Starting **February 1st 2026 10:00 AM UTC**, our production API servers will be fronted by Cloudflare.
This transition aims to enhance our overall security posture by leveraging Cloudflare’s advanced DDoS protection and Web Application Firewall (WAF) capabilities.
WHAT TO EXPECT
We do not anticipate any service disruptions, and for most users, *no action is required*. This change has already been successfully deployed to our sandbox environment (https://api-sandbox.getdefacto.com). If you have not experienced issues with the sandbox environment, it is highly likely your production integration will remain unaffected.
TECHNICAL CHANGES TO REVIEW
Please review the following details to ensure your systems remain compatible:
- The TLS certificates for Defacto’s API endpoints will change from AWS-issued certificates to Google Trust Services certificates. If your application utilizes TLS certificate pinning, you must update your configuration to avoid connection failures.
- IP addresses of api.getdefacto.com will change to Cloudflare’s anycast addresses. If you currently allowlist our API servers’ IP addresses, please update your configuration with the information provided by Cloudflare at https://www.cloudflare.com/en-gb/ips/.