API whitelist questions

JvP · November 3, 2023, 11:51am

When I enter API domains including /.* as your placeholder suggests, the APIs stop working and return “Endpoint not in allowlist”. If I leave /.* out it works. I guess that entering the domain as https://example-api.com is all that’s ever needed?

If you don’t enter any domains in the whitelist any API will just work. Wouldn’t it be better/safer if you had to explicitly whitelist a domain first every time?

If you’re using multiple different APIs and you enter only one or several (but not all) of the domains of the APIs to the whitelist, any API that doesn’t have its domain in the whitelist stops working and returns “Endpoint not in allowlist”. Is that supposed to work like that?

charlie · November 3, 2023, 2:59pm

For the first part, yeah it looks like the Regular expressions portion broke at some point. We’ll get that updated. Thanks!

It would be safer on your end to explicitly add domains. It’s on you how you want to handle the allow list.

Yes it’s supposed to work that way. Where only valid domains actually run the looper process.

JvP · November 6, 2023, 8:21pm

Thanks, all clear

charlie · November 6, 2023, 10:37pm

As an update I actually took out Regular Expressions for now. Or the notes about it, since it was already not working. It was also a little too use-casey for me and I have yet to feel like I need it, but we can revisit later if we need too.