Proxing or Self-hosting

In some cases, Scantrust codes may have a custom prefix, also known as a "vanity URL". Additionally, some clients may want these scans to be proxied before they're forwarded to the landing page.

When a middleware server is used for this purpose, it's essential to ensure the following:

1. The middleware server should capture and set the user-agent. When forwarding a request, the HTTP header User-Agent should be set to that of the incoming request. This is necessary to display the correct app/user-agent in the Scantrust dashboard.

2. The middleware server should set the forwarding header. When forwarding a request, the HTTP header X-Forwarded-For should be set to the client-IP address of the incoming request. Alternatively, the newer header forwarded: for={client-ip} can also be used. This header is necessary to obtain accurate IP address data to display in the Scantrust dashboard. If the location-update API is not called on the client-side, the forwarded header is the only way to obtain location data about the user.

If the above fields are not set on the forwarded request, it will be recorded in the scantrust system as coming from the requesting server.

Rate limiting

When proxying requests, take in to consideration that calling Scantrust Endpoints excessively can result in rate limiting errorss (HTTP status code 429). For more details see the scantrust rate limits