- A backend proxy can be useful if you need to inspect and persist activity results. For example: if your users are creating wallets, you might want to persist the addresses. If your users are signing transactions, you might want to broadcast on their behalf.
- Another reason why a backend server could be beneficial is monitoring, feature toggles, and validation: with a proxy you’re able to control which requests are proxied and which aren’t. You can also perform additional validation before signed requests are forwarded to 0xkey.
- POSTing signed requests directly from your app frontend to 0xkey saves you the burden of running a proxy server, and takes you out of the loop so that your end-users interact directly with 0xkey. This is a “hands-off” approach that can work well if you want to give your end-users maximum flexibility and ownership over their sub-organization.
Authentication
Proxying signed requests
0xkey has an open CORS policy for its public API. This means your frontend can choose to POST sign requests straight to https://api.0xkey.io. Your frontend can also choose to forward the requests via a backend server (which POSTs the signed request to 0xkey).
How should you decide what to do? Here are some considerations: