> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zenrows.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Claude Managed Agents

> Connect ZenRows MCP to Claude Managed Agents for real-time web scraping with anti-bot bypass and optional private network routing.

ZenRows handles the hard parts of web access so your agents don't have to. Anti-bot bypass, JavaScript rendering, and residential proxies come built in on every tool call. Use the hosted MCP server to reach any public website, or route scraped data through MCP Tunnels when your infrastructure can't be exposed to the internet.

## What is Claude Managed Agents?

Claude Managed Agents is Anthropic's hosted agent platform. It lets you build and deploy agents that call external tools, including MCP servers, without managing orchestration infrastructure yourself. Agents are configured and run from the <a href="https://console.anthropic.com" target="_blank" rel="nofollow noopener noreferrer">Claude Console</a>.

### Key benefits

* **No-code web access for your agents** <br />
  Connect ZenRows MCP in the Console and your agent can scrape any website by describing the task in plain English. No selectors, no proxy management, no anti-bot tuning.

* **Anti-bot bypass on every tool call** <br />
  Premium residential proxies, JavaScript rendering, and stealth fingerprinting come standard. Your agents reach JavaScript-heavy SPAs, Cloudflare-protected sites, and geo-restricted pages without configuration.

* **Private network routing with MCP Tunnels** <br />
  MCP Tunnels creates an outbound-only encrypted connection from your infrastructure to Anthropic's backend. Scraped data flows directly into your internal systems with no inbound ports, no firewall changes, and no public endpoints required.

* **Works with the Messages API too** <br />
  Use the same tunneled MCP server programmatically through the Anthropic Messages API, alongside the Console-based agent interface.

### Use cases

The Claude Managed Agents and ZenRows combination unlocks a wide range of agent workflows:

<AccordionGroup>
  <Accordion title="Autonomous research agents" icon="magnifying-glass">
    Agents that visit multiple URLs, follow citations, and synthesize findings from across the web into a single brief.
  </Accordion>

  <Accordion title="Lead enrichment pipelines" icon="chart-line">
    Agents that scrape company websites, find pricing pages and product launches, and write enriched profiles into your CRM.
  </Accordion>

  <Accordion title="Competitive monitoring" icon="bell">
    Agents that periodically check competitor pricing pages, blog posts, and changelogs, then surface what changed since the last run.
  </Accordion>

  <Accordion title="Secure enterprise data pipelines" icon="shield-check">
    For regulated industries, route scraped data through MCP Tunnels directly into internal databases and pipelines without touching the public internet.
  </Accordion>

  <Accordion title="Form-filling and extraction agents" icon="file-pen">
    Agents that navigate multi-step checkout flows, login-walled forms, or job applications using ZenRows' browser tools.
  </Accordion>
</AccordionGroup>

## Get started

ZenRows MCP connects to Claude Managed Agents through three paths. Pick the one that fits your setup.

<Tabs>
  <Tab title="Option A (remote MCP server)">
    Use this option when your agent only needs to scrape public websites. This is the simplest path — no infrastructure required.

    **Prerequisites**

    * A ZenRows account and API key. Find your key in the [ZenRows dashboard](https://app.zenrows.com/register).
    * Access to the <a href="https://console.anthropic.com" target="_blank" rel="nofollow noopener noreferrer">Claude Console</a> with a role that can manage agents and MCP servers.

    <Steps>
      <Step title="Open Managed Agents in the Console">
        In the Claude Console sidebar, go to **Managed Agents > Sessions** and click **New session**.

        <Note>
          If you don't see Managed Agents in the sidebar, your account may not have access yet. Claude Managed Agents is currently in beta. <a href="https://claude.com/form/claude-managed-agents" target="_blank" rel="nofollow noopener noreferrer">Request access</a> to try it.
        </Note>
      </Step>

      <Step title="Add the ZenRows MCP server">
        When configuring the agent, click **+ MCP Server** and enter the following:

        | Field         | Value                         |
        | ------------- | ----------------------------- |
        | Server URL    | `https://mcp.zenrows.com/mcp` |
        | Transport     | Streamable HTTP               |
        | Authorization | `Bearer YOUR_ZENROWS_API_KEY` |

        Replace `YOUR_ZENROWS_API_KEY` with your key from the [ZenRows dashboard](https://app.zenrows.com/register).

