- CORS origin urls
- JWT expiration time
Allowed CORS Origin
Adding origins for CORS to your project environment (sandbox and live) protects your environment from unauthorized websites using your public environment key. Any origins added to an environment will allow only those domains to make API requests via our SDK.If you don’t add an origin, all domains will be allowed to make API requests
Adding an Origin
To add an origin, navigate to the Security Settings in the dashboard. Click Create Origin and add your origin. (You can add multiple origins to any environment) Be sure to format your origin according to the RFC 6545 format (exception of the wildcard*). An origin is a URL without the path.
Using wildcards
One or more* wildcard characters in your origin will represent 0 or more
characters (a-z, 0-9, -, .) when matching origins.
Acceptable Example Values
- http://domain.com
- https://domain.com
- https://sub.domain.com
- http://127.0.0.1:4200
- http://localhost:3200
- https://my-app-*.vercel.app
Unacceptable Example Values
- domain.com
- //domain.com
- https://domain.com/home
JWT Expiration Time
In the security settings page, you can update the expiration date of the JWT token. The expiration time is the amount of time before one of your customers will need to sign to log in. To update this expiration time, navigate to Settings > Security in the dashboard. Enter the amount of time in Day, Weeks, Months for the expiration time.
The default value that we have set is 2 hours. We recommend that you verify with
a security expert or your security team before updating this value.