Hi @Alpha the short answer is no, it doesn't have to be public facing.
Azure Fluid Relay currently doesn't offer direct support for private connections via Azure Private Link like other Azure services such as Azure Relay. However, your data remains secure during communication with Azure Fluid Relay even though it uses a public endpoint.
Azure Fluid Relay utilizes HTTPS for communication, ensuring encrypted data transfer between your application and the service. Fluid Relay employs JSON Web Tokens (JWT) for authorization and authentication. JWTs verify the legitimacy of requests and ensure only authorized users can access your data. While a private connection isn't available yet, you can leverage the built-in security mechanisms of Azure Fluid Relay for a safe communication channel. See more in this Azure doc: https://zcusa.951200.xyz/en-us/azure/azure-fluid-relay/concepts/authentication-authorization
Best,
Grace