General requirements
TLS
TLS protocol version
The minimum supported version is TLS 1.2. For enhanced security and performance, we recommend using TLS 1.3.
Corporate SSL inspection or TLS interception proxies may break authentication with the Fluentax API.
Ensure sso.fluentax.com and fx-api.fluentax.com are excluded from SSL inspection.
Certificate Authorities (Cloudflare Edge TLS)
Fluentax API is delivered via Cloudflare’s global edge network. TLS certificates presented to clients are managed through Cloudflare’s Automatic Certificate Management (ACM) system.
Depending on edge configuration and automatic rotation, the API may present certificates issued by different public trusted Certificate Authorities (CAs), including (but not limited to):
Because Cloudflare automatically rotates and manages edge certificates, the issuing CA may change over time without notice.
Instead of pinning a single CA, ensure your system trusts the full set of modern public root CAs.
You can verify the active certificate chain here: https://www.ssllabs.com/ssltest/analyze.html?d=fx-api.fluentax.com
IP Address Allowlisting & Firewall Settings
Fluentax API is served via Cloudflare Anycast network, meaning IPs are dynamic and globally distributed.
Do not allowlist a single IP address. Because we use a Content Delivery Network (CDN), the IP address of the Fluentax API will change based on your geographic location and network routing. You must allow the entire range.
Required configuration:
- Port: 443 (HTTPS)
- Allow Cloudflare IP ranges: https://www.cloudflare.com/ips/
Cloudflare IP ranges may change over time. You should automate updates using Cloudflare’s IPs API to programmatically keep firewall allowlists up to date.