Skip to main content


After embedding the SDK into your webpage and having configured it, it will also need to send API requests. These API requests should arrive at the Wizenoze servers. However our servers will only process the requests if it includes a valid authentication key.


Non authorized request simply receive the HTTP status code 403 Forbidden. The components will not be able to receive any data. End-users will not be able to use the SDK.

How to authorise the API request?#

A reverse proxy, setup in your environment, intercepts the API request before it leaves your network environment.

The proxy authenticates the request by injecting an Authorisation Token. We provide your tech team with this token. The request can then proceed to the Wizeup servers where the authorisation token is validated.

The following diagram illustrates these steps. The reverse proxy is a very simple setup and we have numerous examples below of how to do this.

Reverse proxy

Reverse proxy setup#

The example below shows an NGINX configuration where the reverse proxy intercepts the request based on

By default the targetAPI version is /v4. Through the settings configuration it's possible to set a custom targetAPI value.

The request is then injected with an Authorisation Token. Now the request, including all of its original parameters, can is sent to the Wizenoze servers. Please use HTTPS for security and privacy.

// server.js
const express = require('express')const { createProxyMiddleware } = require('http-proxy-middleware')
const app = express()const { PORT = 1234 } = process.env
// check for API requests// inject the auth header// and proxy the request
const apiTarget = "/v4"; // Should match launch settings. Defaults to "/v4"
app.use(  apiTarget,  createProxyMiddleware({    target: '',    changeOrigin: true,    headers: {      Authorization: YOUR_AUTH_TOKEN,    },  }),)
// all other request return the static front-endapp.use(express.static('dist'))
app.listen(PORT, () => console.log('running on port: ', PORT))