Client
The purpose of the Client is to host a small server on the
user’s device (e.g. phone, laptop) to respond to requests for private
data. It listens on a local port, currently defaulted to
::8080
, and responds to these requests with a secure <iframe>
buffer that displays the data without allowing the website to read
it back to itself.
Note
For more information on how the secure <iframe>
buffers
work see Secure <iframe>.
API
GET /unsecure/data/<path>
An unsecure request to the client for data at a given path. The response is not the data itself, but an HTML document with an iframe which makes a secure request to retrieve the data.
Path Parameters
Parameter |
Required? |
Description |
Example |
---|---|---|---|
|
Required |
A jsonpath-style string prepended and appended by a period which represents the path of the data |
|
Query Parameters
Parameter |
Required? |
Description |
Default |
Example |
---|---|---|---|---|
|
Optional |
A URL-encoded CSS block meant to style the displayed data. The HTML to style can be found here. |
|
|
|
Optional |
A boolean indicating whether the data will be displayed in an editable form field. If |
|
|
|
Required |
specifies the type of data to expect; this is particularly useful when creating new data that does not yet have a type. The value can be one of:
|
|
|
|
Optional |
the URL endpoint to which a |
|
|
|
Optional |
A base64-encoded and URL-encoded message which the editable Redact field will send to the parent page after data is successfully submitted. Refer to JS Messaging for more details. |
|
|
|
Optional |
A base64-encoded and URL-encoded message which a displayed Redact field will prepend to the pixel height of the rendered data, then send to the parent page. This can be used to dynamically adjust the height of a redact iframe on a web page based on the size of the rendered data. |
|
GET /secure/data/<path>/<token>
An secure request to the client for data at a given path. The response is and HTML document displaying the contents of the data.
Header Parameters
Header Name |
Required? |
Description |
---|---|---|
|
Required |
The session ID is used internally by the Client to associate the request with a session in its session store. |
Path Parameters
Parameter |
Required? |
Description |
Example |
---|---|---|---|
|
Required |
A jsonpath-style string prepended and appended by a period which represents the path of the data |
|
|
Required |
A random, 256-bit, upper-case alphanumeric CSRF token that is generated and used internally by the Client |
Query Parameters
Note
These query parameters are identical to those of GET /data/<path>
and are typically automatically included in this request by the Client.
Parameter |
Required? |
Description |
Default |
Example |
---|---|---|---|---|
|
Optional |
A URL-encoded CSS block meant to style the displayed data. The HTML to style can be found here. |
|
|
|
Optional |
A boolean indicating whether the data will be displayed in an editable form field. If |
|
|
|
Required |
specifies the type of data to expect; this is particularly useful when creating new data that does not yet have a type. The value can be one of:
|
|
|
|
Optional |
the URL endpoint to which a |
|
|
|
Optional |
A base64-encoded and URL-encoded message which the editable Redact field will send to the parent page after data is successfully submitted. Refer to JS Messaging for more details. |
|
POST /secure/data/<token>
A secure request to the client to update existing data or create new data at a given path.
Header Parameters
Header Name |
Required? |
Description |
---|---|---|
|
Required |
The session ID is used internally by the Client to associate the request with a session in its session store. |
|
Required |
|
Path Parameters
Parameter |
Required? |
Description |
Example |
---|---|---|---|
|
Required |
A random, 256-bit, upper-case alphanumeric CSRF token that is generated and used internally by the Client |
Query Parameters
Parameter |
Required? |
Description |
Default |
Example |
---|---|---|---|---|
|
Optional |
A URL-encoded CSS block meant to style the displayed data. The HTML to style can be found here. |
|
|
|
Optional |
A boolean indicating whether the data will be displayed in an editable form field. If |
|
|
|
Optional |
the URL endpoint to which a |
|
Body Parameters
Parameter |
Required? |
Description |
Example |
---|---|---|---|
|
Required |
a jsonpath-style string prepended and appended by a period |
|
|
Required |
The value of the data being submitted |
|
|
Required |
Specifies the type of data to expect; this is particularly useful when creating new data that does not yet have a type. The value can be one of:
|
|
POST /proxy
Retrieves the response of a GET request to a given URL, which is made via the
client with mutual TLS. The root domain of the URL requested must match the
root domain of the request’s Origin
header value. For more information on
how to use the Proxy API, see User Sessions.
Header Parameters
Header Name |
Required? |
Description |
---|---|---|
|
Required |
|
|
Required |
Must be: |
Body Parameters
Parameter |
Required? |
Description |
Example |
---|---|---|---|
|
Required |
The URL to which to make a GET request |
|