The Cloudflare cert question, answered honestly
Cloudflare AI certification: there isn't one — here's the blueprint we teach instead
Cloudflare has no official AI or Workers developer certification (confirmed May 2026 — its formal certs are security-focused: App Security, Network Security, Zero Trust). Treat any "Cloudflare AI cert" claim with suspicion.
Because the platform is still worth mastering, we teach it against CAPA — a clearly-labelled, synthesized Academy credential whose full blueprint is published on this page: 5 weighted domains, 30 task statements each anchored on a live Cloudflare docs page, a pass bar of 720/1000, and a mandatory practical capstone. It is never marketed as an industry exam.
Why there's no cert — and why the skills still matter
Cloudflare's certification catalogue covers its security products, not its developer platform. Meanwhile the AI surface — the Agents SDK on Durable Objects, AI Gateway, AI Search, Vectorize, Workers AI — has become one of the most practical places to run production agents at the edge. The skills are real and hireable; the vendor badge simply doesn't exist yet.
Our answer is to mirror the rigor of the two confirmed anchors we also teach — Anthropic's CCA-F and the AWS GenAI Developer – Professional, both verified against their official exam guides — and apply the same structure to the real Cloudflare AI surface. If Cloudflare ever ships a real AI cert, we re-map to it.
The CAPA blueprint
Format: 60 scored multiple-choice questions (1 correct of 4), scaled 100–1000, pass 720 — plus a mandatory practical capstone, graded pass/fail against the six-criterion rubric below. Every task statement was verified against a live developers.cloudflare.com page on 7 Jul 2026.
weightsConfirmed: false), the "Academy (synthesized)" provider label, and this disclaimer are locked by automated tests in our codebase: they cannot silently flip without an official Cloudflare exam to point at.
Domains and weights
| Domain | Weight | Task statements | Why this weight |
|---|---|---|---|
| D1 · Agentic runtime on Cloudflare | 28% | 7 | The Agents SDK on Durable Objects is the platform's core differentiator — a stateful agent is a globally-addressable, single-threaded DO with embedded SQLite and hibernation. Mirrors the primacy CCA-F gives agent design (27%). |
| D2 · AI Gateway & model operations | 22% | 6 | Every production model call routes through AI Gateway for routing, caching, cost governance, guardrails, and observability. Model ops, not model choice, is where architects spend their effort. |
| D3 · Retrieval & data | 20% | 6 | Grounding an agent on your own corpus (AI Search, Vectorize, the R2/D1 data plane) is table-stakes for a useful agent. |
| D4 · Edge app & deployment architecture | 15% | 5 | Bindings, wrangler environments, async processing, routing — the delivery substrate; prerequisite platform knowledge rather than the AI-specific core. |
| D5 · Security, isolation & governance | 15% | 6 | Zero Trust access, egress control, secrets, least-privilege bindings, residency, audit. Mirrors the dedicated safety/governance domains on both anchor exams. |
The 30 task statements
Each statement names one competency and links the live Cloudflare doc it was verified against. Statements marked † cover churny/beta products (Agents SDK, Sandbox, AI Search) and are re-verified on a schedule.
