Integrating with Backends¶

In HortiView we support modules that consist of frontend code packaged as a compiled module-federated package. Vendors can, of course, integrate with backends if needed. Currently, we support a paradigm which we call "Use your own backend". This is especially useful for vendors who already operate a backend for a solution.

This is illustrated conceptually in the following figure:

"Use Your Own Backend" requires a remote backend for executing business logic and data storage/retrieval

Validating Requests¶

One questions comes to mind immediately: How do I validate requests made to my backend?

We have implemented a simple, yet effective, strategy to validate requests:

When a module sends a request to a backend the request will contain a token encrypted using a private key known to HortiView only.
Upon reception of the request a vendor's backend can query the platform for a public key and use this key to validate the token.
If the validation is successful vendors can be sure that a request is legit.

The platform supports JWKS and PEM for token validation. Use the following endpoints to request the public key in the preferred format:

JWKS - /api/v1.0/jwks (Swagger Test)
PEM - /api/v1.0/pem (Swagger Test)