Passthrough-Proxy

In order to further enhance the security of your app and make sure no IP addresses of the end-users are exposed to Appelium, we provide a possibility to route all AppeliumFeedback SDK traffic through your own servers. This ensures that the IP address of end-users is only exposed to a server you control.

Enabling Passthrough-Proxy mode in SDKs

iOS and tvOS

AppeliumFeedback.start(
    apiKey: <#api key#>,
    networkMonitoring: .enabled,
    proxy: .enabled(
        passthroughProxyUrl: URL(string: "https://my.server.com/appelium-proxy/")!
    )
)

Android

AppeliumFeedback.start(
    apiKey = <#api key#>,
    application = this,
    networkMonitoring = NetworkMonitoringConfiguration.Enabled(),
    proxy = ProxyConfiguration.Enabled(
        passthroughProxyUrl = URL("https://my.server.com/appelium-proxy/")
    )
)

Verifying Passthrough-Proxy mode in SDKs

After you have enabled it, you can see the SDK prints a small log in the console, which confirms that the Proxy-Pass mode has been enabled:

AppeliumFeedback: Using passthrough proxy: "https://my.server.com/appelium-proxy/"

Implementing Passthrough-Proxy on your backend

In general the implementation of proxy on your server is very simple, but the final code will largely depend on the programming language and framework you use.

Here is an implementation example in pseudo code assuming that the endpoint is deployed at this URL: https://my.server.com/appelium-proxy/.

// Handler matching any HTTP method. Path matching using trailing wildcard: "/appelium-proxy/*"
handleAppeliumRequest(originalRequest) {

    // 1. Construct the new URL by replacing the URL of this endpoint with Appelium URL.
    //
    // For example, the URL would be changed like this:
    // BEFORE: https://my.server.com/appelium-proxy/v1/applicationMetrics
    // AFTER:  https://api.appelium.com/v1/applicationMetrics
    var newUrl = originalRequest.path.replace("https://my.server.com/appelium-proxy/", "https://api.appelium.com/")

    // 2. Make an HTTP call against the newUrl using the original method, headers and the body
    httpClient.call(newUrl, originalRequest.method, originalRequest.headers, originalRequest.body)
}

Tip

If it is not possible to do a wildcard matching for all HTTP methods, it is enough to support GET and POST.

Authentication

The calls to Appelium servers are already authenticated using API key that is passed to the SDK during it's initialization. For this reason, make sure the implementation of the Passthrough-Proxy preserves and forwards all original headers (including their values), otherwise the forwarded requests might be rejected by Appelium servers as unauthorized (401).

For more information about SDK integration, check the following guides:

• Appelium Feedback for iOS
• Appelium Feedback for tvOS
• Appelium Feedback for Android