Client

The purpose of the Client is to host a small server on the user’s device (e.g. phone, laptop) to respond to requests for private data. It listens on a local port, currently defaulted to ::8080, and responds to these requests with a secure <iframe> buffer that displays the data without allowing the website to read it back to itself.

Note

For more information on how the secure <iframe> buffers work see Secure <iframe>.

API

`GET /unsecure/data/<path>`

An unsecure request to the client for data at a given path. The response is not the data itself, but an HTML document with an iframe which makes a secure request to retrieve the data.

Path Parameters

Parameter	Required?	Description	Example
`path`	Required	A jsonpath-style string prepended and appended by a period which represents the path of the data	`.someObj.someVal.`

Query Parameters

Parameter	Required?	Description	Default	Example
`css`	Optional	A URL-encoded CSS block meant to style the displayed data. The HTML to style can be found here.		`iframe%7Bborder%3Anone%3B%7D`
`edit`	Optional	A boolean indicating whether the data will be displayed in an editable form field. If `true`, the value will be displayed in a submittable input box appropriate for its data type.	`false`	`true`
`data_type`	Required	specifies the type of data to expect; this is particularly useful when creating new data that does not yet have a type. The value can be one of: `Bool` `U64` `I64` `F64` `String` `Media` A Binary file that can be rendered in the browser. Currently supported file types are: `image/jpeg` `image/png` `image/gif` `image/apng` `image/avif` `image/svg+xml` `image/webp` `video/mpeg` `video/mp4`		`String`
`relay_url`	Optional	the URL endpoint to which a `POST` HTTP request will be sent upon submission of editable data. This would typically be a URL controlled by the host of the Redact-enabled website and used for internal bookkeeping.		`https://foo.com/redact/relay`
`js_message`	Optional	A base64-encoded and URL-encoded message which the editable Redact field will send to the parent page after data is successfully submitted. Refer to JS Messaging for more details.		`Y3JlYXRlZA%3D%3D`
`js_height_msg_prefix`	Optional	A base64-encoded and URL-encoded message which a displayed Redact field will prepend to the pixel height of the rendered data, then send to the parent page. This can be used to dynamically adjust the height of a redact iframe on a web page based on the size of the rendered data.		`aGVpZ2h0Oi5hYmMuOg%3D%3D`

`GET /secure/data/<path>/<token>`

An secure request to the client for data at a given path. The response is and HTML document displaying the contents of the data.

Header Parameters

Header Name	Required?	Description
`Cookie sid`	Required	The session ID is used internally by the Client to associate the request with a session in its session store.

Path Parameters

Parameter	Required?	Description	Example
`path`	Required	A jsonpath-style string prepended and appended by a period which represents the path of the data	`.someObj.someVal.`
`token`	Required	A random, 256-bit, upper-case alphanumeric CSRF token that is generated and used internally by the Client

Query Parameters

Note

These query parameters are identical to those of GET /data/<path> and are typically automatically included in this request by the Client.

Parameter	Required?	Description	Default	Example
`css`	Optional	A URL-encoded CSS block meant to style the displayed data. The HTML to style can be found here.		`iframe%7Bborder%3Anone%3B%7D`
`edit`	Optional	A boolean indicating whether the data will be displayed in an editable form field. If `true`, the value will be displayed in a submittable input box appropriate for its data type.	`false`	`true`
`data_type`	Required	specifies the type of data to expect; this is particularly useful when creating new data that does not yet have a type. The value can be one of: `Bool` `U64` `I64` `F64` `String` `Media` A Binary file that can be rendered in the browser. Currently supported file types are: `image/jpeg` `image/png` `image/gif` `image/apng` `image/avif` `image/svg+xml` `image/webp` `video/mpeg` `video/mp4`		`String`
`relay_url`	Optional	the URL endpoint to which a `POST` HTTP request will be sent upon submission of editable data. This would typically be a URL controlled by the host of the Redact-enabled website and used for internal bookkeeping.		`https://foo.com/redact/relay`
`js_message`	Optional	A base64-encoded and URL-encoded message which the editable Redact field will send to the parent page after data is successfully submitted. Refer to JS Messaging for more details.		`Y3JlYXRlZA%3D%3D`

`POST /secure/data/<token>`

A secure request to the client to update existing data or create new data at a given path.

Header Parameters

Header Name	Required?	Description
`Cookie sid`	Required	The session ID is used internally by the Client to associate the request with a session in its session store.
`Content-Type`	Required	`x-www-form-urlencoded`: For types other than `Media` `multipart/form-data`: For the `Media` data type.

Path Parameters

Parameter	Required?	Description	Example
`token`	Required	A random, 256-bit, upper-case alphanumeric CSRF token that is generated and used internally by the Client

Query Parameters

Parameter	Required?	Description	Default	Example
`css`	Optional	A URL-encoded CSS block meant to style the displayed data. The HTML to style can be found here.		`iframe%7Bborder%3Anone%3B%7D`
`edit`	Optional	A boolean indicating whether the data will be displayed in an editable form field. If `true`, the value will be displayed in a submittable input box appropriate for its data type.	`false`	`true`
`relay_url`	Optional	the URL endpoint to which a `POST` HTTP request will be sent upon submission of editable data. This would typically be a URL controlled by the host of the Redact-enabled website and used for internal bookkeeping.		`https://foo.com/redact/relay`

Body Parameters

Parameter

Required?

Description

Example

path

Required

a jsonpath-style string prepended and appended by a period

.someObj.someVal.

value

Required

The value of the data being submitted

String

value_type

Required

Specifies the type of data to expect; this is particularly useful when creating new data that does not yet have a type. The value can be one of:

Bool

U64

I64

F64

String

Media

A Binary file that can be rendered in the browser. Currently supported file types are:

image/jpeg

image/png

image/gif

image/apng

image/avif

image/svg+xml

image/webp

video/mpeg

video/mp4

String

`POST /proxy`

Retrieves the response of a GET request to a given URL, which is made via the client with mutual TLS. The root domain of the URL requested must match the root domain of the request’s Origin header value. For more information on how to use the Proxy API, see User Sessions.

Header Parameters

Header Name	Required?	Description
`Origin`	Required
`Content-Type`	Required	Must be: `application/json`

Body Parameters

Parameter	Required?	Description	Example
`host_url`	Required	The URL to which to make a GET request	`https://foo.com/redact/session_create`

Client

API

GET /unsecure/data/<path>

Path Parameters

Query Parameters

GET /secure/data/<path>/<token>

Header Parameters

Path Parameters

Query Parameters

POST /secure/data/<token>

Header Parameters

Path Parameters

Query Parameters

Body Parameters

POST /proxy

Header Parameters

Body Parameters

`GET /unsecure/data/<path>`

`GET /secure/data/<path>/<token>`

`POST /secure/data/<token>`

`POST /proxy`