        <Tip>
          Most MCP clients accept an `authorization` field that automatically wraps the value as a Bearer token. If the Console provides a free-form headers field instead, set `Authorization: Bearer YOUR_ZENROWS_API_KEY` manually.
        </Tip>
      </Step>

      <Step title="Start scraping">
        Once connected, your agent can access all ZenRows tools. Describe the task in plain English:

        ```text wrap theme={null}
        Get the product names and prices from https://www.scrapingcourse.com/ecommerce/.
        ```

        ```text wrap theme={null}
        Scrape https://www.scrapingcourse.com/antibot-bypass using Premium Proxies.
        ```

        ```text wrap theme={null}
        Open https://www.scrapingcourse.com/ecommerce/ in a browser, type "hoodie" into the search field, press Enter, wait for results to load, then extract all matching product names and prices.
        ```
      </Step>
    </Steps>
  </Tab>

  <Tab title="Option B (MCP Tunnels)">
    Use this option when scraped data needs to flow into your private infrastructure, or when compliance requirements prevent exposing systems to the internet. The tunnel creates an outbound-only encrypted connection from your network to Anthropic's backend — no inbound ports, no firewall changes, no public endpoints.

    <Note>
      MCP Tunnels is in research preview and is provided as-is without uptime or continuity commitments. <a href="https://claude.com/form/claude-managed-agents" target="_blank" rel="nofollow noopener noreferrer">Request access</a> to try it.
    </Note>

    **Prerequisites**

    * A ZenRows account and API key. Find your key in the [ZenRows dashboard](https://app.zenrows.com/register).
    * Access to the <a href="https://console.anthropic.com" target="_blank" rel="nofollow noopener noreferrer">Claude Console</a> with a role that can manage agents and MCP servers.
    * <a href="https://claude.com/form/claude-managed-agents" target="_blank" rel="nofollow noopener noreferrer">MCP Tunnels research preview access</a>.
    * Docker and Docker Compose installed on the host machine, or a Kubernetes cluster.
    * OpenSSL 1.1.1 or later (pre-installed on macOS and most Linux distributions).
    * Node.js 18 or later (required to run the ZenRows local MCP server via `npx`).

    <Steps>
      <Step title="Create a tunnel in the Console">
        1. In the Console sidebar, go to **Manage > MCP tunnels** and click **New tunnel**.
        2. Give the tunnel a name.
        3. Leave **Set up programmatic access** off. The manual credentials flow works for most setups.
        4. After the tunnel is created, open it and copy two values from the **Connection** section: the **domain** (looks like `abcd1234.tunnel.anthropic.com`) and the **token** (click the eye icon to reveal it).

        <Tip>
          Keep the tunnel token safe — treat it like a password. If you suspect it has been compromised, regenerate it from the tunnel detail page in the Console.
        </Tip>
      </Step>

      <Step title="Generate and register a CA certificate">
        The proxy validates inner TLS against a CA certificate you register in the Console. Anthropic will not connect to the tunnel until a certificate is registered.

        Generate a CA and server certificate with OpenSSL:

        ```bash theme={null}
        mkdir -p data

        # Generate the CA key and certificate
        openssl req -x509 -newkey rsa:4096 -keyout data/ca.key -out data/ca.crt \
            -days 365 -nodes -subj "/CN=ZenRows Tunnel CA"

        # Generate the server key and certificate signing request
        openssl req -newkey rsa:4096 -keyout data/server.key -out data/server.csr \
            -nodes -subj "/CN=mcp-proxy"

        # Sign the server certificate with the CA
        openssl x509 -req -in data/server.csr -CA data/ca.crt -CAkey data/ca.key \
            -CAcreateserial -out data/server.crt -days 365
        ```

        Back in the Console, on the tunnel detail page, click **Add certificate** and upload `data/ca.crt`.

