We strongly recommend that you secure your integration to prevent malicious use.
If you don't specify CORS origin domains, URLs or IPs that will be allowed to use your token, there's a risk of other websites accessing and using your integration which you may be charged for.
Depending on your setup, you can specify:
- CORS origin domains
Cross Origin Resource Sharing (CORS) is a specification developed by W3C that allows browsers to make cross-domain requests. When making a request to our service, the browser will add an origin request header. Our service will then respond with a CORS specific response header denoting the origin domains allowed to make requests.
To secure your integration, specify the origin domains that will have access to your integration. Go to Self Service Portal > Licenses. Click Edit for the required token and enter up to five origin domains.
- Permitted URLs
If you're integrating your token into a web form, you can also specify the permitted URLs to ensure that only requests from your domains are authenticated. Go to Self Service Portal > Licenses. Click Edit for the required token and enter up to five URLs.
- Whitelisted IPs/IP ranges
If you're integrating your token to an API service on your server, specify the IP addresses or IP address ranges to ensure that only requests from your servers are authenticated. Go to Self Service Portal > Licenses. Click Edit for the required token and enter up to five IPs/IP ranges.
