Zero Data Integration
For a quick start, we recommend using our onboarding guides that cover the most common use case, that is secure to collect and exchange sensitive data with 3rd parties. You will lend on them while signing. If you skipped, click on the "Begin" button on a guide. We recommend passing them one by one: Introductory Guide, Inbound Guide, and Outbound Guide. That will help you set up an initial integration and understand how VGS works. Want to explore other integration methods now, go here.
The Introductory Guide will walk you through the process of setting up a proxy to safely secure your data and integrate with any 3rd party that you use.
Securing Inbound Connection
The Inbound Guide helps you to secure traffic going to your systems. You need to create your first inbound route. To do this, enter your Upstream Host. It is required to route traffic from your clients or frontend.
Enter the address of your server, e.g. https://api.mycompany.com.
Your data flow:
BEFORE: client.foo.com → server.foo.com
AFTER: client.foo.com →
<VAULT_ID>.<ENVIRONMENT>.verygoodproxy.com → server.foo.comALTERNATIVELY: you can load your client website/app through the route. It is useful if your client and backend do not communicate via API. We can provide a CNAME to white label this when you’re ready to use it for production.
In this way, our inbound route will direct your inbound traffic between your client-side, the VGS Vault (where sensitive data is stored), and your backend systems. Read the full Inbound Connection guide.
The echo server is for the test data only. It's a security issue using it in Live. - You should have only one upstream destination for your inbound connections. If you used echo server as a destination for your requests once and now creating another route, consider deleting the one with the echo server. Learn how to configure multiple inbound routes.
Securing Outbound Connection
When your inbound route is already set up, go to the Outbound Guide that automatically triggers the quick guide flow for securing your outbound traffic.
To route traffic from your server to the 3rd parties, you will need access credentials that were generated at the very beginning. If you forgot to save them - no worries, create a new pair in the Vault Settings page.
As you can see, we have some environmental settings that you can set on your server to run your outbound routes through VGS. If you just want to test the functionality, there is a curl available in the guide. If you do decide to go ahead and set up an environmental variable in Python/Ruby or any language/framework of your choice, you'll need to add our CA cert to your Trusted Certificates (this is self-issued to establish a trusted, secure connection between you and VGS, not third parties).
If you'd like to see some working apps integrated with third-party APIs, check out our example integrations. Read the full Outbound Connection guide.
You now have taken sensitive information, swapped it for an alias on inbound, and swapped it back on outbound, keeping sensitive data off your system.
Additional Settings
In this section, you can find advanced Preferences you might want to set up.
IP whitelisting
Set up IP whitelisting to restrict IPs and IP ranges from which requests originated. The IP address the request is made will be matched against a comma-separated list of IPs or CIDRs. For example 1.2.3.4/32, 192.168.0.15/24. Read more.
Custom Hostnames
CNAMEs allow you to use your own domain as an alias to verygoodproxy.com. Thus, your users may seamlessly transition between VGS and you without recognizing that the content exists on two separate domains. To request custom hostname provisioning: Create a CNAME pointing to your address, for example, secure.your-domain.com, to either sandbox.verygoodproxy.com or live.verygoodproxy.com. Then contact our support at [email protected] to request provisioning of a TLS certificate. Read more.
Mutuals TLS
Mutual TLS allows the upload of certificates to establish a trusted connection with third-party services (that demand a mutual TLS type of connection) like Visa and MasterCard. Read more.
Securing Data from Payload
There is one more way to quickly secure your data straight from the recorded Logs. As you routed your traffic through VGS, we can introspect on it and secure your data. When you post data to that URL, you’ll be provided with a log of the payload. Please note that you need to turn on recording payloads on the Logs page.
Click on the log entry, and a modal will pop up showing you general information on the request. You may get more insights into the contents of the payload by clicking through theGeneral|Headers|Body tabs and their Request|Response buttons.
Click "Secure this payload" to begin securing your data by creating filters. You can set up redaction or revealing filters. Nested JSON or JSON lists will also populate. Select as many items of the payload as you need to secure and safely store.
Let's quickly review the dropdowns on the modal:
The first dropdown is the Operation
redactorreveal. This Operation can be performed on request OR response. For this guide, we're just doing requests, but we could also redact and reveal responses just as easily.The second dropdown is Storage. We have two storage options:
PersistentandVolatile. CVVs and PINs must be stored in volatilely memory and have a Time To Live of 1 hr. All other data can be stored persistently. It's important to note that your "Storage" type needs to match on reveal (we'll see this on Outbound Connection).The third dropdown is the type of alias VGS will return to your server. We have different Alias Formats. The first one is a proprietary alias. This is best used for non-numeric data (in fact it must be used for non-numeric because the other formats are strictly for numbers).
Now, go ahead and send a request and check it on the Logs page again. Wait a minute. It looks almost the same! That's the general information on the logged request. To see what your server will receive, click on the Body tab.
There we go. You have now protected your server from receiving any sensitive information without changing any code.
Where next?
Now that you've tried our quick integration, you might want to check out:
Last updated