        <Note>
          The tunnel will show "Needs certificate" and will not appear in the agent MCP server picker until at least one CA certificate is registered.
        </Note>
      </Step>

      <Step title="Deploy the tunnel stack">
        Create a `docker-compose.yml` file in the same directory as your `data/` folder:

        ```yaml theme={null}
        services:
          cloudflared:
            image: cloudflare/cloudflared:latest
            command: tunnel --no-autoupdate run --token ${TUNNEL_TOKEN}
            restart: unless-stopped

          mcp-proxy:
            image: ghcr.io/anthropics/mcp-proxy:latest
            volumes:
              - ./data:/etc/mcp-gateway
            environment:
              - TUNNEL_TOKEN=${TUNNEL_TOKEN}
            restart: unless-stopped
        ```

        Create a `.env` file with your tunnel token:

        ```bash theme={null}
        TUNNEL_TOKEN=your_tunnel_token_here
        ```

        Create the proxy config at `data/config.yaml`. Replace `YOUR_TUNNEL_DOMAIN` with the domain copied from the Console (for example, `abcd1234.tunnel.anthropic.com`):

        ```yaml theme={null}
        routes:
          - hostname: scraper.YOUR_TUNNEL_DOMAIN
            upstream: http://host.docker.internal:8080
            tls:
              cert_file: /etc/mcp-gateway/server.crt
              key_file: /etc/mcp-gateway/server.key
        ```

        Start the stack:

        ```bash theme={null}
        docker compose up -d
        ```

        <Tip>
          `host.docker.internal` resolves to the host machine from inside a Docker container on Docker Desktop (macOS and Windows). On Linux, add `--add-host=host.docker.internal:host-gateway` to the `mcp-proxy` service, or use the host's LAN IP directly.
        </Tip>
      </Step>

      <Step title="Run the ZenRows local MCP server">
        Run the ZenRows local MCP server on the same host as the tunnel stack:

        ```bash theme={null}
        ZENROWS_API_KEY=YOUR_ZENROWS_API_KEY npx -y @zenrows/mcp
        ```

        The server listens on port `8080` by default. Confirm the `upstream` port in `config.yaml` matches.

        <Note>
          Node.js 18 or later is required for `npx` to work. You can verify your version with `node --version`.
        </Note>
      </Step>

      <Step title="Attach the tunnel to your Managed Agent session">
        1. In **Managed Agents > Sessions**, create a session and choose **Create new agent**.
        2. Click **+ MCP Server** and open the dropdown. Tunnels with at least one active certificate appear at the top of the list, above the public connector catalog.
        3. Select your tunnel, enter `scraper` as the subdomain, and set the path to `/mcp`.
        4. The **Resolves to** line confirms the full URL your agent will call. It should look like `https://scraper.YOUR_TUNNEL_DOMAIN/mcp`.
      </Step>

      <Step title="Start scraping">
        With the tunnel connected, your agent has access to all ZenRows tools and routes all traffic through your private network:

        ```text wrap theme={null}
        Get the product names and prices from https://www.scrapingcourse.com/ecommerce/.
        ```

        ```text wrap theme={null}
        Open https://www.scrapingcourse.com/ecommerce/ in a browser, type "hoodie" into the search field, press Enter, wait for results to load, then extract all matching product names and prices.
        ```
      </Step>
    </Steps>

    **How it works**

    A tunnel deployment runs two lightweight components inside your network:

    * **cloudflared**: the tunnel agent. It opens an outbound-only connection to Anthropic's tunnel edge and carries encrypted traffic back to your proxy.
    * **Proxy**: Anthropic's routing component. It terminates inner TLS, validates upstream IPs, and routes each request to the correct MCP server based on hostname.

    Each MCP server you expose gets a hostname under your tunnel domain, for example `scraper.your-tunnel-domain`. Traffic between Anthropic and your proxy is encrypted end to end. The tunnel runs on Cloudflare's network, but Cloudflare cannot read request or response payloads because the proxy terminates inner TLS using a certificate only you hold.
  </Tab>

  <Tab title="Option C (Messages API)">
    Use this option when you want to call a tunneled ZenRows MCP server programmatically, without the Console. This requires a running MCP Tunnels deployment (Option B) — the Messages API connects to the tunnel URL directly, it does not manage tunnels itself.

    **Prerequisites**

    * A ZenRows account and API key. Find your key in the [ZenRows dashboard](https://app.zenrows.com/register).
    * An Anthropic API key from the same workspace the tunnel was created in. Find it in the <a href="https://console.anthropic.com" target="_blank" rel="nofollow noopener noreferrer">Claude Console</a> under **Settings > API keys**.
    * A running MCP Tunnels deployment (Option B) with at least one active tunnel and a registered CA certificate.
    * Python 3.8 or later.

    <Steps>
      <Step title="Install the Anthropic Python library">
        ```bash theme={null}
        pip install anthropic
        ```
      </Step>

      <Step title="Set your environment variables">
        ```bash theme={null}
        export ANTHROPIC_API_KEY=your_anthropic_api_key
        ```
      </Step>

      <Step title="Run the script">
        Pass the tunnel hostname in the `mcp_servers` array. Replace `scraper.YOUR_TUNNEL_DOMAIN` with the hostname configured in your tunnel routing rules.

