Network requests
Shop Minis can only make network requests to approved domains. This page describes how to add trusted domains and how to perform fetch requests inside your Mini.
Anchor to Trusted domainsTrusted domains
To allow your Mini to make network requests to external domains, you need to add them to the trusted_domains array in your manifest.json file. This will be reviewed when your Mini is submitted.
Anchor to Making requestsMaking requests
Once you have added trusted domains to your manifest, you can use standard fetch requests in your Mini to communicate with your backend services. See Custom backend for more information on how to verify requests.
Make sure to handle errors appropriately and provide feedback to users when requests fail.
Do not include secret tokens or API keys in your Mini code. If you need to make authenticated API requests, you should wrap or proxy the request on your own backend using the verification process for rate limiting.
Do not include secret tokens or API keys in your Mini code. If you need to make authenticated API requests, you should wrap or proxy the request on your own backend using the verification process for rate limiting.
Anchor to Handling CORSHandling CORS
Any backend services that your Shop Mini communicates with must be configured to allow CORS requests from localhost:* (all localhost ports).
This applies to both development and production environments, as Shop Minis use this origin to make requests. Ensure your server includes appropriate CORS headers to allow requests from these origins.