Just a quick heads-up on the privacy side: I know pasting an API token into a random tool is a big ask.
I’m using a Vercel rewrite as a transparent proxy for the /api/cf endpoint. This is only there because Cloudflare’s GraphQL API doesn't play nice with CORS from a browser. It’s not a serverless function—it’s just a pass-through tunnel. No logs, no backend, no funny business.
Your token stays in your localStorage, and you can verify the traffic in your Network tab. I built this for my own peace of mind, and I wanted to make sure it stays as secure for you as it is for me.
– It uses Cloudflare’s official GraphQL API
– The API token never leaves your browser (stored in localStorage)
– Minimum required permission: R2 read-only analytics
I built this because I was close to the free Class B limit and couldn’t easily see daily burn rate.
Just a quick heads-up on the privacy side: I know pasting an API token into a random tool is a big ask.
I’m using a Vercel rewrite as a transparent proxy for the /api/cf endpoint. This is only there because Cloudflare’s GraphQL API doesn't play nice with CORS from a browser. It’s not a serverless function—it’s just a pass-through tunnel. No logs, no backend, no funny business.
Your token stays in your localStorage, and you can verify the traffic in your Network tab. I built this for my own peace of mind, and I wanted to make sure it stays as secure for you as it is for me.
A few implementation notes:
– It uses Cloudflare’s official GraphQL API – The API token never leaves your browser (stored in localStorage) – Minimum required permission: R2 read-only analytics
I built this because I was close to the free Class B limit and couldn’t easily see daily burn rate.
Happy to open-source it if there’s interest.