Do I need to paste my Cloudflare API key anywhere?

No. The remote Cloudflare GraphQL Analytics MCP server at graphql.mcp.cloudflare.com authenticates over OAuth, so you authorize the account through a consent screen instead of pasting a key. For an unattended agent, use a scoped API token limited to Analytics Read — never a full account key, and never committed to a repo.

Is the dashboard live or a snapshot?

A snapshot. It contains the numbers Claude pulled when it built the file; it does not re-query Cloudflare when someone opens the link. To refresh it, ask Claude to repull and re-push to the same URL — or put that on a daily schedule so the stable link always shows current numbers.

Can my team comment without a Cloudflare or Claude account?

Yes. The dashboard is published to a Drafty canvas link that renders in any browser. Reviewers click the exact element they want changed and leave a pinned comment with no login required. Only the person connecting Cloudflare needs access to the account.

Is it safe to give Claude access to my Cloudflare account?

Connect with OAuth and select the Analytics Read scope, or use a read-scoped API token — a traffic dashboard never needs more than that. Every tool call is mediated by the MCP server, and in Claude you approve actions. Don't grant write or edit scopes for a read-only reporting task.

How is this different from the Cloudflare Analytics dashboard or a BI tool?

Cloudflare's own analytics and a BI tool query live data against fixed views — the right choice for standing, governed reporting. This approach is for a fast, shareable snapshot you can spin up in minutes, shape exactly how you want by talking to Claude, then collect feedback on inline. Different jobs: one is a standing system, the other is a quick reviewable deliverable.

drafty

Build a Cloudflare traffic dashboard with Claude

Connect the Cloudflare GraphQL Analytics MCP server to Claude, ask for a traffic, WAF, and cache-hit dashboard from your live zone, and publish it to a link your team comments on directly — no BI tool, no screenshots pasted into Slack.

What you'll build

A self-contained edge dashboard — total requests and bandwidth, the traffic trend, cache hit ratio, WAF and firewall events by action, top countries, and recent blocked requests — generated by Claude from your real Cloudflare zone data, then published to a drafty.im/canvas/… link. Your team clicks the exact chart or number they want changed and leaves a note. Claude reads the comments and ships a revised version to the same URL.

This is an end-to-end example: connect a data source over MCP, generate a dashboard from live numbers, and close the review loop on one link. Total time, start to shared link, is under fifteen minutes. The same shape works for any of the other examples — only the connection step changes.

Here's the finished dashboard, published to a canvas — click any tile or number to leave a comment, exactly as your team would:

Live canvas — comment on any elementOpen ↗

The three moving parts

The Cloudflare GraphQL Analytics MCP server gives Claude read access to your zone's analytics — HTTP requests, bandwidth, cache, firewall and WAF events, threats — through Cloudflare's GraphQL Analytics API. You approve what it can touch over OAuth.
Claude pulls the numbers and writes a single self-contained HTML dashboard. You iterate on it in the artifact panel until it's right.
Drafty turns that HTML into a stable link your team reviews. Comments pin to the exact element; Claude ships the fix to the same URL.

The generation step is fast now. The part this example is really about is the third one — getting the dashboard in front of people without losing their feedback to a screenshot circled in Preview.

Step 1 — Connect the Cloudflare GraphQL Analytics MCP server

Cloudflare runs official remote MCP servers. The GraphQL Analytics server at https://graphql.mcp.cloudflare.com/mcp is the one that exposes traffic, cache, and firewall data. You connect once; it authenticates over OAuth, so no key is pasted into a config file.

In Claude Code:

claude

❯

claude mcp add --transport http cloudflare-graphql https://graphql.mcp.cloudflare.com/mcp▌

Then run /mcp inside Claude Code and follow the OAuth prompt to authorize the account. When you authorize, grant the Analytics Read scope only — this dashboard never needs to write to Cloudflare.

In Claude Desktop: open Settings → Connectors → Add custom connector, paste https://graphql.mcp.cloudflare.com/mcp, and authorize with OAuth the same way.

Safety first

Use OAuth and select Analytics Read when prompted, or — if you're running an unattended agent — a scoped API token limited to Analytics Read (plus Account Resources: Read so the server can auto-detect your account). Never paste a full account API key into a config file or commit it. The dashboard only reads; it has no reason to hold write permissions.

Step 2 — Pull the numbers

Ask Claude in plain language. It uses the GraphQL Analytics server's read tools to query your zone's analytics datasets:

claude

❯

Using the Cloudflare GraphQL Analytics MCP server, pull everything we need for an edge traffic dashboard for our main zone over the last 7 days: total requests and bytes served, cache hit ratio (cached vs. uncached requests), requests per day for the trend, total WAF and firewall events broken down by action (block, challenge, allow), the top 5 countries by request volume, and the 10 most recent blocked requests with path and rule. Summarize the figures before you build anything.▌

Claude calls Cloudflare, returns the figures, and you sanity-check them against the Cloudflare dashboard before going further. This is the moment to catch a wrong assumption — the wrong zone, a timezone offset, requests counted before vs. after caching — while it's cheap.

