Skip to main content

HTTP referrers for the embedded UI

You can restrict access to the Delivery Gateway embedded UI: define allowed HTTP referrers to make sure only authorized platforms and services can integrate the UI with your merchant ID.

warning

We strongly recommend setting allowed HTTP referrers. Without it, anyone with access to your merchant ID can set up the Delivery Gateway frontend integration using your account.

To set up allowed HTTP referrers, use the updateMerchantConfiguration mutation with the UI_ALLOWED_REFERRERS key.

note

You can use a wildcard character for subdomain and path: for example, https://*.beta.deliverygateway.io/*

mutation {
    updateMerchantConfiguration(
        input: {
          key: UI_ALLOWED_REFERRERS,
          value: "https://*.beta.deliverygateway.io/*"
        },
    ) {
        key
        value
    }
}