# Inbound Routes

Inbound Routes are designed for receiving requests into your environment. Requests will be routed through an Inbound Route a vault-specific reverse proxy URL.

## What does it allow you to do?

* Rewrite requests or responses on the fly before data enters or leaves your system.
* Operate on data outside of the scope of your backend systems.
* Set/Change/Strip Headers.
* Modify the payload even if it's not a strict redaction/replacement.

## How does it work?

* You point your client API or Frontend to our reverse proxy and set the upstream in our [dashboard](https://dashboard.verygoodsecurity.com/) to your server DNS.

**Example:**

* BEFORE: client.foo.com → server.foo.com\\
* AFTER: client.foo.com → \<VAULT\_ID>.sandbox.verygoodproxy.com → server.foo.com
* ALTERNATIVELY: you can load your client website/app *through* the proxy. This is useful if your client and backend do not communicate via API. We can provide a CNAME to whitelabel this when you're ready to use it for production.

The inbound/reverse proxy directs traffic between the client-side (inbound) traffic, the VGS vault (where sensitive data is stored), and your backend systems, as illustrated by the image below.&#x20;

<figure><img src="https://2096104711-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUreALQAfVnRMQEz110rC%2Fuploads%2Fgit-blob-2660a2b71926144cf65f495a6e3c42e8c23cc595%2Freverse.png?alt=media" alt=""><figcaption></figcaption></figure>

## Try it out

Run this sample code snippet in your terminal to see an example of data redaction. Please note, this is a sample test vault.

{% tabs %}
{% tab title="Curl" %}

```bash
curl https://tntsfeqzp4a.sandbox.verygoodproxy.com/post \
  -H "Content-type: application/json" \
  -d '{"account_number": "ACC00000000000000000"}'
```

{% endtab %}

{% tab title="Python" %}

```python
import requests

response = requests.post("https://tntsfeqzp4a.sandbox.verygoodproxy.com/post",
                          json={'account_number': 'ACC00000000000000000'})
print(str(response.text))
```

{% endtab %}

{% tab title="Go" %}

```go
package main

import (
  "bytes"
  "encoding/json"
  "io/ioutil"
  "fmt"
  "net/http"
)

type Payload struct {
  Account string `json:"account_number"`
}

func main() {
  data := Payload{
    Account: "ACC00000000000000000",
  }
  payloadBytes, err := json.Marshal(data)
  if err != nil {
    fmt.Println(err)
  }

  body := bytes.NewReader(payloadBytes)

  req, err := http.NewRequest("POST", "https://tntsfeqzp4a.sandbox.verygoodproxy.com/post", body)
  if err != nil {
    fmt.Println(err)
  }
  req.Header.Set("Content-Type", "application/json")

  resp, err := http.DefaultClient.Do(req)
  if err != nil {
    fmt.Println(err)
  }

  defer resp.Body.Close()

  respB, err := ioutil.ReadAll(resp.Body)
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(string(respB))
}
```

{% endtab %}

{% tab title="Java" %}

```java
package com.verygoodsecurity;

import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;

public class InboundIntegration {
  public static void main(String[] args) throws IOException, InterruptedException {
    final HttpClient client = HttpClient.newBuilder().build();
    final HttpRequest request = HttpRequest.newBuilder()
        .uri(URI.create("https://tntsfeqzp4a.sandbox.verygoodproxy.com/post"))
        .header("Content-Type", "application/json")
        .POST(HttpRequest.BodyPublishers.ofString("{"account_number":"ACC00000000000000000"}"))
        .build();
    final HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());

    System.out.println("response=" + response.body());
  }
}
```

{% endtab %}

{% tab title="Node.js" %}

```js
const axios = require('axios');

const instance = axios.create({
  baseURL: 'https://tntsfeqzp4a.sandbox.verygoodproxy.com',
  headers: {
      'Content-Type': 'application/json',
  },
});

async function getData() {
  let result;

  try {
    const response = await instance.post('/post', {
        account_number: 'ACC00000000000000000',
    });
    console.log('Response data:', response.data);
    return response.data;
  } catch (error) {
    console.error('Error caught during request:', error.message);
    throw error;
}
}

getData().then(response => console.log('Post request via proxy succeeded.'));
```

{% endtab %}

{% tab title="Ruby" %}

```ruby
require 'uri'
require 'json'
require 'net/https'

uri = URI.parse('https://tntsfeqzp4a.sandbox.verygoodproxy.com/post')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/json'})
request.body = {account_number: 'ACC00000000000000000'}.to_json
response = http.request(request)
puts "Response #{response.code} #{response.message}: #{response.body}"
```

{% endtab %}
{% endtabs %}

### Example with a html form submit

Let's take the easiest use case, an HTML form posting credit card data. You can serve your content via the proxy `https://<VAULT_ID>.SANDBOX.verygoodproxy.com` and this form will work with a sample echo server filter.

```html
<form class="form-horizontal2 boxed" method="post" action="/post">
    <!--CREDIT CARD PAYMENT-->
    <div class="panel panel-info">
        <div class="form-group">
            <div class="col-md-12">
                <label for="pan_number" id="pan_number_label">Credit Card Number</label>
                <input class="form-control" placeholder="Card Number" type="text" name="cc_number" id="pan_number" value="">
            </div>
        </div>
        <div class="form-group">
            <label for="pan_exp" id="pan_exp_label">CC Expiration</label>
            <input class="form-control" placeholder="Card Expiration" type="text" name="cc_exp" id="pan_exp">
        </div>
    </div>
    <div class="form-group">
        <label for="pan_cvv" id="pan_cvv_label">CC CVV</label>
        <input class="form-control" placeholder="CVV" type="text" name="cc_cvv" id="pan_cvv" value="">
    </div>
    <div class="form-group">
        <span>Pay securely using your credit card</span>
    </div>
    <button type="submit">Place Order</button>
</form>
```

In this example form, on any press of the submit button, we post to the path in the action attribute in the form tag:

Once you have this set-up you can work on your [transformers and filters](https://docs.verygoodsecurity.com/vault/http-proxy/operations).

### Encrypted Communication

VGS supports encryption to protect communications between VGS and your web application. VGS supports the TLS cryptographic protocol. Support for anything less than TLS1.2 is officially deprecated.

For more information regarding TLS:

* [Upgrading your application](https://support.cloudways.com/en/articles/5121355-how-to-update-the-tls-version)
* [PCI Standards Blog: TLS1.2](https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls)
* [PCI TLS1.2 Guidance](https://www.pcisecuritystandards.org/documents/Migrating-from-SSL-Early-TLS-Info-Supp-v1_1.pdf)

If you need any help contact us on site chat or <support@vgs.io>.