L7 firewall configuration
This guide contains some information that can be useful when needing to secure your implementation behind a L7 firewall. There are two subsets of the API that are generally used by internal vs external roles.
Paths are listed as prefixes only – all subpaths must be allowed by a firewall configuration.

SDK required APIs

Here you can find the subset of the APIs that must be accessible to end user devices running our SDKs.
1
# Only a subset of the REST API is required for SDK use
2
/api/1/devices
3
/api/1/sessions
4
5
# And the WebSocket API.
6
# Firewalls must be configured to support WebSocket traffic on these routes
7
/sockets/1/
Copied!

Agent-side required APIs

These are the APIs required by the agent dashboard, or embedded agent side UI.
1
# For the agent side, the entire API is required
2
/api/1/
3
/proxy/1/
4
/recording/1/
5
6
# And the WebSocket API.
7
# Firewalls must be configured to support WebSocket traffic on these routes
8
/sockets/1/
Copied!
As well as the routes above, the HTML frontend must also be accessible for agents. Paths include.
1
# The frontend routes for HTML, CSS and JS
2
/index.html
3
/favicon.png
4
/apps/
5
/static/
Copied!
Important: The frontend is built as a static single page application, with an index.html entrypoint. Any route not included in the prefixes listed above should be considered a frontend route and resolve to /index.html.

Headers and Query Parameters

All headers, including custom headers, must be forwarded on the non-frontend routes. All query parameters must be forwarded on all routes.
Warning: We may add routes and parameters between versions. We always recommend deploying new software versions to a staging environment and testing behind your firewall configuration before promoting new versions to production.