When you make an API Call from a TARS Chatbot using API Configuration in a Gambit, all those API calls are made directly from the chatbot, and it goes through a proxy server called a CORS Proxy.

There are 2 main advantages of using this proxy:

  1. It eliminates the need to do special CORS configuration on your API Backend Server. Making the server resources more secure for CSRF Attacks.
  2. All the API calls are made from one place, so if needed, you can Whitelist the IP Address of this proxy server for your API backend.

    Source IP:
    Source Port: <Any>
    Destination IP: <Your IP>
    Destination Port: 80 or 443

For any reason if you want to hit your API backend directly from the user's browser and not go through this CORS Proxy you can do that by adding a special HTTP header field called tarscorsproxy and set its value to no.

This will make sure the API calls are make direclty from the user's browser. This header won't show up on the server side. Please note that you need to have proper CORS configuration on your API Backend for this work. Please test the system properly before Deploying the Bot.

Did this answer your question?