Back-end integration required parameters
Requests issued directly from the users browser contain a number of useful data points, namely User-Agent and X-Forwarded-For. These are necessary for Constructor.io to understand the origin of requests to adequately ensure DDOS prevention.
In order to power personalization, an anonymous user identifier and session identifier are stored in the users browser and automatically transmitted with requests in a front-end integration. In a back-end integration, these values will need to be read from cookies and transmitted with requests.
In summary, the following must be sent with requests originating server side (back-end integrations):
HTTP headers
X-Forwarded-For - mandatory
Containing the IP of the origin request from the users browser.
x-cnstrc-token - mandatory
A unique string supplied by Constructor to be transmitted with requests originating from the back-end. This value should be treated as sensitive information and never exposed client side.
User-Agent
Containing the User-Agent of the origin request from the users browser
Query parameters
i and s - mandatory
Client and session parameters fromConstructorioID_client_idandConstructorioID_session_idcookies, respectively
origin_referrer
The page URL of the originating client side request
ui
A unique internal identifier for a logged-in customer
_dt
Current UNIX timestamp of request (ex:1634170420420)
Requests must also be pinned to a single data center. In order to do this, we’ll provide a specific subdomain which you’ll use to interact with Constructor’s API. That is, all calls will be sent to https://[subdomain].cnstrc.com, where [subdomain] is a string that will be provided to you by your integrations engineer. Note, this does not apply to calls to update catalogs.