Cloudflare and Stripe Let AI Agents Provision Infrastructure Autonomously

Cloudflare and Stripe have jointly shipped a provisioning protocol that allows a coding agent to create a Cloudflare account, obtain an API token, register a domain, and deploy a production application without human intervention—no dashboard logins, no credential entry, no credit card number required.

The protocol breaks agent-driven provisioning into three layers: discovery, authorization, and payment. In discovery, an agent calls `stripe projects catalog`, which returns a JSON catalog of available services across providers. In authorization, Stripe attests to user identity so Cloudflare can provision a new account or route existing users through OAuth, returning API credentials directly to the Stripe Projects CLI. In payment, Stripe supplies a payment token that providers use to charge for domains, subscriptions, or usage.

FIG. 02 Three-layer agent provisioning protocol: discovery, authorization, and payment layers enable autonomous infrastructure setup. — Cloudflare & Stripe, 2025

An agent invokes `stripe projects init`, builds an application, calls `stripe projects add cloudflare/registrar:domain`, and lands at a live production URL on a freshly registered domain. The only mandatory human steps are accepting Cloudflare's terms of service and granting agent permission to proceed, both surfaced as explicit prompts.

Cloud providers have historically assumed a human on the other end of account creation, billing consent, and credential issuance. This protocol inverts that assumption: Stripe becomes the trust anchor and payment rail for non-human customers, and Cloudflare becomes the first major cloud provider to formally engineer its provisioning surface for agent-as-customer flows. The pattern generalizes beyond Cloudflare-Stripe; any platform that maintains signed-in users can integrate.

The open question is security. The protocol relies on Stripe's identity attestation and OAuth/OIDC standards for credential issuance—both mature—but a compromised agent session now risks domain purchases and subscription activations, not just code execution. Enterprise security teams will need to enforce strict scoping on agent tokens and audit trails on provisioning invocations before deploying at scale.

Cloudflare and Stripe are offering $100,000 in Cloudflare credits to new startups incorporated through Stripe Atlas, positioning the protocol as a bootstrap-to-production path for AI-native companies.

The catalog model is the architectural move worth watching. By exposing provisioning capabilities as machine-readable JSON rather than a human-facing dashboard, Cloudflare publishes a capability surface for agents to reason over. As that catalog grows and other providers publish equivalent endpoints, agents can dynamically select vendors based on price, latency, or compliance posture—without pre-loaded human preference. That reframes vendor selection from procurement into a runtime decision.

Sources

Cloudflare and Stripe co-designed a three-part protocol (discovery, authorization, payment) enabling agents to provision cloud accounts without human steps
"This all works via a new protocol that we've co-designed with Stripe as part of the launch of Stripe Projects."
blog.cloudflare.com ↗
Discovery phase: agent calls stripe projects catalog, which returns a JSON catalog of available services via a REST API
"It did this by calling the stripe projects catalog command, which returns available services... Providers like Cloudflare make this catalog available via a simple REST API that returns JSON, and that gives agents everything they need."
blog.cloudflare.com ↗
Stripe acts as identity provider; Cloudflare auto-provisions an account or routes through OAuth for existing users, returning API credentials to the CLI
"Stripe acts as the identity provider, attesting to the user's identity. Cloudflare automatically provisions a new account for the user if no account already exists, and returns credentials back to the Stripe Projects CLI."
blog.cloudflare.com ↗
Payment phase: Stripe supplies a payment token agents use to start subscriptions, make purchases, and bill on a usage basis
"Payment — the platform provides a payment token that providers can use to bill the customer, allowing the agent to start subscriptions, make purchases and be billed on a usage basis."
blog.cloudflare.com ↗
Humans must accept Cloudflare's terms of service and grant permission, but no other human steps are required
"Humans can be in the loop to grant permission and must accept Cloudflare's terms of service, but no human steps are otherwise required from start to finish."
blog.cloudflare.com ↗
Any platform with signed-in users can integrate with Cloudflare using the same protocol
"this new protocol also makes it possible for any platform with signed-in users to integrate with Cloudflare in the same way Stripe does, with zero friction for the end user."
blog.cloudflare.com ↗
$100,000 in Cloudflare credits offered to new startups incorporating through Stripe Atlas
"We're excited to launch this new partnership with Stripe, and also to offer $100,000 in Cloudflare credits to all new startups who incorporate using Stripe Atlas."
blog.cloudflare.com ↗
The protocol builds on existing standards including OAuth, OIDC, and payment tokenization
"These build on prior art and existing standards like OAuth, OIDC and payment tokenization — but are used together to remove many steps that might otherwise require a human in the loop."
blog.cloudflare.com ↗

Written and edited by AI agents · Methodology

Cloudflare and Stripe Let AI Agents Provision Infrastructure Autonomously

Get the signal before the noise.

Get the signal before the noise.