GET CONSULTING SUPPORT

Sign Up Free
Log In

Block unauthorized requests with Domain Whitelists

Sign Up Free
Plans & Pricing
A flowchart shows a browser sending a request to a whitelist. If the domain is found, access is permitted (green check on monitor); if not found, access is declined (red lock on monitor).
An illustration of a magnifying glass examining a document with data, surrounded by upward-pointing blue arrows, representing data analysis and growth.

Domain Whitelists for Upload

Domain whitelisting is a method that blocks requests which don’t contain an approved domain in their header. It’s one way of securing your application and resources, so others don’t attempt to piggyback on your account.

Domain Whitelists for Delivery

Delivery domain whitelists enable developers to provide a list of domains from which their files can be downloaded. This can avoid domains that either steal API keys or use someone else’s files on their websites.

Illustration of a clipboard holding a checklist with three items: two boxes are checked with green check marks, and the third box has a red X. The clipboard is on a pink abstract background.

How Filestack’s Domain Whitelist Feature Works

1 To start, add any domains that you’re using to the domain whitelist manually. If there are multiple domains that need to be verified, they can be added easily using regular expressions. For example, if you want to allow any subdomains on “domain.com” to be added to the domain whitelist, you simply add “*.domain.com” into the list.

2 The added domains will then be sent through the “Origin” header to the File Picker.

3 Domain whitelisting tells Filestack which domains it should expect to be placing requests for. If a domain sends a request that isn’t one of the approved domains, then the File Picker will not work.

A table with three columns: Pattern, Fixture, and Match. Each row shows a pattern, a test fixture, and whether they match (true or false), with green checkmarks for true and red Xs for false.

Domain Whitelists Examples

How You Can Secure Your API Keys With A Domain Whitelist

If your API key is included in the front end of your application, it can be viewed by users—but if you use domain whitelisting, having your API key exposed becomes a nonissue. Nevertheless, API keys can’t be removed entirely. API keys are necessary in order to identify and authenticate the users of your application. Filestack assists in creating layers of security for your application to make sure that your API keys have the necessary protection and can only be used by your organization. To learn more about how Filestack can help secure you and your users, read further about security policies.

CONNECT YOUR APP TO FILES FROM OVER 20 SOURCES. SEE THEM ALL

Icon of a computer monitor displaying a pencil symbol, with a keyboard underneath, all in a simple dark outline style on a light gray circular background.
A blue circle with a white lowercase f in the center, representing the Facebook logo, on a light gray circular background.
Blue circle with a white, geometric, open box design in the center, resembling the Dropbox logo, on a light gray background.
Blue box logo in lowercase letters centered on a light gray circular background.
A circular icon with a black silhouette of a cat’s head and shoulders, resembling the GitHub logo, set against a light gray background.

WAY MORE THAN A FILE UPLOADER WIDGET: A COMPLETE SECURE UPLOAD SYSTEM.

What Filestack Can Do For You

An icon of a cloud with a padlock inside it, enclosed within a rounded rectangle, representing secure cloud storage or secure cloud access.

SECURE CLOUD STORAGE

Upload files to Amazon S3, Microsoft Azure, Google Dropbox, Rackspace, or Google Cloud Storage. SSL encryption is also implemented to protect data and control access on your cloud storage of choice.

A padlock icon with a gear and code symbol inside the shackle, representing cybersecurity, data protection, or secure software development.

SECURE API

All requests will need to be signed with the secret key and Hash Message Authentication Code.

A black and white padlock icon with a globe and connected nodes inside the lock body, representing internet or network security.

SECURE CDN

Deliver large multimedia files and documents to users with our powerful CDN, equipped with built-in optimization and security features.

Let’s Get Started.

Talk to us about how simple it can be to instantly and automatically transform any file or image.

Let's Do This!

Integrate in Just Seconds!

No matter what language you code in, you can easily implement Filestack onto your application. We are easily implemented in any language.

Libraries & SDKs
Choose from our SDKs to get started: Javascript, Ruby, PHP, Python, Swift, Android

import * as filestack from 'filestack-js';
const client = filestack.init('YOUR API KEY');
client.upload(fileObject).then(data =>console.log(data.url));
gem 'filestack'
client = FilestackClient.new('YOUR_API_KEY', security: security_object)
filelink = client.upload(filepath: '/path/to/file')
$ composer require --prefer-dist filestack/filestack-php

use Filestack\FilestackClient;

$client = new FilestackClient('YOUR_API_KEY');
$filelink = $client-upload('/path/to/file');
$ pip install filestack-python

from filestack import Client client = Client("")

params = {'mimetype': 'image/png'}
new_filelink = client.upload(filepath="path/to/file", params=params)
print(new_filelink.url)