Today, we have 2 features that you can configure

  1. CORS origin urls
  2. JWT expiration time

Allowed CORS Origin

Adding origins for CORS to your project environment (sandbox and live) protects your environment from unauthorized websites using your public environment key.

Any origins added to an environment will allow only those domains to make API requests via our SDK.

If you don’t add an origin, all domains will be allowed to make API requests

Adding an Origin

To add an origin, navigate to Settings > Security in the dashboard.

Click Create Origin and add your origin. (You can add multiple origins to any environment)

Be sure to format your origin according to the RFC 6545 format (exception of the wildcard *). An origin is a URL without the path.

Using wildcards

One or more * wildcard characters in your origin will represent 0 or more characters (a-z, 0-9, -, .) when matching origins.

Acceptable Example Values

Unacceptable Example Values

JWT Expiration Time

In the security settings page, you can update the expiration date of the JWT token. The expiration time is the amount of time before one of your customers will need to sign to log in.

To update this expiration time, navigate to Settings > Security in the dashboard. Enter the amount of time in Day, Weeks, Months for the expiration time.

The default value that we have set is 2 hours. We recommend that you verify with a security expert or your security team before updating this value.