You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Any developer who wishes to implement their own client, needs to host the API themselves.
For enhanced security, and identification, the cookies are set with Same-Site:Strict policy. The frontend must the same domain name of the backend. (deploy on a different sub-domain).
In future if we wish to support other developers (non-official clients), to use the API hosted by us. We will follow a streamlined approach of
issuing API keys and secrets to developers, for specific set of scopes requested by them.
allowing the developer to register their domain
the list of allowed domains will be set in our db, and our CORS policy will be defined on the fly using a callback function
creating our own oauth consent screens, for scopes requested by other developers. So the external developer's code, can access an user's resource only with their authorization.
Any developer who wishes to implement their own client, needs to host the API themselves.
For enhanced security, and identification, the cookies are set with
Same-Site:Strictpolicy. The frontend must the same domain name of the backend. (deploy on a different sub-domain).In future if we wish to support other developers (non-official clients), to use the API hosted by us. We will follow a streamlined approach of
Read more about cors same site options.
The text was updated successfully, but these errors were encountered: