CSP Rules

Configuring Your Content Security Policy for Integration.app's JavaScript SDK

When using Integration.app's JavaScript SDK in your application, you'll need to configure your Content Security Policy (CSP) to allow communication with our services. This article outlines the necessary CSP rules to add for proper functionality.

Required CSP Rules

Add the following domain to your Content Security Policy under these directives:

connect-src
child-src
form-action

The domain to whitelist is:

api.integration.app

Example CSP Configuration

Here's an example of how your CSP rules might look after adding these directives:

Content-Security-Policy:
  connect-src 'self' api.integration.app;
  child-src 'self' api.integration.app;
  form-action 'self' api.integration.app;
  // ... other existing rules ...

Why These Rules Are Needed

connect-src: Allows the SDK to make API calls to Integration.app's servers.
child-src: Permits the loading of necessary resources from Integration.app.
form-action: Required for submitting sensitive data to our API in certain cases.

Additional Considerations

There are no region-specific domains or additional rules required for the JavaScript SDK. However, it's always a good practice to verify these settings with your application security team to ensure they align with your organization's security policies.

Further Resources

For more information about our SDK, you can refer to the following documentation:

If you encounter any issues or have further questions about CSP configuration for Integration.app, please don't hesitate to contact our support team.

Next Steps

Authentication

How to authenticate with Integration.app and generate tokens.

Connection UI

UI components and patterns for building connection experiences.

React UI Components

Use React components to build your integration UI.