Domain Whitelist
Register your production domains and app identifiers before going live.
Why Domain Whitelist
SecureSign validates every deep-link callback, REST API origin, and product integration against your registered domains and bundle IDs. Unsigned or unregistered origins receive SS_DOMAIN_NOT_ALLOWED.
Register Domains
- Admin Console → Developers → Domains
- Add each production origin (scheme + host, no path):
https://portal.example.gov.in - For localhost development, add
http://localhost:3000under test mode
| Field | Example | Notes |
|---|---|---|
| Origin | https://gst.gov.in | Must match browser Origin header exactly |
| Environment | Live / Test | Test domains work only with ss_test_ keys |
Callback URLs
Deep link callbackUrl must belong to a whitelisted domain or registered custom URL scheme:
securesign://sign?callbackUrl=https%3A%2F%2Fportal.example.gov.in%2Fsign%2Fcallback&...Bundle IDs & Package Names
Register native app identifiers for deep-link callback validation and Mobile App handoff:
- Android:
com.yourcompany.portal(applicationId) - iOS:
com.yourcompany.portal(Bundle Identifier) - Windows:
YourCompany.Portal(Package Family Name)