2 min read
A minimal proxy
app.get('/api/products', async (req, res) => {
const upstream = await fetch(`${process.env.CREDICORP_BASE}/products`);
const { data } = await upstream.json();
const slim = data.map(({ id, name, min_amount, max_amount }) =>
({ id, name, min_amount, max_amount }));
res.set('Cache-Control', 'public, max-age=3600').json(slim);
});
Why proxy at all
Proxying gives you caching, payload shaping and a single origin for your SPA. Crucially, it is the natural home for authenticated partner calls later — the secret lives on the server and never reaches the browser.
Frequently asked questions
Is proxying necessary?
No for pure public reads, but it pays for itself once you want caching, payload shaping, or to add authenticated partner calls without exposing secrets.
Does proxying change caching?
You control the cache at the proxy. Respect the upstream Cache-Control as a floor and add your own longer TTL if it suits your traffic.
Related reading

Quickstart: use the Credicorp public API in Express
Here is the idiomatic way to call the Credicorp public API from Express. Fetch the product catalogue, cache…
Read →
Quickstart: Cache the product catalogue correctly
The catalogue changes rarely, so caching it removes the API from your hot path and keeps you well under the…
Read →
Quickstart: call the public API from the browser safely
The public ring sends permissive CORS headers for read endpoints, so you can call it straight from the…
Read →
Quickstart: handle Credicorp API error responses
Every Credicorp API error uses the same envelope: { error: { type, code, message, request_id } }. Branch on…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.