Cloudflare Proxy Integration Manual Setup (Deprecated)
Fingerprint Pro JS agent v3.6.0 or later is required.
Recommendations and requirements
This document covers the manual setup of Cloudflare Integration. If your website already uses Cloudflare, we reccommend using the automated installation wizard instead.
If your website is not behind Cloudflare, you can use this manual guide to host the proxy Cloudflare worker on a subdomain — as long as your domain DNS is managed on Cloudflare and the worker subdomain is proxied.
Fingerprint Pro Cloudflare Integration consists of three fundamental parts:
- Fingerprint Pro infrastructure,
- Cloudflare worker,
- Fingerprint Pro JS agent.
Fingerprint Pro infrastructure creates a Cloudflare Worker that's available on the specific path on your site. The rest of your site is not affected.
Cloudflare worker registered on a specific path
Cloudflare worker code is 100% open-source and available on GitHub. Once the Fingerprint Pro JS agent is configured on your site correctly, the worker is responsible for delivering the latest fingerprinting client-side logic as well as proxying identification requests and responses between your site and Fingerprint Pro's APIs.
The benefits of using the Cloudflare Integration
- Significant increase to accuracy in browsers with strict privacy features such as Safari or Firefox.
- Cookies are now recognized as “first-party.” This means they can live longer in the browser and extend the lifetime of visitorIds.
- Ad blockers will not block our Fingerprint Pro JS agent from loading. Attempts to connect to an external URL will be stopped by most ad blockers while attempts to connect to the same site URL will be allowed.
- Ad blockers will not block our identification requests since they are sent to the specific path or subdomain that belongs to the same site.
- Insight and control over the identification requests that can be combined with other Cloudflare features like WAF or Analytics.
- With the CF Integration, you can manage an unlimited number of subdomains and paths and provide Fingerprint Pro services to all your customers at any scale while benefiting from all the 1st-party integration improvements.
- Easy to meet compliance and auditing requirements.
- Improved performance without the need to do the TLS handshakes.
Setup process
The process consists of two steps. One needs to set up worker creation together with our support at [email protected]. Afterwards, the Fingerprint Pro JS agent on the site needs to be configured to communicate with the worker.
Prerequsities
Cloudflare Integration makes use of the Cloudflare Workers Custom Routes feature. Therefore, your site needs to be added to Cloudflare and needs to be proxied (not DNS-only) through Cloudflare.
1. Cloudflare worker setup
Our support team needs the following information about your Cloudflare subscription:
- Cloudflare API Token,
- Cloudflare Account ID,
- Cloudflare Zone ID,
- site domain (or subdomain),
- Fingerprint Pro subscription.
| Name | Examples | Short description |
|---|---|---|
| Cloudflare API Token | YQSnnxWAQiiEh9qM58wZNnyQS7FUdoqGIUAbrh7T | API Token generated from the Cloudflare's User Profile 'API Tokens' page |
| Cloudflare Account ID | 88e2a7348d589a61edd0918e57fb136f | The account ID obtained from the Cloudflare Dashboard |
| Cloudflare Zone ID | cd7d0123e3012345da9420df9514dad0 | The zone ID obtained from the Cloudflare Dashboard |
| Site domain (or subdomain) | yourwebsite.com, fp.yourwebsite.com | The domain that will be part of the CF Worker's publicly accessible URL |
| Fingerprint Pro subscription | sub_2oxsc5UuxTAYTC | Subscription (or application) ID obtained from the Cloudflare Dashboard |
Cloudflare API Token
The API Token is required to deploy workers. Go to the API Tokens page, select Create Custom Token, and follow the steps bellow.
- Type "fingerprint.com" in the name field.
- Add Account > Workers Scripts > Edit permission.
- Add Zone > Workers Routes > Edit permission.
- Select the account in the Account Resources.
- Select Specific zone > yourwebsite in the Zone Resources.
- Add IP Filtering > 3.23.16.20.
- Do not set any TTL.
Worker on subdomain
If you want to use Cloudflare Worker on a subdomain, make sure there is a DNS record for the subdomain.
API Token Creation Form
In the next step, you should see summary and then Create Token.
API Token Summary
API Token Safety
When creating an API Token, it is considered best practice to grant it as few privileges as possible. In the example above, the API Token has permissions to only manage workers in your account. Fingerprint Pro will use your API Token for managing the Fingerprint Pro Cloudflare Worker and nothing else.
Fingerprint always encrypts customer data, including API tokens and configuration items. This guarantees that the data we get from our customers is securely transmitted and stored. The Client IP Address Filtering functionality adds an additional layer of security. Whitelisting our public Cloudflare service IP address ensures that the API Token can only be used by Fingerprint services and no one else.
Cloudflare Account ID
The Account ID is required to deploy workers. Go to Cloudflare Workers and copy the Account ID.
Cloudflare Zone ID:
The Zone ID is required to deploy Cloudflare Worker on a domain that belongs to site. Go to Cloudflare Dashboard, select the website, copy the Zone ID.
Site domain
We need the site domain to create the Cloudflare Worker for this site.
Site subdomain (optional)
If you want us to create the Cloudflare Worker on a subdomain, create a DNS record in Cloudflare dashboard. Include this subdomain when contacting us.
Fingerprint Pro subscription
You can find list of your subscriptions in the dashboard.
Worker deployment
When you provide us with the information above, we will create a Cloudflare Worker in your Cloudflare account. Since we are responsible for updating and maintenance of the Cloudflare Worker, please don't make any changes to the API Token or revoke it.
Cloudflare Worker will be named fingerprint-pro-cloudflare-worker-yourwebsite, you will be able to see it in Cloudflare Workers Dashboard once it is deployed.
2. Fingerprint Pro JS agent configuration
When the worker is deployed, our support will provide instructions about the Fingerprint Pro JS agent configuration. Let us know if you use CDN, NPM, or any of our libraries. We will provide you with instructions on how to set up the agent.
Before you use it in production, we recommend testing it in your staging environment.
Using Multiple Worker Routes
Cloudflare Integration uses Cloudflare Workers, which supports multiple routes. You can add more routes if you need to but don't change the original worker route and configuration created by Fingerprint.
This integration requires a pre-paid annual contract
It's not available for free-tier or monthly self-service customers.
Please contact [email protected] if you have any questions.
Updated 6 months ago