Cloudflare Temporary Accounts for AI Agents, launched June 19, 2026, let a coding agent deploy a Cloudflare Worker with no signup — the agent runs wrangler deploy --temporary and the platform provisions a throwaway account, deploys the code, and hands back a claim URL the agent can return to a human.
The reason this matters is a workflow gap, not a missing feature. Coding agents are now competent at writing software end to end, but the moment one needs to ship, it hits an account-creation flow built for a human with a browser, an email inbox, and a credit card. For an unattended background session that wall is a hard stop. Temporary Accounts removes it for the simplest case: get something live, then decide whether to keep it.
This guide walks through the mechanics of the claim flow, the guardrails Cloudflare built in (proof-of-work, rate limits, credential checks), the product limits at launch, the explicit cases Cloudflare says it is not for, and how it fits alongside the other two agent-auth initiatives Cloudflare announced in 2026. Every number and limit below is drawn from Cloudflare's own announcement and documentation.
- 01No signup, no card — just deploy.An agent runs wrangler deploy --temporary and Cloudflare provisions a throwaway account, deploys the Worker, and returns a claim URL. The flag needs Wrangler 4.102.0 or later.
- 02Claim it within 60 minutes or it disappears.The temporary account auto-expires after 60 minutes if no one claims it. Claiming it through a browser-based URL transfers permanent ownership to a real account.
- 03It only works with no existing credentials.If OAuth, a CLOUDFLARE_API_TOKEN, or a global API key is already present, --temporary returns an error. It is explicitly the on-ramp, not a way to bypass an existing login.
- 04Wrangler advertises the flag to the agent itself.When a deploy fails for lack of credentials, Wrangler prints instructions to rerun with --temporary. The CLI is written to be self-discoverable by an agent, not just a human reading docs.
- 05It is not for production or CI/CD.Cloudflare states this directly: for production and CI/CD, use a permanent account with wrangler login or an API token. Custom domains are not supported in temporary mode — workers.dev only.
01 — The ProblemAgents write code well — then hit a human wall.
The framing in Cloudflare's announcement is blunt about where the friction sits. Writing software with an agent is already routine; shipping it is where the workflow breaks. A signup form expects a person — an email to verify, a card to enter, a button to click inside a short window. None of that survives an unattended background run, and Cloudflare argues an agent that gets stuck there will simply deploy somewhere it can get through.
"Everyone's writing code with AI agents today. But the moment an agent needs to deploy something — and needs to sign up and create an account — it slams face-first into a wall built for humans."— Cloudflare, Temporary Accounts announcement (Jun 19, 2026)
That observation generalizes beyond Cloudflare. Background agent sessions — scheduled runs, ticket-driven automations, multi-step build pipelines kicked off by another system — are increasingly the norm rather than the exception. Any authentication step that needs a browser, a copy-paste, or a click in the next sixty seconds is a point where an autonomous agent stalls. The interesting design move here is not the temporary account itself; it is treating agent-legibility as a first-class CLI requirement. We cover the governance side of giving agents this kind of reach in our guide to AI agent governance and compliance frameworks.
02 — The Claim FlowDeploy now, own it later.
The flow is deliberately short. When an agent runs wrangler deploy --temporary with no credentials present, three things happen on Cloudflare’s side: a temporary account is provisioned, Wrangler is issued an API token to work with, and a claim URL is generated for the agent to pass back to a human. The Worker goes live on a workers.dev subdomain immediately.
From there the clock matters. The temporary account stays live for 60 minutes. Within that window, a human can open the claim URL in a browser and take permanent ownership — the account, and the deployment running on it, become a normal Cloudflare account the person controls. If no one claims it inside the hour, the account expires automatically and the deployment goes with it. There is no documented mechanism to extend the 60-minute window; treat it as a fixed expiry.
"Cloudflare provisions a temporary account for the agent to use, gives Wrangler an API token to work with, and provides a claim URL that the agent can give back to the human."— Cloudflare, Temporary Accounts announcement (Jun 19, 2026)
Agent runs --temporary
Cloudflare provisions a throwaway account, issues Wrangler an API token, and publishes the Worker to a workers.dev subdomain. No email, no card, no human in the loop.
Re-deploy in the window
Within the 60-minute window the agent can re-deploy as many times as it needs. Wrangler caches the temporary account and reuses it; the cache clears only on wrangler login or wrangler logout.
Human claims ownership
A person opens the claim URL in a browser to transfer the account and its deployment into permanent ownership. Unclaimed accounts expire automatically when the hour is up.
The detail that makes this agent-native is the auto-discovery prompt. An agent does not need to know the flag exists in advance. When a deploy fails because no credentials are present, Wrangler prints guidance telling the caller to rerun the command with --temporary, explaining that it will use a temporary account and print a claim URL. In effect the CLI documents itself to whatever is reading its output — a human or a language model — which is a meaningfully different design target than a CLI written only for people.
