The Customer's Canvas Proxy

Some of our JavaScript applications, like the Variable Data Printing tool, require working with the Customer's Canvas backend through the Web API, for example, generating preview images, etc. However, the Customer's Canvas Web API is not designed to be used from the front end.

For security reasons, it requires sending an API Key as a part of the HTTPS request. However, it would not be safe to do this from JavaScript, because you would have to expose your API. The Customer's Canvas Proxy solves this problem. It exposes its own Web API, which is used by our JS app to manipulate Customer's Canvas. When it receives a request (for example, to generate a preview for a particular piece of data), it resends the request to Customer's Canvas and adds the API key to it.

Is it secure?

You may wonder whether it is still secure - it only duplicates some of the Web API members of Customer's Canvas but does not require the API key.

Fortunately, it does not work with any sensitive API like user data or template manipulations, etc, so it is safe enough for most business's purposes. Moreover, if you want to make it better integrated into your system, you can request the source code and integrate your own user validation (for example, so that only a user logged into your system can use it).

Installation

  1. Download and install ASP.NET Core 2.1 if you have not already done so. You can use this link to download it: ASP.NET Core 2.1.
  2. After you install ASP.NET Core 2.1, it is necessary to either reboot the computer or run these commands in a command prompt:
    net stop was /y
    net start w3svc
    
  3. Create a folder on your web server and copy all files from the cc-proxy folder there.
  4. Open IIS Manager and add an Application Pool. Specify No managed code for the .NET CLR Version.
  5. Create an application for the folder with the CC Proxy files and assign the Application Pool created on the previous step to it.
  6. Give the Modify permissions to this folder.

After you run this application in IIS, you can call the /about endpoint. For example, if you installed this proxy at https://example.com/ccproxy, you should open https://example.com/ccproxy/about. If everything is ok, you will see the version number.

Configuration

To make it work properly, you need to specify where your Customer's Canvas editor is installed. To do this, open the appsettings.json file and modify the values in the CustomersCanvas section.

{
    "Configuration": {
        "CustomersCanvas": {
            "Url": "https://XXXXXXXXXXXXXX",
            "ApiKey": "XXXXXXXXXXXXXX"
        }
    },
    ...
}

This Url is the URL of your Customer's Canvas instance. The ApiKey should match the key that you specified for Customer's Canvas, as described in the Web API topic.

See Also

Manual