PauloTest Test

Hi @...,

Just noticed your suggestion and I've some questions about it.

• I'm trying to save the state in a cookie after receiving and validating the signed request. However, how can I use this cookie if the ZAF requests are being through a proxy? I'm asking this because the cookie will be set for my app domain, not the proxy one.
• Do I need to get the public key for each instance in order to decrypt it? Or is the public key global for all the app installations?
• I need to perform some REST API requests from the backend. I'm thinking about having a secure parameter with the API Token and send it using the ZAF request. Is this the best approach for this?

Kind regards,
Paulo Alves.