Skip to content
OpsTower Docs

Cloudflare D1 Connection

The Cloudflare D1 connection integrates your D1 databases with OpsTower, giving agents the ability to run read-only SQL queries against your serverless SQLite databases. All queries are limited to SELECT statements and return a maximum of 100 rows per query.

Prerequisites

Section titled “Prerequisites”

You need a Cloudflare account with at least one D1 database created under Workers & Pages.

Credentials Required

Section titled “Credentials Required”

To set up a Cloudflare D1 connection, you need three pieces of information:

  • API Token — a Cloudflare API token with D1 read permissions
  • Account ID — your Cloudflare account identifier
  • Database ID — the UUID of the specific D1 database to query

How to Create an API Token

Section titled “How to Create an API Token”
  1. Log in to the Cloudflare dashboard at dash.cloudflare.com.
  2. Click your profile icon in the top-right corner and go to My Profile.
  3. Select API Tokens from the left sidebar.
  4. Click Create Token.
  5. Choose Create Custom Token.
  6. Give the token a descriptive name (e.g., “OpsTower D1 Read”).
  7. Under Permissions, add:
    • AccountD1Read
  8. Under Account Resources, select the account that contains your D1 database.
  9. Click Continue to summary, then Create Token.
  10. Copy the token immediately — it will not be shown again.

Store this token securely. If you lose it, you will need to create a new one.

How to Find Your Account ID

Section titled “How to Find Your Account ID”
  1. Log in to the Cloudflare dashboard at dash.cloudflare.com.
  2. Select your account.
  3. The Account ID is displayed in the right sidebar on the account overview page. It is a 32-character hexadecimal string.

You can also find the Account ID in the URL when viewing your account: https://dash.cloudflare.com/<account-id>/...

How to Find Your Database ID

Section titled “How to Find Your Database ID”
  1. In the Cloudflare dashboard, navigate to Workers & Pages in the sidebar.
  2. Select D1 from the submenu.
  3. Click the name of the database you want to connect.
  4. On the database overview page, the Database ID is displayed near the top. It is a UUID (e.g., a1b2c3d4-e5f6-7890-abcd-ef1234567890).

Setting Up the Connection in OpsTower

Section titled “Setting Up the Connection in OpsTower”
  1. In OpsTower, navigate to Connections in the sidebar.
  2. Click Add Connection and select Cloudflare D1.
  3. Enter your API Token, Account ID, and Database ID.
  4. Click Save to create the connection.

What Agents Can Do with Cloudflare D1

Section titled “What Agents Can Do with Cloudflare D1”

Once connected and enabled on an agent, the agent can:

  • Execute read-only SQL queries (SELECT statements only) against your D1 database
  • List all tables in the database
  • Inspect table schemas to understand your data structure

All queries are validated as read-only before execution. Write operations (INSERT, UPDATE, DELETE, DROP, etc.) are rejected.

Troubleshooting

Section titled “Troubleshooting”
  • Authentication errors: Verify that your API token is correct and has the “Account > D1 > Read” permission. Generate a new token if needed.
  • No data returned: Confirm that the Database ID matches the correct database and that the database contains data.
  • Permission denied: Ensure the API token’s account resources include the account where the D1 database resides.
  • Query errors: D1 uses SQLite syntax. If your query fails, check that you are using SQLite-compatible SQL.