Today, we have 2 features that you can configure
- CORS origin urls
- JWT expiration time
Allowed CORS Origin
Adding origins for CORS to your project environment (sandbox and live) protects your environment from unauthorized websites using your public environment key.
Any origins added to an environment will allow only those domains to make API requests via our SDK.
If you don’t add an origin, all domains will be allowed to make API requests
Adding an Origin
To add an origin, navigate to Settings > Security in the dashboard.
Click Create Origin and add your origin. (You can add multiple origins to any environment)
Be sure to format your origin according to the RFC 6545 format (exception of the
*). An origin is a URL without the path.
One or more
* wildcard characters in your origin will represent 0 or more
characters (a-z, 0-9, -, .) when matching origins.
Acceptable Example Values
Unacceptable Example Values
JWT Expiration Time
In the security settings page, you can update the expiration date of the JWT token. The expiration time is the amount of time before one of your customers will need to sign to log in.
To update this expiration time, navigate to Settings > Security in the dashboard. Enter the amount of time in Day, Weeks, Months for the expiration time.
The default value that we have set is 2 hours. We recommend that you verify with a security expert or your security team before updating this value.