LogoLogo
  • Introduction to Unizen
    • Unizen Overview
      • Unizen Liquidity Distribution Mechanism (ULDM)
        • ULDM Performance
      • Unizen Interoperability Protocol (UIP)
        • LayerZero
        • DeBridge
        • Stargate
        • Celer
        • Axelar
        • Thorchain
    • Unizen Dashboard
      • General
      • Portfolio
      • History
    • Unizen Trade
      • Fees
    • Unizen Explore
      • Unizen Omni-Chain Data Pool
    • Unizen Earn
  • ZCX
    • Token Utility
    • Tokenomics
  • API - Introduction
    • Introduction
    • Before you get started
      • Understanding Price Impact and Price Slippage in Token Swaps
      • Token Allowance Management for Non-updatable Allowance Tokens
      • Tokens with taxes
      • Wrapping and Unwrapping Native Tokens
      • Quote expiration deadline
    • Security Best Practices for Integrating Unizen
      • Why disable CORS
      • How to integrate with a reverse proxy
    • Version 2 of our smart contracts
      • Migration to smart contract v2
  • API - GET STARTED
    • QuickStart guide
    • Swagger
    • Information endpoints
      • GET /trade/v1/info/chains
      • GET /trade/v1/info/sources
      • GET/v1/info/cross-providers
      • GET /trade/v1/info/token/search
      • GET /v1/info/token/popular
      • GET /trade/v1/info/token/{chainId}/{tokenAddress}
      • GET /trade/v1/info/tokenLogo/{chainId}/{tokenAddress}
      • GET /info/thorchain-inbound-address
      • GET /trade/v1/info/tx/{txHash}
      • GET /trade/v1/info/trade/{chainId}/{txHash}
      • GET /trade/v1/info/trades
    • Approval
      • GET /trade/v1/{chainId}/approval/spender
      • GET /trade/v1/{chainId}/approval/transaction
      • GET /trade/v1/{chainId}/approval/allowance
    • Single-Chain Swap
      • GET /trade/v1/{chainId}/quote/single
      • GET /trade/v1/{chainId}/swap/single
      • Send transaction in evm chains
      • Send transaction in Solana
    • Cross-Chain Swap
      • GET /trade/v1/{chainId}/quote/cross
      • GET /trade/v1/{chainId}/swap/cross
      • Send transaction
    • Gasless orders
      • POST /trade/v1/gasless/typed-data
      • POST /v1/gasless/estimate
      • POST /v1/gasless/create
      • POST /v1/gasless/cancel
      • GET /trade/v1/gasless/status/{orderId}
      • GET /v1/gasless/orderByAddress/{address}
    • UTXO Assets and Cosmos Swap
      • GET /trade/v1/{chainId}/quote/cross 1
      • GET /trade/v1/{chainId}/swap/cross
      • Sending transactions
    • Efficient Quote Retrieval with Batch Processing
      • GET /trade/v1/{chainId}/batch_quote/single
    • Error Messages
  • GASLESS TRADES
    • Obtaining gasless quotes
    • Gas estimation
    • Executing the trade
    • Following the orders
  • On-Chain Contracts - Get Started
    • Integration with Unizen Contracts for Token Swapping
    • Registering Errors on Smart Contract Calls
  • PERMIT2
    • What is Permit2?
    • Usage in our api
  • WIDGET - Get Started
    • Embed the Unizen Widget
    • Playground
  • Other
    • Smart Contracts
    • Security Audits
    • Roadmap
  • links
    • Unizen
    • Marketing Website
    • Medium
    • Twitter
    • Discord
    • Telegram
Powered by GitBook
On this page

Was this helpful?

  1. API - Introduction
  2. Security Best Practices for Integrating Unizen

Why disable CORS

1. Protection Against Direct Requests:

CORS is designed to control how web pages in one domain can request resources from another domain. By disabling CORS, we prevent direct requests to our API endpoints from web pages or applications hosted on different domains. This restriction is intentional to minimize the risk of unauthorized access and potential misuse of sensitive data.

2. Forcing the Use of Reverse Proxy:

Disabling CORS acts as a deliberate measure to encourage integrators to adopt a reverse proxy approach. Instead of making direct requests from client-side applications, integrators are prompted to route their API requests through a reverse proxy. This adds an extra layer of security by hiding API keys and minimizing exposure to potential security threats.

The Role of Reverse Proxy:

1. Concealing API Keys:

A reverse proxy serves as an intermediary between client applications and API servers. By utilizing a reverse proxy, API keys are hidden from direct exposure to client-side code, mitigating the risk of key compromise and unauthorized access.

2. Centralized Security Control:

Leveraging a reverse proxy allows for centralized security controls. Security configurations, including key handling and access policies, can be managed and monitored from a single point. This centralization streamlines security management, reducing the likelihood of misconfigurations.

3. Enhanced Monitoring and Logging:

Reverse proxies provide robust monitoring and logging capabilities for API traffic. Integrators can benefit from comprehensive logs, gaining insights into usage patterns and potential security threats. This enhanced visibility ensures timely detection and response to any suspicious activities.

PreviousSecurity Best Practices for Integrating UnizenNextHow to integrate with a reverse proxy

Last updated 7 months ago

Was this helpful?