May I ask what kind of IoT device are you running? Is it ESP32 or? Maybe some PLC like S7-1200? 
Over which port? 443 as HTTPS?
Does the IoT device has itself certificate already or you’ve added it via code?
Are you using any library(ies) for such case?
Using Atmel?
Without it, does it work okay?
Hi fritex,
Thanks for reading my post. I had trouble quoting your post so I will just answer your questions here.
My system is based on the Microchip SAMW25 xPlained Pro hardware and the ASF library. (So yes, since Microchip bought Atmel years ago to get their ARM solutions, it is Atmel. 
)
Yes, port 443.
I load the certificates through an API. Debugging at the WiFi module level within the SAMW25 indicates that SSL with TLS 1.2 is encrypting/decrypting just fine.
It works great with curl, but only on a Linux machine since the API key has characters that Windows doesn’t like.
Here is the curl command that works:
GET /api/live/flight-positions/full?bounds=50.682%2C46.218%2C14.422%2C22.243 HTTP/1.1
Host: fr24api.flightradar24.com
User-Agent: curl/7.81.0
Accept: application/json
Accept-Version: v1
Authorization: Bearer (private key deleted)
Thanks again.
Dave
Still trying to resolve this.
I have expectations that Cloudflare is blocking my IoT requests. Unfortunately, Cloudflare won’t look into this because I am not their customer, and my contact company hasn’t been able to determine which Cloudflare rule or their own rule which is causing the block.
If I curl I get a 301 Moved Permanently. But if I curl directly to an API at one site, I get 403 Forbidden. I don’t know if those are different rules causing the errors, or if the 301 is actually causing the 403.
I’ll keep pressing on.
OK, last post.
FlightRadar24 has told me they will not allow list my IP address and will not investigate rule changes to allow my IoT to work with the Cloudflare proxy.
I understand the need for rules to prevent spammers and bots. On the other hand, the rules will not remain secret forever and in the meantime Cloudflare is closing off a large segment (if not all) of products based on IoTs. Of course, that’s not just FlightRadar24, but every server behind the Cloudflare wall.
Sigh.
Our IoT devices connect to our own back end through Cloudflare with special rules (obviously to prevent things that aren’t our devices from connecting) over both HTTP/S and custom TCP/UDP services (using Cloudflare Spectrum) from cellular and fixed line connections and it all works flawlessly.
In your case, you appear to be trying to connect your device to a third-party provider. If the third party provider doesn’t want to allow you, or help you, to connect, that’s up to them.
Sounds right. Thanks. 