Fortmatic
Fortmatic
Website
Dashboard
Support
🚀 Get Started
📦 Install with NPM
🧩 Examples
💬 FAQ
📈 Migrating from v1.x
✨Whitelabel SDK (To be deprecated)
Web3 Integration
Web3 Provider
Network Configuration
Get User Account
Send Ether Transaction
Smart Contract Functions
User Signing
SDK Error Handling
Batch Request
Smart Contract
ERC20 Transfer
ERC20 Approve
ERC20 TransferFrom
Generic Contract Call
Fortmatic Native
Log In
Log Out
Is User Logged In
Compose Transaction
Deposit Address
Configuration
More
Fiat On-ramp
Domain Verification
Powered by GitBook

Domain Verification

Domain verification proves you actually own your site / domain. Due to the transparency of your API keys, we want to make sure third-parties cannot misuse your domain and brand by limiting access from your keys to your verified domain.

This helps prevent phishing for your users and will help mitigate third-parties from using your domain and brand to send traffic to us with your API keys.

Fortmatic uses the Referer header to determine the caller’s domain details. Your domain could be restricting the referer from being sent with requests due to the Referrer-Policy setting. If this is the case, we recommend setting your Referrer-Policy to no-referrer-when-downgrade.

To verify a domain, go to your Dashboard:

Verification Methods

For all verification methods there will be step-by-step instructions provided on your Dashboard. Below is an overview of the methods offered and a quick primer on which might be a good fit for your setup.

Meta Tag

The fastest option if you have a deployed and publicly accessible landing page. This method will grant access only to the requested domain and its subpaths. Requests from paths not encompassed by the subpath, as well as subdomains will be rejected.

Examples If example.com is verified: ✅example.com/app/login ✅example.com/app2/login ❌ sub.example.com

If example.com/app is verified: ✅ example.com/app/login ❌ sub.example.com ❌ example.com/app2/login

Page Upload

Page upload will enable you to verify your domain if you don’t have access to your DNS settings. This method will grant access only to the requested domain and its subpaths. Requests from paths not encompassed by the subpath, as well as subdomains, will be rejected and will not work with your Production API key.

Examples If example.com is verified: ✅example.com/app/login ✅example.com/app2/login ❌ sub.example.com

If example.com/app is verified: ✅ example.com/app/login ❌ sub.example.com ❌ example.com/app2/login

DNS TXT Record

If you have access to your domain’s DNS settings and are able to update its TXT records, this method will be a valid option to you. Registering a domain through this method will enable the registered domain, along with all subdomains, access to your Production API key.

Example If example.com is verified: ✅ *.example.com/*

More - Previous
Fiat On-ramp
Last updated 11 months ago
Contents
Verification Methods
Meta Tag
Page Upload
DNS TXT Record