D1 — Agentic runtime on Cloudflare (28%)
| ID | Statement | Docs |
|---|---|---|
| D1.T1 † | Design a stateful agent on the Agents SDK, selecting the agent class and Durable Object placement so each unique agent name is its own globally-addressable, single-threaded instance. | Agents · Durable Objects |
| D1.T2 † | Persist and broadcast durable agent state with setState(), backed by the instance's embedded SQLite storage, and reason about per-instance isolation across connected clients. | Agent state |
| D1.T3 † | Configure the agent's WebSocket transport and hibernation so connections stay open while the Durable Object sleeps and wakes on the next request at no idle cost. | WebSockets |
| D1.T4 † | Design the control-plane split for a Claude-managed agent — model reasoning on Anthropic, code execution in a per-session Cloudflare Sandbox bounded by an egress policy. | Sandbox |
| D1.T5 † | Choose an execution substrate for an agent workload — a lightweight Workers isolate versus a stronger-isolation Sandbox/Container instance for arbitrary or untrusted code. | Sandbox · Containers |
| D1.T6 † | Schedule agent-initiated background work with schedule()/scheduleEvery() one-time, delayed, or cron callbacks backed by the Durable Object alarm. | Scheduling |
| D1.T7 † | Coordinate a multi-agent system by routing work to sub-agents, each with its own isolated SQLite state, while the top-level parent owns the physical alarm slot. | Sub-agents |
D2 — AI Gateway & model operations (22%)
| ID | Statement | Docs |
|---|---|---|
| D2.T1 | Route model traffic through AI Gateway with Dynamic Routing for A/B testing and automatic fallback to a backup model or provider on error or latency. | Dynamic Routing · Fallbacks |
| D2.T2 | Enable AI Gateway response caching to serve repeat prompts without re-billing the upstream provider, and reason about when caching interferes with a retrieval pipeline. | Caching |
| D2.T3 | Govern model cost with AI Gateway spend limits — cost-based budgets that either block with a 429 or fall back to a cheaper model when the budget window is exceeded. | Spend limits |
| D2.T4 | Configure AI Gateway Guardrails to screen prompts and responses, choosing flag versus block mode and handling the blocked-request behavior in the calling application. | Guardrails |
| D2.T5 | Secure gateway access with an authenticated gateway token (cf-aig-authorization) and decide between Unified Billing and Bring-Your-Own-Keys for provider credentials. | Authentication · BYOK |
| D2.T6 | Use AI Gateway analytics and logs to observe per-model cost, tokens, latency, and errors, and feed the request/response logs into an evaluation workflow. | Analytics · Logging |
D3 — Retrieval & data (20%)
| ID | Statement | Docs |
|---|---|---|
| D3.T1 † | Stand up an AI Search pipeline over an R2 source — embeddings, indexing, hybrid vector+BM25 retrieval, and grounded answer generation — without managing the infrastructure. | AI Search · Hybrid search |
| D3.T2 | Design a Vectorize index with metadata and namespaces, creating any metadata index before the first upsert so that later metadata filters actually cover the vectors. | Vectorize · Metadata filtering |
| D3.T3 | Choose an embedding model and chunking strategy within its token limit — e.g. bge-base-en-v1.5 truncates at 512 tokens — so passages embed without silent truncation. | bge-base-en-v1.5 · Chunking |
| D3.T4 | Model R2 as the object/source data plane and D1 as the relational data plane for a retrieval application, accessed as least-privilege Worker bindings. | R2 · D1 |
| D3.T5 † | Improve retrieval quality with optional query rewriting and a reranking model that re-scores the top results by semantic relevance before answer generation. | Query rewriting · Reranking |
| D3.T6 † | Keep an index fresh with continuous sync/re-indexing as the source changes, and trigger re-indexing when content is published or updated. | Syncing |
D4 — Edge app & deployment architecture (15%)
| ID | Statement | Docs |
|---|---|---|
| D4.T1 | Wire Worker bindings (R2, D1, KV, Vectorize, AI) as least-privilege capabilities rather than open network access when composing an edge AI application. | Bindings |
| D4.T2 | Configure and deploy a Worker with wrangler, using named environments to separate local, staging, and production configuration and secrets. | Wrangler · Environments |
| D4.T3 | Design asynchronous and scheduled processing with Queues (producer/consumer + dead-letter queue), Cron Triggers, and Workflows for durable multi-step jobs. | Queues · Workflows |
| D4.T4 | Design a multi-tenant isolation pattern (per-tenant instances, namespaces, or bindings) and observe the running app with Workers Logs / Logpush. | Workers Logs |
