2 min read
Why proxy
Most public reads (products, pricing, loyalty) are cacheable config. Proxying them through your backend lets you cache once and serve many clients, smoothing load and latency. It also gives you a single point to add attribution logging or aggregate Credicorp figures with your own data.
Mind the rate-limit keying
The public ring meters 60 req/60s per IP. Behind a proxy, every request shares your server's IP, so a naive pass-through can throttle under load. Cache aggressively on cacheable reads to keep origin calls well under the window, and never proxy a per-keystroke quote without debouncing.
What not to proxy blindly
The two public writes (enquiries, consent) record real rows and carry their own anti-abuse expectations — put your defences in front. And never build a proxy to hide partner credentials in the browser; partner calls belong server-side by design (security best practices).
Frequently asked questions
Does proxying change my rate limit?
It concentrates it. The 60 req/60s is per IP, so all traffic through your proxy shares your server's IP. Cache cacheable reads hard so origin calls stay well within the window.
Should I proxy the quote endpoint?
You can, with caching and debouncing, but a browser can also call it directly since public reads are CORS-friendly. Proxy mainly to add shared caching or aggregation, not to work around CORS.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.
