Skip to main content

Reverse Proxy

Refined security control when granting third party integrations access to the CargoWise eAdaptor Inbound Service.

The eAdaptor Inbound Service lacks any security granularity around what can be accessed or updated by clients, it's all or nothing.

Reverse Proxy fills this gap by providing refined security control, ensuring that when granting access to the eAdaptor Inbound Service, only the specific data intended for reading, updating, and creating is accessible.

The reverse proxy middleware relays requests to the eAdaptor Inbound Service, and the responses returned. Strict filtering is applied to prevent any requests or responses that don't match strict criteria, providing confidence that third party integrations aren't doing or accessing anything they shouldn't.

Security

The proxy can be restricted to specific API clients with their own specific rules defined around what XML requests they are allowed to to make and the XML responses that are allowed to be returned.

Filtering

Any part of an XML request or response can be used by the filtering criteria to define what is allowed and disallowed.

Requests

An example of XPath filtering criteria to restrict requests, only allowing Warehouse Orders to be created or updated for a specific Organization:

  • XPath: //UniversalShipment/Shipment/DataContext/DataTargetCollection/DataTarget/Type; Matches value: WarehouseOrder
  • XPath: //UniversalShipment/Shipment/OrganizationAddressCollection/OrganizationAddress[.//AddressType[text()=\"ConsignorDocumentaryAddress\"]]/OrganizationCode; Matches value: TSTORGCHC

Would allow the following request to be sent:

<?xml version="1.0" encoding="utf-8"?>
<UniversalShipment xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1.1" xmlns="http://www.cargowise.com/Schemas/Universal/2011/11">
	<Shipment>
		<DataContext>
			<DataTargetCollection>
				<DataTarget>
					<Type>WarehouseOrder</Type>
				</DataTarget>
			</DataTargetCollection>
		</DataContext>
		<Order>
			<OrderNumber>SO-12345</OrderNumber>
            ...
		</Order>
		<OrganizationAddressCollection>
			<OrganizationAddress>
				<AddressType>ConsignorDocumentaryAddress</AddressType>
				<OrganizationCode>TSTORGCHC</OrganizationCode>
                ...
			</OrganizationAddress>
            ...
		</OrganizationAddressCollection>
	</Shipment>
</UniversalShipment>

While rejecting any request for anything other than a WarehouseOrder for TSTORGCHC.

Responses

Sometimes broad requests need to be allowed through, such as searching for Warehouse Orders as shown in the example below.

XPath filtering criteria:

  • XPath: //UniversalShipmentRequest/ShipmentRequest/DataContext/DataTargetCollection/DataTarget/Type; Matches value: WarehouseOrder

This simple filter would allow a request such as the following to be relayed:

<?xml version="1.0" encoding="utf-8"?>
<UniversalShipmentRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1.1" xmlns="http://www.cargowise.com/Schemas/Universal/2011/11">
    <ShipmentRequest>
        <DataContext>
            <DataTargetCollection>
                <DataTarget>
                    <Type>WarehouseOrder</Type>
                    <Key>W00012345</Key>
                </DataTarget>
            </DataTargetCollection>
        </DataContext>
    </ShipmentRequest>
</UniversalShipmentRequest>

Unfortunately at the request stage we don't know if Warehouse Order W00012345 belongs to the Organization making the request, potentially leaking sensitive order details that should remain confidential.

In these scenarios we'd introduce response filtering criteria to prevent potentially sensitive information leaking. For example:

  • XPath: //UniversalResponse/Data/UniversalShipment/Shipment/DataContext/DataSourceCollection/DataSource/Type; Matches value: WarehouseOrder
  • XPath: //UniversalResponse/Data/UniversalShipment/Shipment/OrganizationAddressCollection/OrganizationAddress[.//AddressType[text()=\"ConsignorDocumentaryAddress\"]]/OrganizationCode; Matches value: TSTORGCHC

If the example response below was returned, where Warehouse Order W00012345 is for Organization SECRETXXX instead of the allowed TSTORGCHC, the response would not be returned to the client. An unauthorized response would be returned instead.

<?xml version="1.0" encoding="utf-8"?>
<UniversalResponse version="1.1" xmlns="http://www.cargowise.com/Schemas/Universal/2011/11">
    <Status>PRS</Status>
    <Data>
        <UniversalShipment xmlns="http://www.cargowise.com/Schemas/Universal/2011/11" version="1.1">
            <Shipment>
                <DataContext>
                    <DataSourceCollection>
                        <DataSource>
                            <Type>WarehouseOrder</Type>
                            <Key>W00012345</Key>
                        </DataSource>
                    </DataSourceCollection>
                    ...
                </DataContext>
                ...
                <OrganizationAddressCollection>
                    <OrganizationAddress>
                        <AddressType>ConsignorDocumentaryAddress</AddressType>
                        <OrganizationCode>SECRETXXX</OrganizationCode>
                        ...
                    </OrganizationAddress>
                    ...
                </OrganizationAddressCollection>
            </Shipment>
        </UniversalShipment>
    </Data>
    ...
</UniversalResponse>