Quickstart

Quickstart: Proxy the public API through your backend

A thin backend proxy lets you cache, trim payloads and keep one origin for your front-end — and it is the seam where partner calls stay server-side. This recipe shows the exact code, uses only the unauthenticated public ring, and links out to the endpoints and the application flow so the reader always has a next step.

2 min read

one originFront-end talks to you
cacheAdd your own TTL
shapeTrim to what you need

A minimal proxy

app.get('/api/products', async (req, res) => {
  const upstream = await fetch(`${process.env.CREDICORP_BASE}/products`);
  const { data } = await upstream.json();
  const slim = data.map(({ id, name, min_amount, max_amount }) =>
    ({ id, name, min_amount, max_amount }));
  res.set('Cache-Control', 'public, max-age=3600').json(slim);
});

Why proxy at all

Proxying gives you caching, payload shaping and a single origin for your SPA. Crucially, it is the natural home for authenticated partner calls later — the secret lives on the server and never reaches the browser.

Frequently asked questions

Is proxying necessary?

No for pure public reads, but it pays for itself once you want caching, payload shaping, or to add authenticated partner calls without exposing secrets.

Does proxying change caching?

You control the cache at the proxy. Respect the upstream Cache-Control as a floor and add your own longer TTL if it suits your traffic.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.