Architecture

Getting Started
Introduction
Quick Start Guides — Create First Rule
Quick Start Guides — Create New Mock API
Quick Start Guides — Record new Session
Quick Start Guides — Make API Call
Downloads
Change Logs
Security & Privacy
Installation
Browser Extension
Desktop App
Setup
Desktop Browsers
Safari Browser
Android Apps
IOS Apps
NodeJs
Terminal
Inspect Traffic
Overview
Filtering Traffic
Save Session
Create Rule while inspecting Traffic
Import/ Export Network Sessions
HTTP Rules (Modify Traffic)
Overview
Request Modification — Redirect URL (Map Local, Map Remote)
Request Modification — Replace Strings (Switch Hosts, API Endpoints)
Request Modification — Modify Headers
Request Modification — Modify Request Body
Response Modification — Modify Response Body
Request Modification — Modify Query Params
Request Modification — Modify User Agents
Request Modification — Delay Request
Request Modification — Map Local
Request Modification — Map Remote
Response Modification — Modify DOM/Inject scripts
Response Modification — Cancel Rule
Predefined Functions
Organizing Rule — Grouping
Organizing Rule — Import/Export Rules from File
Organizing Rule — Pause/Resume Requestly
Organizing Rule — Rule Operators
Organizing Rule — Advance Targeting
Organizing Rule — Sharing Rules
Organizing Rule — Pinning Rules
GraphQL - Modify Request & Response
Import / Export — Charles Proxy Rules
Test Rules — Test URL Condition
Test Rules — Test this Rule
Session Book
📓
Overview
📓
Configure Pages
📓
Record Session
📓
Save Session
📓
Share Session
📓
Replay Recording
Architecture
Mock Server
Overview
Create New Mock API
Test Mock API
Pre-Configured Mocks
API Client
Overview
Make an API Request
Replay request from History
Import from cURL
File Server
Overview
Create New Mock File
Workspace
Overview
How to get started with Shared Workspace
User Roles
Managing Workspace
Public API
📓
Introduction to Requestly API
📓
Endpoints — Rules API
📓
Schema — Rules
📓
Schema — Groups
📓
Endpoints — Groups API
Guides
Inspect traffic and apply modifications from Chrome DevTools using Requestly
Know if a rule executed on the page
Debug HTTPs requests in iOS Simulator
Modifying response asynchronously
TroubleShooting
System Wide Proxy Not Working (macOS)
Troubleshooting Safari
Disable System Wide Proxy (MacOS)
Rules Not Working
Troubleshooting: Untrusted SSL certificate
Subscription & Billing
Billing Team
Getting Started
Introduction
Quick Start Guides — Make API Call
Quick Start Guides — Record new Session
Quick Start Guides — Create New Mock API
Downloads
Change Logs
Quick Start Guides — Create First Rule
Security & Privacy
Installation
Browser Extension
Desktop App
Setup
Safari Browser
Android Apps
IOS Apps
NodeJs
Terminal
Desktop Browsers
Inspect Traffic
Overview
Filtering Traffic
Save Session
Create Rule while inspecting Traffic
Import/ Export Network Sessions
API Client
Overview
Make an API Request
Replay request from History
Import from cURL
HTTP Rules (Modify Traffic)
Overview
Request Modification — Redirect URL (Map Local, Map Remote)
Request Modification — Replace Strings (Switch Hosts, API Endpoints)
Request Modification — Modify Headers
Request Modification — Modify Request Body
Response Modification — Modify Response Body
Request Modification — Modify Query Params
Response Modification — Modify DOM/Inject scripts
Request Modification — Modify User Agents
Request Modification — Delay Request
Response Modification — Cancel Rule
Organizing Rule — Grouping
Organizing Rule — Import/Export Rules from File
Organizing Rule — Pause/Resume Requestly
Organizing Rule — Rule Operators
Organizing Rule — Advance Targeting
Organizing Rule — Sharing Rules
Request Modification — Map Local
Request Modification — Map Remote
Organizing Rule — Pinning Rules
GraphQL - Modify Request & Response
Import / Export — Charles Proxy Rules
Test Rules — Test URL Condition
Predefined Functions
Test Rules — Test this Rule
Mock Server
Overview
Create New Mock API
Test Mock API
Pre-Configured Mocks
File Server
Overview
Create New Mock File
Workspace
Overview
How to get started with Shared Workspace
User Roles
Managing Workspace
Public API
📓
Schema — Groups
📓
Endpoints — Groups API
📓
Endpoints — Rules API
📓
Schema — Rules
📓
Introduction to Requestly API
Guides
Inspect traffic and apply modifications from Chrome DevTools using Requestly
Know if a rule executed on the page
Debug HTTPs requests in iOS Simulator
Modifying response asynchronously
Session Book
📓
Overview
📓
Configure Pages
📓
Record Session
📓
Save Session
📓
Share Session
📓
Replay Recording
Architecture
Subscription & Billing
Billing Team
TroubleShooting
System Wide Proxy Not Working (macOS)
Troubleshooting Safari
Disable System Wide Proxy (MacOS)
Rules Not Working
Troubleshooting: Untrusted SSL certificate
 

Session Replay Architecture

This document aims to provide an understanding of the architecture of session replay and its security aspects in the Requestly app.

Session replay on a Website

When auto-recording a particular website, the extension adds a JavaScript library in the website - request-web-sdk.js - which observes the mouse movement, console logs, and network logs. The recorded data is locally stored in the page’s context (an in-memory JS variable).
Please note, as soon as the page navigates or refreshes, the local context is cleared by the browser, and data recorded so far is lost. In Network logs, request headers are NOT captured as they are more likely to hold sensitive information like authorization tokens, auth id, session id, resource id, cookies, etc.

Reviewing a Session

Once the session is recorded on the website, you can review it, add details, save online or download the session file locally by clicking on Save . The Requestly UI retrieves the session data and renders the session player and other details.
notion image
While saving the session, you can choose if Console logs and Network logs are to be included in the replay. If not included, they will not be saved on the Requestly server.

Security Aspects

The security of session replay in Requestly is ensured by the following measures:
  1. Local Storage of Data: All session data is stored locally in the page's context. No details of the session are stored on the Requestly server unless explicitly saved online. This data is lost if you click the "Discard" button or close the Requestly UI and website, ensuring that no residual data is left on the server. You can also choose to save session locally using by clicking on Save > Download File.
  1. No Capture of Sensitive Information: The Requestly extension does not capture request headers in network logs, which are more likely to hold sensitive information like authorization tokens, auth id, session id, resource id, cookies, etc. This measure further enhances the security of session replay.
  1. Sync Storage and Firebase: The extension stores the configuration in the browser’s local storage and also on the Requestly server (Firebase), ensuring it is available across all devices or browser instances logged in using the same account. This ensures that the data is securely stored and accessible only to the authorized user.
  1. Requestly is OpenSource tool: Source code is freely available for inspection on GitHub. This transparency allows developers to verify the security measures implemented in the tool, providing an additional layer of trust and security. Please checkout Github for UI code and requestly-web-sdk
Requestly takes several measures to ensure the security of session replay, including local storage of data, not capturing sensitive information, and secure storage of configuration.