Projects

Head to https://app.yawe.dev/manage to manage your projects.

A Project is a group of endpoints. You can use a project to group endpoints, this is especially useful if you have endpoints for more than one application.

When you create a project, an API Key is assigned to it. This key is later used in the endpoints.

Below are the other options available for projects. These options are applied to all endpoints configured under a project.

Property nameDefinition
Project name

This is used to identify the project.

Validation rule: Must not contain special characters and the length should be between 5 and 254.

Allowed origins

Origins that are allowed access to the endpoints from the project. If you use this option, the request must be made from the specified origin, otherwise it will fail.

Important:

  • To enter more than one, use a comma to separate them.
  • Include "http://" or "https://".
  • Also note that if empty, all origins are allowed.

Validation rule: Valid domains prefixed with http://" or "https://", commas are allowed when entering more than one domain.

Example:

http://google.com,https://yawe.dev
Disallow no originBy default, requests with no origin are allowed. If you want to disallow such requests use this option.

Master key#

Create a master key to access Authentication or secure endpoints data. The master key overrides the need for Access tokens or restrictions applied to Authentication endpoints.

This means that you can, for example:

  • access all the data stored in a Authentication endpoint, which by default requires your user to be authenticated.
  • manage stored data in a secure endpoint, which also requires authentication.
  • manage stored data in endpoints that are locked to a origin, or disallow no origin.

The main purpose of this key is to allow you to manage the data stored in your endpoints. Without this key you wouldn't be able to access data stored in Authentication or secure endpoints.

danger

The master key should ONLY be used for admin purposes, it should not be used in your client application as it leaves the endpoint unprotected.