsx ./alchemy.run.ts

# will use wrangler login and resolve the first account you have acces to (ideal for personal accounts)
pnpm tsx ./alchemy.run.ts

# will use wrangler login and resolve the first account you have acces to (ideal for personal accounts)
yarn tsx ./alchemy.run.ts

You can override the default account ID with the CLOUDFLARE_ACCOUNT_ID environment variable:

CLOUDFLARE_ACCOUNT_ID=<account-id> bun ./alchemy.run.ts

CLOUDFLARE_ACCOUNT_ID=<account-id> npx tsx ./alchemy.run.ts

CLOUDFLARE_ACCOUNT_ID=<account-id> pnpm tsx ./alchemy.run.ts

CLOUDFLARE_ACCOUNT_ID=<account-id> yarn tsx ./alchemy.run.ts

Or by setting accountId when creating a Cloudflare Resource:

await Worker("my-worker", {
  accountId: "my-account-id",
});