The reverse proxy sits in front of your API and acts like a backend service for your API clients. Typical usage is to redacts sensitive data third parties (Clients/customers/financial institutions etc.) before sending data to your API and reveal it on responses of your API to third parties as needed for your business.
- Example: Using the reverse proxy to receive payment information from your customer. Here the customer would send payment information (e.g. via the VGS secure form or JS) through the VGS Reverse Proxy. In transit the Reverse Proxy redirect the sensitive payment instrument information to a secure VGS vault, send a corresponding token to your business' backend servers, and return a response to the client/service used to collect the payment information from your customer.
The forward proxy is used by your server software to send requests to third party services. Typically usage is to reveal request data to third party services or redact 3rd party service responses without involving your non-VGS infrastructure (and keeping those systems out of scope of sensitive data compliances).
- Example: In a subscription billing model, using a token representing a customer's payment information in your back-end system to charge that customer's payment information. Here, your system would send a payload to debit the customer with that token through the VGS Forward Proxy. In transit, the Forward Proxy would replace that token with customer's sensitive payment information and forward that payload to your end payment processor so that they could charge the customer and return a response to the client/service used to collect your customer's information.
See also the VGS dataflow diagram here.