-
Notifications
You must be signed in to change notification settings - Fork 1
Additional Information for Backend Integrations
Requests issued directly from the user's browser contain a number of useful data points, namely User-Agent and X-Forwarded-For. These are necessary for Constructor.io to understand the origin of requests to adequately ensure DDOS prevention.
The constructor token also plays an important role to help us identify requests to ensure it is originating from an actual customer and not a malicious user. If the token is not supplied with each request, it is highly likely that the requests to our server will get throttled.
In order to power personalization, an anonymous user identifier and session identifier are stored in the users browser and automatically transmitted with requests in a front-end integration. In a back-end integration, these values will need to be read from cookies and transmitted with requests.
In summary, here are the fields that should be sent with all requests originating server side (back-end integrations):
- Client ID & Session ID (Mandatory)
- The client and session id parameters live in the browser's cookies and are sent along with all requests. You should be able to grab them from the
ConstructorioID_client_idandConstructorioID_session_idcookies, respectively
- The client and session id parameters live in the browser's cookies and are sent along with all requests. You should be able to grab them from the
- User ID (Mandatory for logged-in users)
- A unique internal identifier for a logged-in user. Used for cross device personalization.
- Forwarded For (Mandatory)
- Containing the IP of the origin request from the users browser.
- Constructor Token (Mandatory)
- A unique string supplied by Constructor to be transmitted with requests originating from the back-end. This value should be treated as sensitive information and never exposed client side.
- Host (Mandatory)
- Requests must also be pinned to a single data center. In order to do this, we’ll provide a specific host which you’ll use to interact with Constructor’s API. That is, all calls will be sent to
https://[subdomain].cnstrc.com, where[subdomain]is a string that will be provided to you by your integrations engineer. Note, this does not apply to calls to update catalogs.
- Requests must also be pinned to a single data center. In order to do this, we’ll provide a specific host which you’ll use to interact with Constructor’s API. That is, all calls will be sent to
- User Agent
- Containing the User-Agent of the origin request from the users browser
The request domain and constructor token are set during the instantiation of the Java client. Here's an example of how that looks like:
ConstructorIO constructor = new ConstructorIO("tok_12345678", "key_0987654", true, "subdomain.cnstrc.com", "x-cnstrc-token-85927ad98f0a82as14")Information about the user will live in the UserInfo objects. Here is an example on how to create one and set the different properties:
// Setting the session and client id (The session id should be an integer)
UserInfo userInfo = new UserInfo(5, "client-id-1123123");
// Setting the user id (for logged in users)
userInfo.setUserId("user-id-1A8r9c663D7C")
// Setting the forwarded for (this should be the IP the request originated from)
userInfo.setForwardedFor("30.19.91.1")
// Setting the user agent
userInfo.setUserAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36")
// Making a request with the user info
SearchResponse response = constructor.search(request, userInfo);