Self-hosting the Appcues SDK Bootstrap Script
Submit Article Requests
Do you have a suggestion for an article you would like to see created?
Feel free to submit this form and add your suggestions to our document board.
- Installation & Developers
- User Experiences
- Account Management
- Best Practices
- System Status
Table of Contents
This article covers self-hosting the Appcues SDK's Bootstrap script and configuring it to proxy to the Appcues API endpoints. Self-hosting is not recommended in all cases since it comes at a cost, see the important note below.
- Your end-users will load this script from a host that you configure instead of from Appcues fast.appcues.com
- You can create a sub-resource integrity hash for the script. This allows browsers to verify the script they are fetching is delivered "as is". It works by allowing you to provide a cryptographic hash that a fetched resource must match.
- You will need to manually update to new versions of the script whenever changes to the script occur.
- Unless your needs specifically require it, self-hosting and optional proxying are not recommended. Self-hosting the SDK bootstrap script means you will not automatically receive new versions of the script (like you get if you don't self-host) and will need to update your copy of the script when changes occur. If you do not update, it may make you unable to receive new Appcues features and functionality.
- This guide does not allow you to fully self-host the Appcues SDK. Self-hosting the SDK bootstrap script only allows you to secure your Appcues installation with Content Integrity Tags. Even when self-hosting, the SDK Bootstrap script includes auto-update functionality that could be blocked by strict security policies in your application.
Self-hosting the SDK Bootstrap Script requires the following steps:
- Swap out <your appcues account id> for your account id (located on the Settings page in Studio).
- Host the script so that your product can load it as needed.
Testing can be done by loading the script on your site and seeing it function.
It also is possible to proxy Appcues' API endpoints so that your end-users directly interact with your proxy instead of directly with fast.appcues.com and api.appcues.net
Important: Proxying Appcues endpoints requires that you host and configure a proxy that is capable of serving your end-user scale. Appcues does not provide a ready-made proxy implementation so you must provide your own. Proxying is purely an option requested by some organizations to meet their specialized security needs.
- If proxying fast.appcues.com, your proxy must support all GET requests from the fast.appcues.com domain.
- If proxying api.appcues.net, your proxy must support GET and POST requests for any path of the api.appcues.net domain in addition to support for proxying WebSocket connections.
- Proxying api.appcues.net requires your proxy to support all your end-user's network traffic. Appcues is unable to provide estimates for this traffic because it is a function of your active users, the number of requests your app makes to the Appcues API via the Appcues SDK, the size of your content, and the amount of content being shown.
- Create a proxy system that meets the requirements outlined above. This can be accomplished with the proxy technology of your choice, for example NGINX. An example architecture for an NGINX proxy to Appcues' endpoints might look like this:
- Once your proxy is set up, update your self-hosted SDK bootstrap script to reference your proxy.
- If proxying fast.appcues.com update the hostname in the value of APPCUES_BUNDLE_DOMAIN to reflect your proxy domain hostname.
- If proxying api.appcues.net update the value of APPCUES_API_HOSTNAME to reflect your proxy domain.
Testing is as simple as loading the script on your site and seeing it function.
Appcues support can answer any questions you have about the content of this article however Appcues can not consult on your proxy implementation.