<< All versions
Skill v1.0.0
currentAutomated scan100/100vm0-ai/vm0-skills/cloudflare-tunnel
──Details
PublishedApril 27, 2026 at 10:01 PM
Content Hashsha256:7b711274a8d79e20...
Git SHA2bbd503bf746
──Files
Files (1 file, 3.0 KB)
SKILL.md3.0 KBactive
SKILL.md · 111 lines · 3.0 KB
version: "1.0.0" name: cloudflare-tunnel description: Cloudflare Tunnel API for secure tunnels. Use when user mentions "Cloudflare tunnel", "argo tunnel", or secure connectivity.
Usage
Basic curl Request
Add two headers to authenticate through Cloudflare Access:
bash
curl -s \-H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \-H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \"https://your-protected-service.example.com/api/endpoint"
With Additional Authentication
Many services require both Cloudflare Access AND their own authentication:
bash
curl -s \-H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \-H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \-H "Authorization: Bearer $API_TOKEN" \"https://your-protected-service.example.com/api/endpoint"
With Basic Auth
bash
curl -s \-H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \-H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \-u "username:password" \"https://your-protected-service.example.com/api/endpoint"
POST Request with JSON Body
Write to /tmp/request.json:
json
{"key": "value"}
Then run:
bash
curl -s -X POST \-H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \-H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \-H "Content-Type: application/json" \-d @/tmp/request.json \"https://your-protected-service.example.com/api/endpoint"
Download File
bash
curl -s -o /tmp/output.file \-H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \-H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \"https://your-protected-service.example.com/file"
Skip SSL Verification (Self-signed certs)
Add -k flag for services with self-signed certificates:
bash
curl -k -s \-H "CF-Access-Client-Id: $CF_ACCESS_CLIENT_ID" \-H "CF-Access-Client-Secret: $CF_ACCESS_CLIENT_SECRET" \"https://your-protected-service.example.com/api/endpoint"
Required Headers
| Header | Value | Description | |
|---|---|---|---|
CF-Access-Client-Id | <client-id>.access | Service Token Client ID | |
CF-Access-Client-Secret | <secret> | Service Token Client Secret |
Common Errors
| Error | Cause | Solution | |
|---|---|---|---|
| 403 Forbidden | Invalid or missing headers | Check Client ID and Secret | |
| 403 Forbidden | Token not in Access policy | Add token to application's Access policy | |
| 401 Unauthorized | Service's own auth failed | Check service-specific credentials | |
| Connection refused | Tunnel not running | Verify cloudflared is running |
Tips
- Header order doesn't matter - CF headers can be anywhere in the request
- Works with any HTTP method - GET, POST, PUT, DELETE, etc.
- Combine with other auth - CF Access + Basic Auth, Bearer Token, etc.
- Token rotation - Rotate secrets periodically in Zero Trust dashboard
API Reference
- Cloudflare Access: https://developers.cloudflare.com/cloudflare-one/identity/service-tokens/
- Zero Trust Dashboard: https://one.dash.cloudflare.com/