Security Recommendations

Retrieve the analysis response and process it on the back end

Even though the analysis result is available to the host application via Web Plugin callbacks, it is recommended that the application back end receives it directly from Oz API. All decisions of the further process flow should be made on the back end as well. This eliminates any possibility of malicious manipulation with analysis results within the browser context.
To find your folder from the back end, you can follow these steps:
  1. 1.
    On the front end, add your unique identifier to the folder metadata:{
    meta: {
    'transaction_id': '<unique_id1>'
  2. 2.
    Use the on_complete callback of the plugin to be notified when the analysis is done. Once used, call your back end and pass the transaction_id value.
  3. 3.
    On the back end side, find the folder by the identifier you've specified using the Oz API Folder LIST method:
  4. 4.
    In the response, find the analysis results and folder_id for future reference.

Limit amount of the information sent to Web Plugin from the server

Web Adapter may send analysis results to the Web Plugin with various levels of verbosity. It is recommended that, in production, the level of verbosity is set to minimum. In the Web Adapter configuration file, set the result_mode parameter to "safe".
"result_mode": "safe"