Domain Binding
Overview
Domain binding allows you to restrict your API key usage to specific domains. This security feature prevents unauthorized websites from using your API key, protecting your quota and ensuring only your approved domains can make API requests.
How Domain Binding Works
When domain binding is enabled:
- Only requests from your approved domains will be accepted
- Requests from unauthorized domains will be blocked
- This applies to browser-based requests (CORS protection)
Adding Domains
Step 1: Access API Management
- Log in to the Barikoi Developer Portal
- Navigate to API Management from the dashboard
Step 2: Open Domain Settings
- Locate your API key in the list
- Click the Manage domains icon (link icon) in the Operations column
- A modal will appear for managing domains
Step 3: Add Your Domain(s)
- In the Add Domain(s) field, enter your domain name
- Click Add to confirm
- Repeat for additional domains if needed
Domain Format Guidelines
| Format | Example | Notes |
|---|---|---|
| Full domain | example.com | Matches exact domain |
| With subdomain | www.example.com | Matches specific subdomain |
| Wildcard | *.example.com | Matches all subdomains |
Best Practices
- Only add domains you control - Do not share your API key with untrusted parties
- Use wildcards carefully -
*.example.comallows any subdomain to use your key - Include both www and non-www - Add both
example.comandwww.example.comif needed - Test after adding - Verify that your application still works after enabling domain binding
Troubleshooting
API Requests Blocked
If your requests are being blocked after enabling domain binding:
- Check the domain format - Ensure the domain matches exactly (including protocol)
- Verify subdomain - If using a subdomain, ensure it's included in the allowed list
- Clear browser cache - Cached responses may cause issues
Local Development
For local development, you may need to add:
localhost127.0.0.1- Your local development domain (e.g.,
dev.example.com)