Public Access & Tunnels

Cloud providers must reach your Faxbot API to fetch PDFs and deliver callbacks. When you are experimenting on a laptop, set up a temporary HTTPS tunnel; when you move to production, switch to a real domain behind TLS.

Quick helpers

  • Cloudflare Tunnel (cloudflared): free, persistent, HIPAA-friendly when terminated locally
  • ngrok: fast for demos; remember to lock scopes and rotate URLs frequently
  • Scripted helper: scripts/setup-phaxio-tunnel.sh spins up a tunnel, sets PUBLIC_API_URL, updates callback URLs, and restarts the API container if Docker is available

Manual steps

  1. Start your tunnel to http://localhost:8080
  2. Copy the generated HTTPS URL
  3. In the Admin Console Setup Wizard (Phaxio/SignalWire) or Settings → Backends, paste the URL when prompted
  4. Faxbot will derive the callback endpoint (<public>/phaxio-callback, <public>/signalwire-callback, etc.) automatically
  5. Use Diagnostics → Webhooks to verify reachability and signature status

Production checklist

  • Terminate TLS with a certificate you control (ACME, corporate PKI, etc.)
  • Enable ENFORCE_PUBLIC_HTTPS so Faxbot rejects insecure callback URLs
  • Keep provider-specific signing secrets enabled (Phaxio, Sinch, SignalWire)
  • Treat tunnel URLs as temporary; move to a proper domain before enabling PHI traffic

Need inbound receiving? Pair this guide with Settings → Storage to ensure PDFs are stored in encrypted buckets (S3/SSE-KMS or MinIO with TLS).

Copyright © 2024 Faxbot. Distributed under the MIT License.