Recipe

Proxy the public API through your backend

Put your own backend in front of the public API and everything gets easier. A thin proxy lets you cache reads once for all users, sidestep browser CORS, and apply your own rate control — while keeping the public ring calls server-to-server. It is the recommended shape for anything beyond a trivial browser fetch.

2 min read

cache onceShared for all users
no CORSServer-side calls
your controlOwn rate limiting

Why proxy

A proxy lets you cache the loyalty ladder or CMS pages a single time and serve them to every visitor, avoids CORS entirely (server-to-server calls are not cross-origin in the browser sense), and lets you throttle your own users independently of the public ring’s limit.

Keep writes server-side

Route submissions (enquiries, consent) through the proxy too, so your edge validates and forwards them — the consent endpoint depends on that trust boundary.

Cache with the freshness marker

Use the generated/updated timestamps to key your proxy cache. See Caching.

Frequently asked questions

Does proxying avoid CORS?

Yes. Server-to-server calls are not subject to browser CORS. Your frontend talks to your proxy on your own origin.

Should writes go through the proxy too?

Yes. Your edge should validate and forward submissions, which is exactly what the consent endpoint expects.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.