        ```python theme={null}
        import anthropic
        import os

        client = anthropic.Anthropic(api_key=os.environ["ANTHROPIC_API_KEY"])

        response = client.beta.messages.create(
            model="claude-sonnet-4-5",
            max_tokens=1000,
            messages=[
                {
                    "role": "user",
                    "content": "Get the top 5 products from https://www.scrapingcourse.com/ecommerce/ and return their names and prices."
                }
            ],
            mcp_servers=[
                {
                    "type": "url",
                    "url": "https://scraper.YOUR_TUNNEL_DOMAIN/mcp",
                    "name": "zenrows",
                }
            ],
            tools=[{"type": "mcp_toolset", "mcp_server_name": "zenrows"}],
            betas=["mcp-client-2025-11-20"],
        )

        print(response)
        ```

        <Note>
          The `betas` header is required while the MCP connector is in beta. Use an API key from the same workspace the tunnel was created in — cross-workspace tunnel access is not supported.
        </Note>
      </Step>
    </Steps>
  </Tab>
</Tabs>

## Troubleshooting

### The tunnel does not appear in the MCP server dropdown

The tunnel must have at least one active CA certificate registered in the Console. A tunnel showing "Needs certificate" will not appear in the picker. Register a certificate and try again.

### The agent cannot reach the upstream MCP server

Confirm the `upstream` value in `config.yaml` is reachable from the container running the proxy. On Docker Desktop, use `host.docker.internal` instead of `localhost` to reach services on the host machine. On Linux, use the host's LAN IP or add `host-gateway` as described in Step 3.

### Connection errors after adding the tunnel

Check the proxy and cloudflared container logs:

```bash theme={null}
docker compose logs mcp-proxy
docker compose logs cloudflared
```

Common causes are a mismatched certificate or a revoked tunnel token. Generate a new token from the Console, update your `.env` file, and restart the stack.

### The scrape tool is not available

Confirm the ZenRows local MCP server is running and that the `upstream` port in `config.yaml` matches the port the server is listening on. The default port is `8080`. You can verify with `npx -y @zenrows/mcp --help`.

For more help, see the [ZenRows MCP overview](/integrations/mcp/mcp-overview) and the <a href="https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/troubleshooting" target="_blank" rel="nofollow noopener noreferrer">Anthropic MCP Tunnels troubleshooting guide</a>.

## FAQ (Frequently asked questions)

<Accordion title="Do I need MCP Tunnels to use ZenRows with Claude Managed Agents?">
  No. If your agent only needs to scrape public websites, connect through the ZenRows hosted MCP server (Option A). MCP Tunnels is only needed when scraped data has to flow into private infrastructure or when compliance requirements prevent exposing systems to the internet.
</Accordion>

<Accordion title="Can I use the local stdio version of ZenRows MCP instead of the remote URL?">
  For Claude Managed Agents and the Messages API, use the remote MCP server URL (`https://mcp.zenrows.com/mcp`) or a tunneled URL. The local stdio package (`@zenrows/mcp`) is for desktop AI clients like Claude Desktop that run the server as a local subprocess. When using MCP Tunnels, the local MCP server runs inside your private network behind the tunnel proxy, not as a local subprocess on your laptop.
</Accordion>

<Accordion title="What is the difference between Option A and Option B?">
  Option A uses the ZenRows hosted MCP server directly over the public internet. It is simpler to set up and works for most use cases. Option B routes all traffic through a private encrypted tunnel. Use it when your internal systems cannot be exposed to the internet, or when your industry has compliance requirements around data routing.
</Accordion>

<Accordion title="Can I use multiple MCP servers through the same tunnel?">
  Yes. Add additional routes to `config.yaml`, each with a different subdomain. Each route maps to a different upstream MCP server inside your network. In the Console, attach each subdomain as a separate MCP server in the agent session.
</Accordion>

<Accordion title="What is the difference between Option B and Option C?">
  Both use MCP Tunnels for private network routing. Option B connects through the Claude Console and is aimed at no-code or low-code agent configuration. Option C connects programmatically through the Anthropic Messages API and is aimed at developers building applications directly on top of the API.
</Accordion>