Whitelist Domains - Databrain

curl --request GET \
  --url 'https://api.usedatabrain.com/api/v2/data-app/whitelist-domains' \
  --header 'Authorization: Bearer dbn_live_abc123...'

{
  "data": ["app.example.com", "*.customer.com", "localhost:3000"]
}

curl --request GET \
  --url 'https://api.usedatabrain.com/api/v2/data-app/whitelist-domains' \
  --header 'Authorization: Bearer dbn_live_abc123...'

{
  "data": ["app.example.com", "*.customer.com", "localhost:3000"]
}

curl --request GET \
  --url 'https://api.usedatabrain.com/api/v2/data-app/whitelist-domains' \
  --header 'Authorization: Bearer dbn_live_abc123...'

{
  "data": ["app.example.com", "*.customer.com", "localhost:3000"]
}

GET

api

data-app

whitelist-domains

curl --request GET \
  --url 'https://api.usedatabrain.com/api/v2/data-app/whitelist-domains' \
  --header 'Authorization: Bearer dbn_live_abc123...'

{
  "data": ["app.example.com", "*.customer.com", "localhost:3000"]
}

Manage the domains that are allowed to embed your data app. Only requests from whitelisted domains can load embedded dashboards and metrics. Use GET to retrieve the current list and PUT to update it.

Domain whitelisting is a security feature. Requests from non-whitelisted origins are rejected even with a valid API key or guest token. See Domain Whitelisting for more context.

Endpoints

GET – List whitelist domains
PUT – Update whitelist domains

GET https://api.usedatabrain.com/api/v2/data-app/whitelist-domains

Returns the current list of whitelisted domains for your data app.

PUT https://api.usedatabrain.com/api/v2/data-app/whitelist-domains
Content-Type: application/json

{ "domains": ["app.example.com", "*.customer.com"] }

Replaces the whitelist with the given array of domains. Supports domain names, wildcards (e.g. *.example.com), IPs with optional port, and localhost with optional port.

Authentication

All requests must include your data app API key in the Authorization header. See the data app creation guide and the API Token guide.

Headers

Authorization

string

required

Bearer token for API authentication. Use your data app API key.

Authorization: Bearer dbn_live_abc123...

Content-Type

string

Required for PUT only. Must be application/json.

GET – Query parameters

None.

PUT – Request Body

domains

array

required

Array of domain strings. Each entry must be one of:

A valid domain with at least two labels (e.g. app.example.com)
A wildcard subdomain (e.g. *.example.com)
An IPv4 address with optional port (e.g. 192.168.1.1 or 192.168.1.1:3000)
localhost with optional port (e.g. localhost or localhost:8080)

Do not include http:// or https://. Pass an empty array [] to clear all whitelisted domains.

Response

GET response

data

string[]

Array of whitelisted domain strings. Empty array if none are set.

PUT response

data

object

data.domains

string[]

The saved list of whitelisted domains.

Examples

Error codes

Error Code	HTTP Status	Description
`INVALID_DATA_APP_API_KEY`	400	Missing or invalid data app API key
`INVALID_SERVICE_TOKEN`	400	Invalid or expired token; cannot resolve company context
`INVALID_REQUEST_BODY`	400	Invalid or malformed `domains` (e.g. protocol included, invalid format)
`INTERNAL_SERVER_ERROR`	500	Unexpected server error

Domain Whitelisting

Security and whitelist behavior

SMTP Settings

Configure email (e.g. scheduled reports)

Export Embedded Dashboard

SMTP Settings

Documentation Index

​Endpoints

​Authentication

​Headers

​GET – Query parameters

​PUT – Request Body

​Response

​GET response

​PUT response

​Examples

​Error codes

​Related

Domain Whitelisting

SMTP Settings

Endpoints

Authentication

Headers

GET – Query parameters

PUT – Request Body

Response

GET response

PUT response

Examples

Error codes

Related