Setting up your Reverse Proxy

Reverse Proxy Configuration

A reverse proxy is a flow where the client uploads the data returned by the SDK to the credolab server by proxying it through their own server. This configuration can be useful when:

  • The web SDK is unable to directly upload datasets to the credolab server because of browser AdBlock and other security policies within the client's organisation.
  • To avoid app store rejections due to the perception of the credolab servers as third-party data collection participants.


  • When integrating the SDK, the URL should be set as https://<>/cl, where /cl is a root segment that identifies all requests from the SDK to be handled by the relevant Nginx rules.



    The realIP property should be null during upload action in case reverse proxy configuration is selected

  • Requests coming from the /cl root on the client server should be forwarded to the credolab server, with the X-Real-IP header attached containing the original IP address of the request. This header will be used by credolab to identify the real IP address from which the request originated.

Example: Configure reverse proxy in Nginx

	… other configuration entries …
	location /cl/
		rewrite /cl/(.*) /$1 break;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_pass https://scoring-**;


When Nginx or any other server is used as a reverse proxy, and if it is not the initial layer that directly accepts client requests, and there are additional components such as a Web Application Firewall (WAF), API Gateway, or similar layers, then the X-Real-IP header should retrieve the originate IP address from the $http_x_forwarded_for parameter (relevant to Nginx). However, this process may vary depending on the specific configuration of preceding layers before the proxy server.