Why Headers Matter and How Reverse Proxies May Alter Them
A reverse proxy is a server that sits in front of web servers. It is responsible for intercepting and forwarding client requests (for example, browser’s request) to the web server. Once the web server responds to the proxy, the resources returned to the client appear as if they originated from the web server itself. Usually, reverse proxies are used to help with increasing security, performance, and reliability of offered services. Some of the most commonly reverse proxies include solutions offered by, for example, NGINX, Cloudflare, or Akamai.
Customers that deploy the Cloudentity platform themselves, may want to set up a reverse proxy that will sit in front of the platform and will forward client requests to Cloudentity.
Because a reverse proxy intercepts and forwards the requests to the Cloudentity platform, it is critical for the proxy to correctly forward request headers to Cloudentity in order to keep all of the platform’s functionalities and features working properly. For example, some of the reverse proxies could provide Cloudentity with the IP address of the proxy itself instead of the IP address of the client requesting resources from the platform. Such practice could falsify, for example, the audit events data.
To keep Cloudentity working up to its full potential, make sure that all the headers listed in the tables below are forwarded or set properly by your reverse proxy.
Expected Custom Request Headers Reference
||End user’s IP address, for example, 18.104.22.168|
||Comma-separated list of IP addresses, for example, 22.214.171.124,126.96.36.199,188.8.131.52|
Expected FAPI/Openbanking Request Headers Reference
|x-fapi-auth-date||Indicates the last time a customer logged into the client.||
|x-fapi-customer-ip-address||The customer’s IP address if the customer is currently logged in within the third party provider’s application.||
|x-fapi-interaction-id||A RFC4122 UUID to the server to help correlate log entries between the client and the server.||
|x-customer-user-agent||Used in UK Open Banking the header indicates the user-agent the customer is using.||
|x-jws-signature||Contains a detached JWS signature of the body of the payload||
|x-idempotency-key||Unique request identifier to support idempotency. Used in UK Open Banking||
|x-v||Used in Consumer Data Right. Version of the API end point requested by the client. Must be set to a positive integer.||