Domain Whitelisting
Fest Connect uses domain whitelisting as an extra layer of security for self-hosted API clients. Only approved domains are allowed to make authenticated API calls using your x-client-id and x-client-secret.
This ensures that even if your keys are compromised, they cannot be used from unauthorized or unknown websites or servers.
Tip: Each self-hosted payment service can have multiple whitelisted domains for different environments (e.g. test, production).
Adding Your Domain
You can register your custom domain for API access from the Fest Connect Domain Whitelist Portal.
To add a domain:
- Login to your Fest Connect Admin Dashboard.
- Navigate to Self-Hosted Services → Domain Whitelist.
- Click + Add Domain and enter your domain name (e.g.
payments.mycollegefest.in). - Make sure you have already created a Self-Hosted Payment Service, as domains must be linked to a specific service.
- Don't include
http://orhttps://—just the domain name. - Submit the request for approval.
Approval Process
Once submitted, your domain request enters a pending state. The Fest Connect review team will verify the domain and approve it for API access.
During this period, API calls from that domain will be denied with a403 Forbidden error until approval is granted.
403 Forbidden:
{
"success": false,
"message": "Access denied from this domain"
}API Response Behavior
Once your domain is approved by Fest Connect, all requests made from that domain using valid API credentials will receive normal API responses.
200 OK:
{
"success": true,
"message": "Domain verified and authorized",
"data": {
"domain": "payments.mycollegefest.in",
"status": "approved"
}
}Note: Domains like localhost and 127.0.0.1 are automatically allowed for local development and do not require whitelisting.