Cloudflare Temporary Accounts: Let Agents Deploy Without OAuth Flows

Official Sources

Last updated: June 20, 2026

AI agents hit a wall when they need to deploy code. The problem is not the deployment itself - it is the account creation flow that precedes it. OAuth popups, dashboard click-throughs, API token copy-paste rituals, multi-factor authentication challenges - all designed for humans with browsers and patience.

Cloudflare addressed this on June 19, 2026 with temporary accounts. An agent running Wrangler 4.102.0 or later can now deploy a Worker, a D1 database, KV storage, Durable Objects, or any supported Cloudflare resource without creating an account first. The deployment stays live for 60 minutes. During that window, a human can claim the account and make it permanent.

How It Works

The mechanism is a single CLI flag:

wrangler deploy --temporary

When an agent runs this command without credentials, Wrangler provisions a temporary Cloudflare account in the background, issues an API token to itself, deploys the Worker, and returns two URLs: the live deployment URL and a claim URL.

The agent does not need to navigate a browser, handle OAuth callbacks, or parse emails. It gets infrastructure.

The 60-Minute Window

Temporary deployments self-destruct after 60 minutes of inactivity. That is enough time for an agent to:

1. Deploy an initial version
2. Test the endpoint
3. Iterate with fixes
4. Redeploy multiple times
5. Hand the claim URL to a human for permanent ownership

Each redeploy resets the 60-minute timer. An agent actively iterating on a deployment can keep it alive indefinitely - the clock only runs when nothing is happening.

When a human clicks the claim URL, they authenticate with Cloudflare (signing up or logging in), and the temporary account converts to a permanent one. All resources - Workers, databases, KV namespaces, Durable Objects - transfer with it.

If nobody claims the account within the window and no redeploy happens, Cloudflare deletes everything.

What You Can Deploy

The temporary accounts feature supports a significant slice of the Cloudflare developer platform:

This covers most common deployment patterns. An agent can spin up an API with a database backend, deploy a static site, or launch a real-time application with Durable Objects - all without a pre-existing account.

Version Requirements

You need Wrangler 4.102.0 or later. Check your version:

wrangler --version

If you are behind, update:

npm install -g wrangler@latest

One gotcha: if you have cached credentials from a previous login, they may interfere with temporary account creation. Run wrangler logout before testing the feature to ensure a clean state.

What This Means for Agent Workflows

The pattern Cloudflare enabled here is "deploy first, claim later." It inverts the traditional flow where account creation is a prerequisite for any action.

For agent developers, this opens several use cases:

Prototype deployment agents. An agent can take a description like "build me an API that converts markdown to PDF" and ship a working endpoint without any credential handoff. The human reviews the live deployment before claiming it.

CI/CD without secrets. Ephemeral preview deployments in CI pipelines can use temporary accounts instead of storing Cloudflare API tokens in secrets. The deployment lives long enough for automated tests, then either gets claimed or expires.

Sandbox environments. Agents testing infrastructure code can deploy to throwaway Cloudflare accounts, validate behavior, and clean up automatically after 60 minutes.

Demo flows. A conversational agent can deploy a working example during a support interaction. The user sees it live, decides if they want it, and claims or abandons it.

The Agent Discovery Pattern

Cloudflare built in a helpful fallback. When an agent tries to run wrangler deploy without credentials, Wrangler outputs a message suggesting the --temporary flag. An agent parsing CLI output can discover the feature and adapt without explicit instructions.

This matters because it means agents designed for credentialed deployments can gracefully degrade to temporary deployments when credentials are unavailable. No special-case code required - just read the error message.

Integration Example

Here is a minimal agent loop that deploys a Worker and returns both URLs:

import { execSync } from 'child_process';

async function deployTemporary(projectPath: string) {
  // Ensure no cached credentials
  execSync('wrangler logout', { cwd: projectPath, stdio: 'ignore' });

  // Deploy with temporary flag
  const output = execSync('wrangler deploy --temporary', {
    cwd: projectPath,
    encoding: 'utf-8'
  });

  // Parse URLs from output
  const deployUrl = output.match(/https:\/\/[^\s]+\.workers\.dev/)?.[0];
  const claimUrl = output.match(/https:\/\/dash\.cloudflare\.com\/temporary-claim\/[^\s]+/)?.[0];

  return { deployUrl, claimUrl };
}

The agent hands back both URLs. A human can visit the claim URL to take ownership, or let the deployment expire.

Limitations

The 60-minute window is both the feature and the constraint. For deployments that need to survive without human intervention, temporary accounts are not the answer - you still need proper credentials.

Not every Cloudflare product is supported yet. R2 storage, Workers AI, and some enterprise features are absent from the launch list. Check the changelog for updates.

The claim flow requires a human with a browser. There is no API to convert a temporary account to permanent programmatically - someone needs to click through.

Broader Context

This is part of a pattern where infrastructure providers are adapting to agentic workloads. Stripe and WorkOS have similar agent-friendly provisioning flows. The thesis: if agents are going to deploy production infrastructure, the infrastructure needs to meet them halfway.

For developers building agents that touch deployment, this removes one of the harder integration problems. You no longer need to build OAuth handling, token management, or credential storage into your agent just to deploy a Worker.

FAQ

Does temporary deployment cost anything?

Cloudflare has not published pricing specific to temporary accounts. Claimed accounts follow normal Workers pricing. Unclaimed deployments that expire do not appear to incur charges.

Can I extend the 60-minute window?

Each redeploy resets the timer. An agent actively iterating keeps the deployment alive. There is no explicit "extend" command.

What happens to data in D1 or KV if I do not claim?

It gets deleted with the rest of the temporary account when the 60 minutes expire.

Can multiple agents share a temporary account?

No. Each wrangler deploy --temporary creates a new isolated account. Agents cannot collaborate on a single temporary deployment.

Does this work with wrangler.toml configuration?

Yes. Your standard wrangler.toml configuration applies to temporary deployments. Bindings, routes, and other settings work as expected.

Is this available on the free tier?

Yes. Temporary accounts do not require a paid Cloudflare plan.

Can I use this for production?

The 60-minute expiration makes it unsuitable for persistent production workloads. Use it for prototyping, previews, and handoff flows - then claim the account for production.

What version of Node.js do I need?

Wrangler 4.x requires Node.js 18 or later.

Sources

• Temporary Cloudflare Accounts for AI Agents - Cloudflare Blog, June 19, 2026
• Temporary accounts for AI agent deployments - Cloudflare Changelog, June 19, 2026
• Wrangler CLI Documentation - Cloudflare Workers docs