When using Cloudflare or other firewall services, FunnelKit Automations endpoints may encounter a 403 Forbidden error due to the security challenges these services impose.
This can prevent successful API requests to the endpoints.
In this guide, we’ll walk you through the steps needed to whitelist these endpoints and configure your firewall to avoid caching issues.
Whitelisting FunnelKit Automations Endpoints in Cloudflare
Taking Cloudflare as an example, follow these steps:
Step 1: Access the Cloudflare dashboard
Log in to your Cloudflare account and navigate to the domain where FunnelKit Automations is set up.

You’ll be directed to the Cloudflare dashboard.
Step 2: Configure page rules
Make sure you’ve added your website to Cloudflare.
Next, navigate to Rules ⇨ Page Rules and click on the Create Page Rule button.

Enter the endpoint URL with (*) and configure the following options:
- Disable browser integrity check
- Bypass the cache level

Make sure to hit the Save and Deploy Page Rule button when done.
Here are a few more endpoints to add:
*example.com/wp-json/autonami-app/*
*example.com/wp-json/woofunnels/*
*example.com/wp-json/autonami/*
*example.com/wp-json/funnelkit-automations/*
👉 Replace example.com with your domain name.
Once done, Cloudflare should no longer block or cache requests to FunnelKit Automations endpoints.
Step 3: Configure security rules
In the Security Rules tab, to create a new rule, hit the + Create Rule option.

Next, set the Rule name and provide the endpoints for “When incoming requests match”
You can also use the Expression shown below:
(http.request.uri.path contains "/wp-json/woofunnels/") or (http.request.uri.path contains " /wp-json/autonami-app/") or (http.request.uri.path contains "/wp-json/autonami/") or (http.request.uri.path contains "/wp-json/funnelkit-automations/")
Next, for Choose Action, select “Skip”
For WAF components to skip check the following options
- All remaining custom rules
- All rate limiting rules
- All manadod rules.
- All Super Bot Fight Mode Rules
- User Agent Blocking
- Browser Integrity Check
- Hotlink Protection
- Security Level
You can keep the “Place at” setting as it is.

Make sure to hit Save.
Step 4: Configure Caching Rules
To set up Cache rules, navigate to Caching ⇒ Cache Rules and hit + Create Rule.

Next, provide a name.
For the Incoming Request Match, select the field URI Path and set the condition to contains. Then, create four alternative fields using the OR operator, and add the corresponding entry points.
Here are the endpoints
- /wp-json/autonami-app/
- /wp-json/woofunnels/
- /wp-json/autonami/
- /wp-json/funnelkit-automations/
You can also use the Expression preview shown below
(http.request.uri.path contains "/wp-json/autonami-app/") or (http.request.uri.path contains "/wp-json/woofunnels/") or (http.request.uri.path contains "/wp-json/autonami/") or (http.request.uri.path contains "/wp-json/funnelkit-automations/")
Next, for Cache eligibility, select “Bypass Cache”
Finally hit Deploy.

Additional Firewall Plugins
If you’re using other firewall plugins (e.g., Wordfence, Sucuri, Jetpack, etc.), similar whitelisting may be necessary to avoid the 403 errors.
Each firewall plugin has its own method of whitelisting URLs, so consult their documentation.
You may want to whitelist these specific FunnelKit Automations endpoints individually if full wildcard whitelisting isn’t desirable.
Exclude Pages from Caching
Some FunnelKit pages, like confirmation or subscribe pages, may require separate caching rules.
For that, you need to exclude these pages from caching:
- Create a separate Cloudflare Page Rule for specific URLs like https://example.com/subscribe-page/ and set Cache Level to No Cache.
- Save the rule to ensure these pages remain uncached and always display the most up-to-date content.
Test your FunnelKit Automations endpoints after applying these changes to confirm they’re no longer blocked or cached by Cloudflare or firewall plugins.
Repeat similar steps for any additional firewall plugins by whitelisting specific endpoints.