Hello,
I am reaching out and interacting with a third party API using Axios on an HTTPS connection. When I inspect my network tab and look at the request that was made I am able to see the full request and response bodies unencrypted.
I am also using a backend .jsw file to send the request.
Is there a way to hide or encrypt the request and response bodies? I was under the impression that they should be encrypted because it is sent using HTTPS.
Here is my code snippit from the backend file:
const axios = require("axios").default;
const XML = require('pixl-xml')
export function newSoapRequest(options = {
method: "POST",
url: "",
headers: {},
xml: "",
timeout: 10000
}) {
const {
method,
url,
headers,
xml, // soap envelope as string
timeout
} = options
return new Promise((resolve, reject) => {
axios({
method: method || "POST",
url,
headers,
data: xml,
timeout
}).then((res) => {
resolve({
res: {
headers: res.headers,
body: XML.parse(res.data),
statusCode: res.status,
}
})
}).catch((err) => {
if(err.response) {
reject(err.response.data)
} else {
reject(err)
}
})
})
}
Here is my code from the front-end file(where the function is being called:
let url = "https://api.soapAPIURL?WSDL"
const headers = {'Content-Type': 'text/xml;charset=UTF-8'}
await newSoapRequest({method: "POST", url, headers, xml, timeout: 1000})
.then(response => console.log(response))
Here is what I see for the request body when sending the request:
and the unencrypted response:
Some more useful information is that the API I am interacting with is a SOAP API (Hence the long XML Strings both sent and received)
The outgoing request has auth information that I need to not be easily accessible. I don’t nessasarally care too much about the response, but logically if one is encrypted than the other should be as well.