Authentication
Datasource APIs
Semantic Layer APIs
Embeds
Data App APIs
Metric APIs
curl --request GET \
--url 'https://api.usedatabrain.com/api/v2/data-app/whitelist-domains' \
--header 'Authorization: Bearer dbn_live_abc123...'
{
"data": ["app.example.com", "*.customer.com", "localhost:3000"]
}
curl --request GET \
--url 'https://api.usedatabrain.com/api/v2/data-app/whitelist-domains' \
--header 'Authorization: Bearer dbn_live_abc123...'
{
"data": ["app.example.com", "*.customer.com", "localhost:3000"]
}
Embeds
Whitelist Domains
Retrieve or update the list of domains allowed to embed your data app (GET to list, PUT to update).
curl --request GET \
--url 'https://api.usedatabrain.com/api/v2/data-app/whitelist-domains' \
--header 'Authorization: Bearer dbn_live_abc123...'
{
"data": ["app.example.com", "*.customer.com", "localhost:3000"]
}
GET
/
api
/
v2
/
data-app
/
whitelist-domains
curl --request GET \
--url 'https://api.usedatabrain.com/api/v2/data-app/whitelist-domains' \
--header 'Authorization: Bearer dbn_live_abc123...'
{
"data": ["app.example.com", "*.customer.com", "localhost:3000"]
}
Manage the domains that are allowed to embed your data app. Only requests from whitelisted domains can load embedded dashboards and metrics. Use GET to retrieve the current list and PUT to update it.
Returns the current list of whitelisted domains for your data app.Replaces the whitelist with the given array of domains. Supports domain names, wildcards (e.g.
Domain whitelisting is a security feature. Requests from non-whitelisted origins are rejected even with a valid API key or guest token. See Domain Whitelisting for more context.
Endpoints
- GET – List whitelist domains
- PUT – Update whitelist domains
GET https://api.usedatabrain.com/api/v2/data-app/whitelist-domains
PUT https://api.usedatabrain.com/api/v2/data-app/whitelist-domains
Content-Type: application/json
{ "domains": ["app.example.com", "*.customer.com"] }
*.example.com), IPs with optional port, and localhost with optional port.Authentication
All requests must include your data app API key in theAuthorization header. See the data app creation guide and the API Token guide.
Headers
Bearer token for API authentication. Use your data app API key.
Authorization: Bearer dbn_live_abc123...
Required for PUT only. Must be
application/json.GET – Query parameters
None.PUT – Request Body
Array of domain strings. Each entry must be one of:
- A valid domain with at least two labels (e.g.
app.example.com) - A wildcard subdomain (e.g.
*.example.com) - An IPv4 address with optional port (e.g.
192.168.1.1or192.168.1.1:3000) localhostwith optional port (e.g.localhostorlocalhost:8080)
http:// or https://. Pass an empty array [] to clear all whitelisted domains.Response
GET response
Array of whitelisted domain strings. Empty array if none are set.
PUT response
Examples
Error codes
| Error Code | HTTP Status | Description |
|---|---|---|
INVALID_DATA_APP_API_KEY | 400 | Missing or invalid data app API key |
INVALID_SERVICE_TOKEN | 400 | Invalid or expired token; cannot resolve company context |
INVALID_REQUEST_BODY | 400 | Invalid or malformed domains (e.g. protocol included, invalid format) |
INTERNAL_SERVER_ERROR | 500 | Unexpected server error |
Related
Domain Whitelisting
Security and whitelist behavior
SMTP Settings
Configure email (e.g. scheduled reports)
⌘I