Authentication

After embedding the SDK into your webpage and having configured it, it will also need to send API requests. These API requests should arrive at the Wizenoze servers. However our servers will only process the requests if it includes a valid authentication key.

caution

Non authorized request simply receive the HTTP status code 403 Forbidden. The components will not be able to receive any data. End-users will not be able to use the SDK.

How to authorise the API request?

A reverse proxy, setup in your environment, intercepts the API request before it leaves your network environment.

The proxy authenticates the request by injecting an Authorisation Token. We provide your tech team with this token. The request can then proceed to the Wizeup servers where the authorisation token is validated.

The following diagram illustrates these steps. The reverse proxy is a very simple setup and we have numerous examples below of how to do this.

Reverse proxy setup

The example below shows an NGINX configuration where the reverse proxy intercepts the request based on api.wizeup.world/v4/.

By default the targetAPI version is /v4. Through the settings configuration it's possible to set a custom targetAPI value.

The request is then injected with an Authorisation Token. Now the request, including all of its original parameters, can is sent to the Wizenoze servers. Please use HTTPS for security and privacy.

NodeJS/JavaScript

/server.js

// server.js
const express = require('express')const { createProxyMiddleware } = require('http-proxy-middleware')
const app = express()const { PORT = 1234 } = process.env
// check for API requests// inject the auth header// and proxy the request
const apiTarget = "/v4"; // Should match launch settings. Defaults to "/v4"
app.use(  apiTarget,  createProxyMiddleware({    target: 'https://api.wizeup.world',    changeOrigin: true,    headers: {      Authorization: YOUR_AUTH_TOKEN,    },  }),)
// all other request return the static front-endapp.use(express.static('dist'))
app.listen(PORT, () => console.log('running on port: ', PORT))

NGINX

This NGINX example intercepts the apiTarget, which by default is /v4, and route requests to inject the authorization header.

NGINX configuration file

location / {    proxy_pass https://api.wizeup.world/v4/;
    proxy_set_header Authorization YOUR_AUTH_TOKEN;    proxy_hide_header Authorization;  }

IIS

Rewrite certain routes as they arrive on IIS

On your IIS instance navigate to the %SystemDrive%\inetpub\wwwroot\ folder and open the file Web.config.

Add the following in the rewrite section.

<rewrite>  <rules>    <rule name="Rewrite to Wizenoze" stopProcessing="true">      <match url="(.+)/v4" />      <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />      <action type="Rewrite" url="https://api.wizeup.world/v4" appendQueryString="true" />      <serverVariables>          <set name="HTTP_Authorization" value="YOUR_AUTH_TOKEN" />      </serverVariables>    </rule>  </rules></rewrite>

The rule uses the line <match url="(.+)/v4" /> to activate on any request with the keyword /v4 in it. All API requests from the SDK are made to the /v4 end point.

With <action type="Rewrite" url="https://api.wizeup.world/v4" appendQueryString="true" /> the configuration now indicates where the request should be sent to.

This request is now authenticated with:

    <serverVariables>        <set name="HTTP_Authorization" value="YOUR_AUTH_TOKEN" />    </serverVariables>

Note that with YOUR_AUTH_TOKEN here should be replaced with the authorization token that was provided.

---

Alternatively the GUI can be used to apply these settings as well. Start the "URL Rewrite" application and add a blank rule.

Source:

• https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module
• https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/setting-http-request-headers-and-iis-server-variables