| D4.T5 | Map routes and custom domains to a Worker and reason about edge caching behavior for its responses. | Custom domains · Cache |
D5 — Security, isolation & governance (15%)
| ID | Statement | Docs |
|---|---|---|
| D5.T1 | Put Cloudflare Zero Trust Access in front of an AI application so requests are verified by default rather than trusted by network position. | Access policies |
| D5.T2 | Apply an egress policy to a sandbox or agent — restrict reachable domains and inject credentials at the boundary rather than exposing secrets to the workload. | Sandbox |
| D5.T3 | Manage secrets with Workers secrets rather than plaintext vars, keeping the local .dev.vars boundary separate from deployed secrets. | Secrets |
| D5.T4 | Enforce least-privilege tool and binding design so an agent acts on data through scoped bindings instead of broad, open capabilities. | Bindings |
| D5.T5 | Meet data residency requirements by pinning D1 and Durable Object storage to a jurisdiction (e.g. eu) and applying the Data Localization Suite. | D1 location · Data Localization |
| D5.T6 | Govern the platform with audit logging and Guardrail policy — observing model traffic and content moderation decisions across the agent estate. | Guardrails · Logs |
The capstone rubric
The written questions check knowledge; the capstone checks you can ship. It is graded pass/fail against six gates — every one must pass:
- 1 · Working agentic runtime. A stateful agent deployed on your own Cloudflare account, persisting state to embedded SQLite (Agents SDK + Durable Objects). Evidences D1.
- 2 · Gateway-mediated model ops with cost controls. All model traffic through AI Gateway with a cost-modeled fallback and observable per-turn cost. Evidences D2.
- 3 · Grounded retrieval over your own corpus. Answers come from your data via AI Search or Vectorize, not parametric memory alone. Evidences D3.
- 4 · Production deployment with bindings and async processing. Deployed with wrangler, least-privilege bindings, at least one async/scheduled path. Evidences D4.
- 5 · Security and isolation posture. Workers secrets, scoped bindings, bounded egress for the agent/sandbox. Evidences D5.
- 6 · Operational readiness. An eval suite proving outcomes across runs, a one-page threat model, and a spend/budget guard. Evidences D2 + D5.
Frequently asked
Is there an official Cloudflare AI certification?
No. As of 2026, Cloudflare's formal certifications are security-focused (App Security, Network Security, Zero Trust). There is no AI or Workers developer certification. Any site claiming otherwise is selling something.
Is CAPA recognized by employers?
CAPA is an Academy credential, not an industry exam, and we say so on the credential itself. Its value is the published blueprint and the mandatory capstone: a deployed, evaluated agent on your own Cloudflare account is portfolio evidence an interviewer can inspect — which is what hiring for these roles actually screens on.
What happens if Cloudflare ships a real AI cert?
We re-map the track to it. That commitment is written into our planning docs, and the blueprint's honesty flags (synthesized weights, Academy provider label) are locked by automated tests so they cannot quietly drift into implying official status.
How were the 30 task statements built?
Top-down from the real Cloudflare AI surface — the Agents SDK, AI Gateway, AI Search, Vectorize, Workers, and Zero Trust docs — then each statement was verified against a live developers.cloudflare.com page, including an adversarial review pass that tried to refute each one against current docs. Statements on beta products are flagged and re-verified on a schedule.
- Cloudflare — developers.cloudflare.com product documentation (Agents, Durable Objects, Sandbox, AI Gateway, AI Search, Vectorize, Workers, Zero Trust); every task statement above links its anchor page. Verified 7 Jul 2026.
- Cloudflare — certification catalogue (security-focused; no official AI/Workers developer cert as of 2026).
- Anthropic CCA-F and AWS AIP-C01 official exam guides — the confirmed anchors whose structure CAPA mirrors.
CAPA is a synthesized Academy credential. Its weights are internal design decisions, not vendor-confirmed facts, and are labelled as such everywhere they appear. Corrections: hello@aiarch.dev.
Learn the platform, ship the capstone.
Track E of the Academy teaches every domain above against live Cloudflare docs, and the capstone leaves you with a deployed, evaluated agent — the artifact interviews actually screen on.
Free sample — no signup · every claim cited · cancel anytime
Get notified when new tracks ship.