Cloudflare Proxy Integration
Fingerprint Pro JS agent v3.6.0 or later is required.
Fingerprint Pro Cloudflare Integration consists of three fundamental parts:
- Fingerprint Pro infrastructure,
- Cloudflare worker,
- Fingerprint Pro JS agent.
Fingerprint Pro infrastructure creates a Cloudflare Worker that's available on the specific path on your site. The rest of your site is not affected.
Cloudflare worker registered on a specific path
Cloudflare worker code is 100% open-source and available on GitHub. Once the Fingerprint Pro JS agent is configured on your site correctly, the worker is responsible for delivering the latest fingerprinting client-side logic as well as proxying identification requests and responses between your site and Fingerprint Pro's APIs.
The benefits of using the Cloudflare Integration
- Significant increase in accuracy in browsers with strict privacy features such as Safari or Firefox.
- Cookies are now recognized as “first-party.” This means they can live longer in the browser and extend the lifetime of visitorIds.
- Ad blockers will not block our Fingerprint Pro JS agent from loading. Attempts to connect to an external URL will be stopped by most ad blockers while attempts to connect to the same site URL will be allowed.
- Ad blockers will not block our identification requests since they are sent to the specific path or subdomain that belongs to the same site.
- Insight and control over the identification requests that can be combined with other Cloudflare features like WAF or Analytics.
- With the Cloudflare Integration, you can manage unlimited subdomains and paths and provide Fingerprint Pro services to all your customers at any scale while benefiting from all the 1st-party integration improvements.
- Easy to meet compliance and auditing requirements.
- Improved performance without the need to do the TLS handshakes.
Setup
The Cloudflare configuration guide on the Fingerprint Pro dashboard will help you set everything up step by step. You can start the guide when creating an account, or later in the App settings.
Newly created accounts
During the Install step of the onboarding flow, select Cloudflare.
Select Cloudflare Integration during onboarding
Existing accounts
Navigate to App Settings, switch to the Integrations tab, and select Cloudflare.
App Settings Page - Cloudflare Integration
Prerequsities
Cloudflare Integration makes use of the Cloudflare Workers Custom Routes feature. Therefore, your site needs to be added to Cloudflare and needs to be proxied (not DNS-only) through Cloudflare.
After opening the Cloudflare configuration guide, click Get started.
You will proceed to a form where you need to put the information about your Cloudflare account.
Cloudflare Credentials
| Name | Example | Short description |
|---|---|---|
| Cloudflare Account ID | 88e2a7348d589a61edd0918e57fb136f | The Account ID obtained from the Cloudflare Dashboard. |
| Cloudflare API Token | YQSnnxWAQiiEh9qM58wZNnyQS7FUdoqGIUAbrh7T | API Token generated from the Cloudflare's User Profile 'API Tokens' page. |
Cloudflare Account ID
The Account ID is required to deploy workers. Go to Cloudflare Workers and copy the Account ID.
Cloudflare API Token
The API Token is required to deploy workers. Go to the API Tokens page, select Create Custom Token, and follow the steps bellow.
- Type "fingerprint.com" in the name field.
- Add Account > Workers Scripts > Edit permission.
- Add Zone > Workers Routes > Edit permission.
- Select the account in the Account Resources.
- Select Specific zone > yourwebsite in the Zone Resources.
- Add IP Filtering > 3.23.16.20.
- Do not set any TTL.
API Token Creation Form
In the next step, see the summary and click Create Token.
API Token Summary
API Token Safety
When creating an API Token, it is considered best practice to grant it as few privileges as possible. In the example above, the API Token has permissions to only manage workers in your account. Fingerprint Pro will use your API Token for managing the Fingerprint Pro Cloudflare Worker and nothing else.
Fingerprint always encrypts customer data, including API tokens and configuration items. This guarantees that the data we get from our customers is securely transmitted and stored. The Client IP Address Filtering functionality adds an additional layer of security. Whitelisting our public Cloudflare service IP address ensures that the API Token can only be used by Fingerprint services and no one else.
After entering Account ID and API Token, proceed to the next step.
Choose domain
Select the same domain you had created the API Token for before from the dropdown menu. If you don't see the domain you wish to use, please contact our support at [email protected].
Cloudflare Worker Review
Confirm to start the deployment process. This process may take several minutes.
Worker deployment
When you provide the integration wizard with the information above, we will create a Cloudflare Worker in your Cloudflare account. Since we are responsible for updating and maintenance of the Cloudflare Worker, please don't make any changes to the API Token or revoke it.
Cloudflare Worker will be named fingerprint-pro-cloudflare-worker-your-website-com, you will be able to see it in Cloudflare Workers Dashboard once it is deployed.
Fingerprint Pro JS agent configuration
Once the worker is deployed, you need to configure your client-side application accordingly. In this step, you can choose from a variety of frameworks, platforms, and approaches. You can always come back to App settings -> Integrations to find code snippets for different frameworks which reflect your Cloudflare configuration setup.
Code Snippets
Using Multiple Worker Routes
Cloudflare Integration uses Cloudflare Workers, which supports multiple routes. You can add more routes if you need to but don't change the original worker route and configuration created by Fingerprint.
Updated 9 days ago