- Sphere Engine overview
- API integration
- API integration
- Programming languages
- Modules comparison
- Infrastructure management
- API changelog
Sphere Engine Containers Workspace provides mechanisms for secure integration.
workspace_token protects the workspace from unauthorized use.
In a production environment, we recommend using the
workspace_token that fully protects the widget from unauthorized use.
It should be enabled in the API call which creates the workspace.
curl -X POST -F "project_id=__PUT_HERE_PROJECT_ID__" -F "workspace_token_required=true" "https://<customer_id>.containers.sphere-engine.com/api/v1/workspaces?access_token=<access_token>"
Attaching a workspace token
Workspace token should be attached to the embedded workspace in the form of the appropriate HTML attributes with the
- data-workspace-token for the
An example of HTML code used to embed a widget prepared to support the signature:
<div data-id="example-workspace" data-workspace="__PUT_HERE_WORKSPACE_ID_FROM_JSON_RESPONSE__" data-workspace-token="__PUT_HERE_WORKSPACE_TOKEN_FROM_JSON_RESPONSE__"> </div>
Checking the source
Using a list of defined web addresses on which a Workspace can be embedded as a security measure minimizes the risk of unauthorized use of the Workspace. It is a method that's the simplest and the fastest to configure. It doesn't require any additional mechanisms.
You can define the list of allowed addresses on the
Cors Settings page in the Sphere Engine client panel. You can specify one or multiple addresses, for example:
The Sphere Engine system verifies HTTP requests from end-users using the client's system (i.e. the page where the workspace is embedded). Only requests directed to addresses in the list of defined addresses are accepted.
Note: If you do not specify the list of addresses (i.e. leave it empty), the workspace can be embedded on any page.**.