03 — GuardrailsThe checks that keep it from being abused.
A no-signup deploy endpoint is an obvious target for abuse, so Cloudflare wrapped the flow in three controls that an agent never has to think about but cannot route around either.
Proof-of-work check
Before a temporary preview account is created, Cloudflare requires a proof-of-work check. Wrangler handles it automatically — it adds a short delay but needs no user input.
Account-creation limit
Cloudflare limits how quickly temporary preview accounts can be created. If the limit is hit, the user has to wait or authenticate with a permanent account instead.
Existing-credential block
The --temporary flag only works when Wrangler has no existing credentials. If OAuth, a CLOUDFLARE_API_TOKEN, or a global API key is present, the flag returns an error.
The credential check is worth dwelling on because it shapes how the feature behaves inside a real pipeline. Temporary mode is explicitly the path you take when you have nothing — no login, no token, no key. The instant any of those exist, Cloudflare assumes you want the permanent account behind them, and the temporary path closes. That keeps the feature scoped to genuine first-deploy moments rather than becoming a quiet way to sidestep an organization's real credentials.
04 — Product LimitsWhat you can build in a temporary account.
Supported products are deliberately narrow at launch, with explicit per-product ceilings. The table below synthesizes Cloudflare's claim-deployments documentation into a single agent-builder reference. The most important line is the last one: custom domains are not available in temporary mode, so deployments live on workers.dev until the account is claimed.
| Product | Supported | Limit | Note for agent builders |
|---|---|---|---|
| Workers | Yes | workers.dev only | The core target. No custom domain attachment while temporary. |
| Workers Static Assets | Yes | Up to 1,000 files, 5 MiB each | Fine for a front end or demo; large asset bundles will hit the ceiling. |
| Workers KV | Yes | Supported | Key-value storage available for state during the preview. |
| D1 | Yes | 1 DB, 100 MB max | One database, capped — enough to prove out a schema, not a data load. |
| Durable Objects | Yes | Supported | Stateful coordination is available within the preview window. |
| Hyperdrive | Yes | Up to 2 DB configs, 10 connections | Connect to an external database, within tight connection limits. |
| Queues | Yes | Up to 10 queues | Enough to wire up async workflows for a working prototype. |
| SSL/TLS certificates | Yes | Supported | TLS for the workers.dev deployment is in scope. |
| Custom domains | No | Not supported | Attach a domain only after a human claims the account. |
Read as a set, the limits tell you the intended scope clearly: this is a deploy-and-demo surface, not a place to stand up something durable. You can prove that a generated app runs end to end — a front end, a database, a queue, some stateful coordination — but you cannot grow it into production inside the temporary account. That is by design, and it is consistent with the explicit non-use-cases in the next section.
05 — The Fine PrintWhat temporary accounts are not for.
This is the part most coverage of the announcement skips, and it is where the feature earns its credibility. Cloudflare states the non-use-case directly in its documentation:
That guidance is more than a disclaimer. A 60-minute account with no owner, no custom domain, and capped products is structurally wrong for anything that needs to persist, be monitored, or be redeployed from a pipeline. Pointing CI at temporary accounts would mean a fresh throwaway environment on every run with no continuity of state, secrets, or domains. The feature is best understood as the very first step of a longer journey: get a generated app live so a human can look at it, then claim it and move it onto proper credentials before doing anything serious.
The boundary also matters for security review. Because temporary accounts deploy real, internet-reachable Workers with no identity attached up front, an attacker could in principle use the flow to spin up short-lived phishing or malware-hosting Workers. The 60-minute expiry and rate limits blunt that, but teams adopting agent-driven deploys should still treat the surface as part of their threat model — the same way they would any unattended deploy path. Cloudflare's broader approach to keeping autonomous agents in check is covered in our piece on securing autonomous agents at the edge.
06 — The Bigger PictureThree layers of agent auth, stacked.
Temporary Accounts is one of three concurrent agent-auth initiatives Cloudflare advanced in 2026. Most coverage treats them as separate announcements; they read more coherently as a layered model for how an agent acquires identity, payment, and a place to run. The first removes friction entirely, the second adds delegated payment, and the third standardizes the handshake.