Step 3 — Build the dashboard

Once the numbers look right, ask for the artifact:

claude

❯

Build a single self-contained HTML dashboard from those figures. Total requests as the hero number with the 7-day trend line, then tiles for bandwidth, cache hit ratio, and total threats blocked. A WAF events breakdown by action, a top-countries list, and a recent-blocked-requests table at the bottom. Clean, no external dependencies — inline the CSS and any chart code.▌

Claude renders it live in the artifact panel. Iterate in place — you're not regenerating from scratch:

"Make cache hit ratio a big gauge and put it next to the request total."
"Add a 7-day line for blocked requests under the WAF tile."
"Format bytes as GB and round request counts to thousands."

Step 4 — Publish to Drafty for review

A Claude artifact link is a preview, not a stable URL — iterate the artifact and the link you already sent now shows the old version. Ask Claude to publish it to a Drafty canvas instead, so the link you share always stays current:

claude

❯

Publish this dashboard to Drafty as a canvas and give me the shareable link.▌

Claude pushes the dashboard and hands back a drafty.im/canvas/… link that renders on any device. Send it — your team opens it in a browser, no login and no Claude account needed.

Step 5 — The review loop

This is the part that's not obvious until you've done it once.

A reviewer clicks the specific tile, chart, or number they want changed and leaves a pinned comment — "this cache hit ratio looks low, are we counting the API subdomain that bypasses cache?" The comment is anchored to that element, not floating in a Slack thread. Claude reads the comments through the CLI, reruns the relevant Cloudflare query if needed, and pushes a revised dashboard to the same URL. The reviewer refreshes and sees the change; the thread stays attached to the element.

The mechanic matters because of what it removes. A Slack message about a chart produces "the number on the left looks wrong." A pinned comment on the actual tile produces "this — exclude the static-asset subdomain from the cache ratio." One of those produces a correct revision; the other produces a guess.

Keeping it fresh

An MCP-generated dashboard is a snapshot — it holds the numbers Claude pulled when it built it; it doesn't re-query Cloudflare when someone opens the link. For a weekly review or a board-ready snapshot, that's fine.

To make it a live canvas that always shows today's figures, copy this prompt — Claude sets up the refresh for you and schedules it to run on its own:

claude

❯

Turn this Cloudflare dashboard into a live canvas: every morning, re-pull the latest traffic, cache, and WAF numbers from Cloudflare via the GraphQL Analytics MCP server, rebuild the dashboard, and push a new version to the same canvas URL so the link always shows today's figures. Schedule it to run daily on its own.▌

The link stays stable while the content updates underneath it — see keeping a canvas updated automatically.

What to watch for

Read-only, always. A traffic dashboard needs Analytics Read and nothing more. Scope the OAuth grant or API token accordingly.
Check the figures before you share. The GraphQL API returns exactly what you ask for — if your request count includes a zone you didn't mean, or your cache ratio counts uncacheable responses, the dashboard will confidently show the wrong number. Reconcile against the Cloudflare dashboard once.
The link is the deliverable, not the artifact. Share the Drafty URL, not the Claude artifact preview — that's the one you can update in place.

Cloudflare dashboard with Claude — FAQ

Do I need to paste my Cloudflare API key anywhere?: No. The remote Cloudflare GraphQL Analytics MCP server at graphql.mcp.cloudflare.com authenticates over OAuth, so you authorize the account through a consent screen instead of pasting a key. For an unattended agent, use a scoped API token limited to Analytics Read — never a full account key, and never committed to a repo.
Is the dashboard live or a snapshot?: A snapshot. It contains the numbers Claude pulled when it built the file; it does not re-query Cloudflare when someone opens the link. To refresh it, ask Claude to repull and re-push to the same URL — or put that on a daily schedule so the stable link always shows current numbers.
Can my team comment without a Cloudflare or Claude account?: Yes. The dashboard is published to a Drafty canvas link that renders in any browser. Reviewers click the exact element they want changed and leave a pinned comment with no login required. Only the person connecting Cloudflare needs access to the account.
Is it safe to give Claude access to my Cloudflare account?: Connect with OAuth and select the Analytics Read scope, or use a read-scoped API token — a traffic dashboard never needs more than that. Every tool call is mediated by the MCP server, and in Claude you approve actions. Don't grant write or edit scopes for a read-only reporting task.
How is this different from the Cloudflare Analytics dashboard or a BI tool?: Cloudflare's own analytics and a BI tool query live data against fixed views — the right choice for standing, governed reporting. This approach is for a fast, shareable snapshot you can spin up in minutes, shape exactly how you want by talking to Claude, then collect feedback on inline. Different jobs: one is a standing system, the other is a quick reviewable deliverable.