Including the X-Forwarded-For Header in Requests for Cloud API
This Article is for Customers who need to derive the Geolocation of their scans, when calling the Anyline Cloud API from their back-end service. This will enable customers to see via the Anyline Insights dashboards the location where the user has performed a scan.
PLEASE NOTE:
Anyline does not recommend manually adding the X-Forwarded-For header, as improper usage can lead to incorrect IP reporting.
However, for customers whose end users are behind a back-end service and require accurate client IP forwarding, it is important to ensure that the back-end service captures the end user's IP address. Please note that Anyline does not store IP addresses at any point in this process.
In many web server environments, the IP address of the user can be accessed through a variable called REMOTE_ADDR
. Customers can also use similar functionalities in their back-end environment.
Recommended Steps
Add IP Address to the X-Forwarded-For Header: Once the user's IP address is obtained, Customers should append this IP address to the
X-Forwarded-For
header. If the header already exists, the new IP should be appended to the existing header value, separated by a comma.Send Request to our Cloud API: The modified request, now including the
X-Forwarded-For
header, can be sent to our Cloud API endpoint. This ensures that our systems can correctly identify the end user's IP address, even when the user is behind a back-end service.
Below are two examples of how Customers can add the X-Forwarded-For
header to include the end user's IP address.
X-Forwarded-For
Example using curl
curl -H "X-Forwarded-For: <user-ip-address>" <https://api.anyline.com/v2/tiresidewall>
curl --request POST \
--url https://auth.anyline.com/oauth/token \
--header 'content-type: application/json' \
--header 'X-Forwarded-For: <user-ip-address>' \
--data '{"client_id":"YOUR-CLIENT-ID","client_secret":"YOUR-CLIENT-SECRET","audience":"https://prod.cloud-api.anyline.com","grant_type":"client_credentials","scope":"cloudapi:tiresidewall"}'
PLEASE NOTE:
Please be sure to replace <user-ip-address>
with the actual IP address of the end user.
X-Forwarded-For
Example using JavaScript's fetch
Function
fetch('<https://api.anyline.com/v2/tiresidewall>', {
method: 'POST',
headers: {
'content-type': 'application/json',
'X-Forwarded-For': '<user-ip-address>',
'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
}
});