Foreq

Appearance

Project

A project is a logical grouping of routes. To better visualise this, imagine you’re building a to-do application called To-do. To-do is an application which would require some third party API to do some payment processing, a method of sending mails with an SMTP client.

In this context you would want to create a project on Foreq called To-do. The To-do project will contain routes where each on handles a single API integration.

Project settings

Security rules like allowed IP address, recpatcha and attestation with Google play integrity can also be added on the project settings page, once applied they’ll apply to all routes in the project.

The settings also includes options for adding in secrets, which are encrypted key value pairs which can be reused when making requests.

NOTE You can also delete your project, Doing this will delete everything associated to a project project. This includes requests, secrets, logs etc. Once deleted is impossible to retrieve.

Security

  • Allowed Origins: Grants access to requests coming from the provided origins. If this is empty all requests to the project will return a 403(Forbidden). If a wildcard (*) is provided requests coming from any domain would be provided allowed to go through.

    Note that this isn't a very safe method of authorizing a client as it can be easily spoofed.

  • Google play integrity: The most advised way to setup client authorization on Android devices. You an read up more information on how to do that with the Google provided documentation here.

  • Recaptcha: The advised authorization method for the web. You can read up more information on how do to that with the Google provided documentation here.

  • Whitelisted IPs: IPv4 addresses to allow. If a single IP address is provided on requests coming from that IP address are allowed through. If none is provided then it isn't taken into consideration during client authorization.

Secrets

Secrets are sensitive data which are encryped and typically used to store values used in requests. This can include things like API keys.

Other

The setting here is the DELETE operation used to permenently delete a project.