Coding agents are great at building software. But to deploy to production they need three things from the cloud they want to host their app — an account, a way to pay, and an API token. Until now these have been tasks that humans handle directly. Increasingly, agents handle them on the user’s behalf. The agent needs to perform all the tasks a human customer can. They’re given higher-order problems to solve and choose to use Cloudflare and call Cloudflare APIs.
Starting today, agents can provision Cloudflare on behalf of their users. They can create a Cloudflare account, start a paid subscription, register a domain, and get back an API token to deploy code right away. Humans can be in the loop to grant permission, but no human steps are required from start to finish. There’s no need to go to the dashboard, copy and paste API tokens, or enter credit card details. Without any extra setup, agents have everything they need to deploy a new production application in one shot. And with Cloudflare’s Code Mode MCP server and Agent Skills, they’re even better at it.
This all works via a new protocol that we’ve co-designed with Stripe as part of the launch of Stripe Projects.
We’re excited to launch this new partnership with Stripe, and also to offer $100,000 in Cloudflare credits to all new startups who incorporate using Stripe Atlas. But this new protocol also makes it possible for any platform with signed-in users to integrate with Cloudflare in the same way Stripe does, with zero friction for the end user.
How it works: zero to production without any setup or manual steps
Install the Stripe CLI with the Stripe Projects plugin, log in to Stripe, and then start a new project:
stripe projects initThen, instruct your agent to build something new and deploy it to a new domain. Below, you can watch a condensed two-minute video of this entire process:
If the email you’re logged into Stripe with already has a Cloudflare account, you’ll be asked to go through a typical OAuth flow to grant the agent access. If there’s no existing Cloudflare account tied to that email, Cloudflare will automatically create one for you and your agent — no human involvement needed:
You’ll see the agent build and deploy a site to the brand-new Cloudflare account, then use the Stripe Projects CLI to register the domain:
The agent will ask for your input and approval when needed. For instance, if your Stripe account doesn’t yet have a payment method linked, the agent will prompt you to add one:
In the end, the agent has deployed to production, and the app runs on the freshly registered domain:
The agent has gone from absolute zero — no Cloudflare account at all, without any preconfigured Agent Skills or MCP server — to having:
But hold on — how did the agent figure out it could do all of this? How did it know which services it could set up, or how to buy a domain? How did it gain the knowledge it needed to deploy to Cloudflare? Let’s dig deeper.
How the protocol and integration works
There are three key components to the interaction between the agent, Stripe, and Cloudflare shown above:
Discovery — the agent can run a command to browse the catalog of available services.
Authorization — the platform verifies the user’s identity, enabling providers to create accounts or connect existing ones, and securely hand credentials back to the agent.
Payment — the platform supplies a payment token that providers can use to charge the customer, letting the agent start subscriptions, make purchases, and be billed based on usage.
These build on existing standards and prior work like OAuth, OIDC, and payment tokenization — but they’re combined in a way that eliminates steps that would normally require a human in the loop.
Discovery: how agents find services they can provision themselves
In the agent session above, before the agent ran the CLI command stripe projects add cloudflare/registrar:domain, it first
had to discover the Cloudflare Registrar service. It accomplished this by running the stripe projects catalog command, which lists all available services:
The complete range of Cloudflare products and services from third-party providers is extensive and constantly expanding — perhaps even overwhelming for people to navigate. But for AI agents, this service directory is precisely the information they require. The agent picks which services to use from this catalog based on the user’s request and their preferences — the user doesn’t need to know beforehand which providers offer which services, and doesn’t need to contribute any input at all. Companies like Cloudflare expose this catalog through a straightforward REST API that delivers JSON responses, which supplies agents with everything they need.
Authorization: on-the-fly account creation for new users
When the agent selects a service and sets it up (for example, stripe projects add cloudflare/registrar:domain), it provisions that resource inside a Cloudflare account. But how can it create an account automatically, without redirecting a person to a signup page?
Remember how the user logged into their Stripe account at the beginning? Stripe functions as the identity provider, verifying the user’s identity. If no Cloudflare account exists yet, Cloudflare automatically creates a new account for the user and sends credentials back to the Stripe Projects CLI. These credentials are stored securely but remain accessible to the agent so it can make authenticated requests to Cloudflare. This means someone completely new to Cloudflare or other services can begin building immediately with their agent — no extra steps required.
If the user already has a Cloudflare account, they go through a standard OAuth flow to authorize the Stripe Projects CLI, enabling it to provision resources on their existing account.
Payment: give your agent a spending limit without handing it your credit card
You might understandably wonder, “What if my agent gets a little too enthusiastic and starts purchasing dozens of domains? Will I be stuck with a huge bill? Can I really trust my agent with my payment details?”
The protocol addresses this concern in two ways. When an agent provisions a paid service, Stripe attaches a payment token in the request sent to the provider (Cloudflare). Sensitive payment information like credit card numbers is never exposed to the agent. Stripe then enforces a default cap of $100.00 USD per month as the maximum amount the agent can spend with any single provider. When you’re ready to increase this cap, you can configure Budget Alerts on your Cloudflare account.
Any platform with signed-in users can integrate with Cloudflare just like Stripe does
Any platform that has signed-in users can serve as the “Orchestrator,” taking on the same role Stripe plays with Stripe Projects, and connect with Cloudflare.
Imagine your product is a coding agent. You’d love for users to take what they’ve built and deploy it to production using Cloudflare and other services. But the last thing you want is to push users through a maze of authorization screens and decision trees about where and how to deploy. You just want them to ship their work.
Your platform serves as the Orchestrator, with the user already signed in. When your user needs a domain, a storage bucket, a sandbox for their agent, or anything else, you make a single API call to Cloudflare to set up a new Cloudflare account for them and receive a token to make authenticated requests on their behalf.
Or suppose you want Cloudflare customers to easily provision your service — similar to how Cloudflare is partnering with Planetscale to allow users to create Planetscale Postgres databases directly from Cloudflare. We began collaborating with Planetscale on this before this new protocol was established, but the process is essentially the same. Cloudflare acts as the Orchestrator, letting you link to your PlanetScale account, create databases, and use the user’s existing payment method for billing.
This new protocol begins to formalize the kinds of cross-product integrations that many platforms have been doing for years, often in ways that were custom-built or unique to a specific platform. Without a standardized approach, each integration demanded engineering effort that typically couldn’t be reused for future integrations. Much like the OAuth standard made it possible to delegate account access to other platforms, this protocol builds on OAuth and extends further into payments and account creation, treating AI agents as a first-class citizen.
We’re excited to keep developing the standard and to collaborate with Stripe on releasing a more formal specification soon. We’re also eager to integrate with more platforms — email us at [email protected] and let us know how you’d like your platform to work with Cloudflare.
Give your agent the power to provision and pay
Stripe Projects is currently in open beta, and you can jump in even without an existing Cloudflare account. Simply install the Stripe CLI, log into Stripe, and start a new project:
stripe projects initAsk your agent to build something on Cloudflare, and share what you’ve created!
