-
Notifications
You must be signed in to change notification settings - Fork 3
Additional Information for Backend Integrations
Requests issued directly from the user's browser contain a number of useful data points, namely User-Agent and X-Forwarded-For. These are necessary for Constructor.io to understand the origin of requests to adequately ensure DDOS prevention.
The Constructor security token also plays an important role to help us identify requests to ensure it is originating from an actual customer and not a malicious user. If the token is not supplied with each request, it is highly likely that the requests to our server will get throttled.
In order to power personalization, an anonymous user identifier and session identifier are stored in the users browser and automatically transmitted with requests in a frontend integration. In a backend integration, these values will need to be read from cookies and transmitted with requests.
In summary, here are the fields that should be sent with all requests originating server side (backend integrations):
- security_token (Mandatory)
- A unique string supplied by Constructor to be transmitted with requests originating from the backend. This value should be treated as sensitive information and never exposed client side.
- service_url (Mandatory)
- Requests must also be pinned to a single data center. In order to do this, we’ll provide a specific host which you’ll use to interact with Constructor’s API. That is, all calls will be sent to
https://[service_url].cnstrc.com, where[service_url]is a string that will be provided to you by your integrations engineer. Note, this does not apply to calls to update catalogs.
- Requests must also be pinned to a single data center. In order to do this, we’ll provide a specific host which you’ll use to interact with Constructor’s API. That is, all calls will be sent to
- user_parameters.user_ip (Mandatory)
- Containing the IP of the origin request from the users browser.
- user_parameters.client_id & user_parameters.session_id (Mandatory)
- The client and session id parameters live in the browser's cookies and are sent along with all requests. You should be able to grab them from the
ConstructorioID_client_idandConstructorioID_session_idcookies, respectively
- The client and session id parameters live in the browser's cookies and are sent along with all requests. You should be able to grab them from the
- user_parameters.user_id (Mandatory for logged-in users)
- A unique internal identifier for a logged-in user. Used for cross device personalization.
- user_parameters.user_agent
- Containing the User-Agent of the origin request from the users browser
The request service url and Constructor security token are set during the instantiation of the Python client. Here's an example of how that looks like:
from constructor_io.constructor_io import ConstructorIO
constructorio = ConstructorIO({
"api_key": "key_0987654",
"api_token": "tok_12345678",
"service_url": "service_url.cnstrc.com",
"security_token": "x-cnstrc-token-85927ad98f0a82as14",
})Information about the user will be passed with each request using the user_parameters. Here is an example request:
user_parameters = {
'client_id': '5a23dd74-5672-4379-878c-9182912d2710',
'session_id': 2,
'user_ip': '30.19.91.1',
'user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36',
'user_id': 'user-id-1A8r9c663D7C',
}
constructorio.search.get_search_results(
'car',
{ 'section': 'Products' },
user_parameters
)