Documentation
Auth & Security
How to think about authentication, environment boundaries, and operational security when integrating with DoesItClick.
Documentation
Core expectations
Keep browser traffic same-origin whenever possible and avoid hard-coding cross-origin API domains into public bundles.
Keep browser traffic same-origin whenever possible and avoid hard-coding cross-origin API domains into public bundles.
Separate local, staging, and production environments so credentials and cookies do not bleed across contexts.
Review session and API access requirements before wiring external automations.
01
Core expectations
- Keep browser traffic same-origin whenever possible and avoid hard-coding cross-origin API domains into public bundles.
- Separate local, staging, and production environments so credentials and cookies do not bleed across contexts.
- Review session and API access requirements before wiring external automations.
02
Operational checklist
- Verify allowed origins for each deployed domain.
- Confirm auth flows on the exact hostnames users will use, including www aliases when relevant.
- Document how your team rotates credentials and who owns that workflow.