- Use Cases
- Developer Community
- Social Media
If you plan to build a client application with xServer internet, you should consider the different architecture styles for this kind of applications:
The clients need access to the internet. This may not be the case for some enterprise environments.
It requires CORS. While xServer internet fully supports CORS (=Cross Origin Resource Sharing), the requirement for CORS may cause problems with some browsers or firewalls.
The xServer internet token is exposed to the client. While the xServer internet token cannot be used to login to the customer center, you may want to prohibit the sniffing of the token.
A technique to handle the problems for direct access is to "proxy" the xServer requests through your application middleware. Because all request are using the same origin then, you won't get any problems with CORS. Another benefit is that you can use your own authentication and inject the token for xServer internet in your middleware. So the client cannot get hold of the token.
For ASP.NET, you can add a generic xServer-handler to inject your token. See here
for a reference implementation.
i. headers_module (arround line 118)
ii. proxy_module (around line 140)
iii. proxy_html_module (around line 148)
iv. proxy_http_module (around line 149)
v. ssl_module (around line 171)
vi. xml2enc_module (around line 180)
<VirtualHost *:80> # enable SSL/TLS Protocol Engine for proxy SSLProxyEngine On <Location /xmap> # The text after "Basic " is "xtok:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" base64-encoded RequestHeader set Authorization "Basic eHXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXjQ=" ProxyPass https://api-eu.cloud.ptvgroup.com/xmap ProxyPassReverse https://api-eu.cloud.ptvgroup.com/xmap </Location> <Location /WMS> # your xerver internet token RequestHeader set xtok "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" ProxyPass https://api-eu.cloud.ptvgroup.com/WMS ProxyPassReverse https://api-eu.cloud.ptvgroup.com/WMS </Location> <Location /xlocate> # The text after "Basic " is "xtok:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" base64-encoded RequestHeader set Authorization "Basic eHXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXjQ=" ProxyPass https://api-eu.cloud.ptvgroup.com/xlocate ProxyPassReverse https://api-eu.cloud.ptvgroup.com/xlocate </Location>