Security Recommendations
Retrieve the analysis response and process it on the back end
Even though the analysis result is available to the host application via Web Plugin callbacks, it is recommended that the application back end receives it directly from Oz API. All decisions of the further process flow should be made on the back end as well. This eliminates any possibility of malicious manipulation with analysis results within the browser context.
To find your folder from the back end, you can follow these steps:
On the front end, add your unique identifier to the folder metadata.
You can add your own key-value pairs to attach user document numbers, phone numbers, or any other textual information. However, ensure that tracking personally identifiable information (PII) complies with relevant regulatory requirements.
Use the
on_complete
callback of the plugin to be notified when the analysis is done. Once used, call your back end and pass thetransaction_id
value.On the back end side, find the folder by the identifier you've specified using the Oz API
Folder LIST
method:To speed up the processing of your request, we recommend adding the time filter as well:
In the response, find the analysis results and
folder_id
for future reference.
Limit amount of the information sent to Web Plugin from the server
Web Adapter may send analysis results to the Web Plugin with various levels of verbosity. It is recommended that, in production, the level of verbosity is set to minimum.
In the Web Adapter configuration file, set the result_mode
parameter to "safe".
Last updated