| Mechanism | Use case | Human approval | Payment handled | Permanence | Launch |
|---|---|---|---|---|---|
| Temporary Accounts | Frictionless first deploy, no signup | Only to claim ownership | No — no payment involved | 60-minute expiry unless claimed | Jun 19, 2026 |
| Stripe Projects | Agent provisions account, pays, deploys | Yes — auth, terms, billing, merge gates | Yes — default $100/mo cap per provider | Permanent, human-delegated | May 18, 2026 |
| auth.md (WorkOS) | Open agent-registration protocol | Per the service's policy | Out of scope (auth only) | Platform-independent standard | ~May 25, 2026 |
The Stripe Projects protocol, announced May 18, 2026, lets agents go further — create a Cloudflare account, start a paid subscription, register a domain, and obtain an API token — under a default spending cap of $100 per month per provider, with human approval gates kept at Stripe authentication, terms acceptance, billing setup, and merge decisions. Note that the $100 cap belongs to Stripe Projects, where money changes hands; Temporary Accounts involves no payment at all, so it has no spending cap to speak of. The auth.md protocol from WorkOS, published around May 25, 2026, takes the abstraction up a level: a Markdown file at a well-known URL that composes existing OAuth standards into a portable agent-registration handshake, with Cloudflare among the early adopters.
For the adjacent question of how agents pay for the resources they provision, the emerging machine-payment rails are worth understanding alongside this — see our explainer on the x402 payment protocol for AI agents. Read together, the picture is an identity-and-payment layer forming beneath agent infrastructure, with Cloudflare staking out each tier.
07 — Honest RisksWhere the convenience can bite.
Most of the documented risk in this space attaches to the payment-enabled tier rather than to Temporary Accounts, which is payment-free by design. Developer commentary on the Stripe Projects model surfaced three failure modes worth carrying into any agent-driven cloud workflow: an agent buying the wrong domain, burning through credit in a retry loop, and committing irreversible spend on durable assets. Cloudflare's answers there are runtime budget enforcement, audit logs, idempotency keys, and fast kill switches.
Agent-deploy risk surface · by tier (illustrative weighting)
Source: Cloudflare docs + InfoQ reportingThe bars above are an illustrative weighting, not measured incident rates — they are meant to show where the heavier risk sits, which is squarely in the payment tier. For Temporary Accounts specifically, the two real exposures are mundane by comparison: a claim URL that leaks (because it grants ownership) and the abuse of a short-lived anonymous Worker. Both are bounded by the 60-minute expiry, the rate limits, and the proof-of-work check, but neither is zero. Our advice is to treat claim URLs as secrets in your agent scaffolding and to keep the no-credentials deploy path inside the same monitoring you apply to any other deploy.
08 — AdoptionHow teams should actually use it.
The right adoption posture follows the feature's own scoping: lean on it for the moments it was built for, and route everything durable to permanent credentials.
Agent-generated app, human review
An agent builds something and you want it live in seconds to look at it. Temporary Accounts is exactly this — deploy, share the workers.dev URL, claim it if it is worth keeping.
Throwaway experiments
Rapid write-deploy-verify cycles where you do not yet care about persistence. Re-deploy freely inside the 60-minute window; the cached temporary account is reused until you log in or out.
Anything that must persist
Cloudflare says it plainly: use a permanent account with wrangler login or an API token. Temporary accounts have no continuity of state, secrets, or domains across runs.
Agent creates and pays for its own stack
If the agent needs to register a domain, start a subscription, and own the account end to end, that is the Stripe Projects path with its $100/mo cap and approval gates — not temporary mode.
For agencies and engineering teams, the practical move is to build the claim step into the workflow from day one. Have the agent surface the claim URL to a named human channel, decide on the spot whether the deployment is worth keeping, and either claim it onto a real account or let it expire. That keeps the throwaway tier genuinely throwaway and prevents the anti-pattern of leaning on it for things it was never meant to hold. If you are designing the broader deployment and identity stack that agents plug into, our overview of an enterprise agent platform reference architecture maps where a feature like this fits. Teams standing up agent-driven development pipelines end to end are exactly who we work with in our AI digital transformation engagements, and when it comes to shipping the apps those agents produce, our web development team handles the move from preview to production.
09 — ConclusionA small flag with a big implication.
The interesting part is not the temporary account — it is the self-describing CLI behind it.
Cloudflare Temporary Accounts solves a narrow, real problem: an agent that can build software but cannot get past a human signup form. The --temporary flag, the 60-minute claim window, and the workers.dev-only limits add up to a clean deploy-now-own-later contract that is genuinely new at the account level.
The more durable lesson is the design philosophy underneath it. Wrangler advertising the flag in its own error output — writing the CLI to be legible to a language model, not just a human — is the kind of change that propagates. As more cloud tooling is consumed by agents rather than people, self-describing interfaces stop being a nicety and become a competitive surface. Treating the temporary account as the first rung of a three-tier ladder, alongside Stripe Projects and auth.md, is the right way to read it.
The discipline to keep, then, is the one Cloudflare itself asks for: use temporary accounts for the frictionless first deploy and review, and move anything that has to persist onto permanent credentials before it matters. Get that boundary right and you get the convenience without inheriting the failure modes — which is the whole point of the feature.