Skip to main content
All CollectionsExtras
Handling Forwarded Requests
Handling Forwarded Requests

Learn how to handle requests coming from custom domains to your upstream.

Drago Crnjac avatar
Written by Drago Crnjac
Updated over a week ago

Overview

This guide provides instructions on managing requests forwarded from your users' custom domains to your upstream services.

Understanding Headers in Forwarded Requests

When a request is forwarded from a custom domain, it will include additional headers to aid in processing the request accurately:

X-Served-For Header

  • Purpose: Identifies the custom domain from which the request was forwarded.

  • Example Value: If a request is made to https://app.mydomain.com, the X-Served-For header will contain app.mydomain.com.

X-SaaS-Domains-IP Header

  • Purpose: Shows the IP address of the client that initiated the request.

  • Example Value: If a client with IP 37.228.203.125 makes a request, the X-SaaS-Domains-IP header will carry 37.228.203.125.

Host Header

  • Purpose: Indicates the final destination or host of the request.

  • Example Value: For a request forwarded to https://app.example.com, the Host header will be set to app.example.com.

Additional Security with X-SaaS-Domains-Auth-Token

To ensure the integrity and authenticity of forwarded requests, the X-SaaS-Domains-Auth-Token header can be utilized. This token is auto-generated randomly for every upstream, but can also be changed later.

  • Purpose: Acts as an authentication token to confirm that requests are legitimately originating from SaaS Custom Domains.

  • Security Note: Always verify the X-SaaS-Domains-Auth-Token in your upstream to confirm that the request is authorized.

You can copy the authentication token on the upstream page:

Alternatively, you can change the token by editing the upstream:

Example Scenario

Consider the following setup and request flow:

  • Your Upstream Service: https://app.example.com

  • Your Custom Domain: https://app.mydomain.com

  • Client IP: 37.228.203.125

When a client makes a request to https://app.mydomain.com, the request is forwarded to your upstream https://app.example.com. The following headers are added to the forwarded request:

  • X-Served-For: app.mydomain.com

  • X-SaaS-Domains-IP: 37.228.203.125

  • Host: app.example.com

  • X-SaaS-Domains-Auth-Token: [Token Value] (ensure to verify this token for security)

That's it! You can now effectively manage and secure forwarded requests to provide a reliable service to your users through their custom domains.
โ€‹
Until next time, keep building!

Need more help? Reach out via the Intercom chat widget and we'll be right with you!

Did this answer your question?