Client-side content arbitration with Scanii
With Scanii you can process files directly from your client browser without having to submit potentially malicious/unwanted content to your servers.
Here’s how the logic works in a nutshell:
- A conventional file upload HTML form is sent to the browser
- Create a one-time authentication token using Scanii’s Auth Token API
- Use that one-time API authentication token to submit the file to Scanii for processing/identification using our File API
- Based upon our File API response we will either submit the form to the server (including the identifier of the File API) or notify the user of the content findings.
- Back on the server side, we now validate that the content was indeed properly processed by looking up the processing result via the result identifier. If everything checks out, the file is good to be stored or the server.
Here’s what all that magic look like:
So, when should you use client side content processing?
That is an excellent question to which there isn’t really a one-size-fits-all answer, it ultimately depends on your requirements. If you would like to do as much work as possible on the client-side browser, this feature is for you.
The pros and cons of making content decisions client side
- From a client browser perspective, content is submitted twice, once to Scanii for processing and again to your service for storage.
- Slightly more complex integration involving both browser and server coordination work.
How do you get around the browser same-origin policy?
Good question, all of our globally distributed API endpoints support CORS.
Sample source code
The source code for the above sample application is available in Github here: https://github.com/uvasoftware/scanii-token-sample and licensed under an open source license - Apache 2.0.
Still have questions? Reach out to our support at firstname.lastname@example.org.