Should code be Server Side?
In general, the answer to this will be a resounding YES if your code is public-facing.
Most technology stacks will allow you to define a part of your code for SSR (server-side rendering). The essential thing to consider is that you must never expose your Legalesign credentials to users or the outside world. You can take several steps to prevent this. If you are uncertain if your code will be compiled or executed on the server side, contact your head of IT.
SSR (Server-Side Rendering): A technique where web pages are rendered on the server and sent to the client as fully-formed HTML.
1. Completely Server Side
If you're writing an integration inside your systems to generate document signing requests, then a NodeJS, Python, or .Net process will be able to execute this entirely on your server or inside a secure cloud process. Keep your credentials in secure stores so they can't be seen by the wrong people. This is probably the easiest scenario.
2. Intranet / Safe Website
This is less and less the case, but if your browser tool is available ONLY to internal trusted staff, you could generate a fully or mostly client-side integration. If you're thinking about this, you might want to contact us (create a ticket) and check your use case is appropriate.
3. Portaled
If you want to make a tool for your staff, consider making a dedicated login to the tool. Each user must have
their own account, but from then on, workflow and automation will be entirely up to your developers. We suggest using the
Amplify-UI Authenticator
component. Contact Legalesign for dedicated Auth
settings.
4. Nominated SSR
This will be familiar to NextJS developers, and similar stacks, where selected portions of your website can be compiled server-side, and the rest will act as an SPA or similar client application.