> For the complete documentation index, see [llms.txt](/llms.txt).

# Allowlist settings

The allowlist restricts which domains and URLs can use your project's Embedded Wallets SDK. Only explicitly allowlisted origins can authenticate users. This prevents unauthorized sites from using your Client ID.

![Project settings allowlist](/assets/images/project-settings-domain-9f96eed36e5fd3c178f357512e61a955.png) 

warning

For Sapphire Mainnet projects, at least one domain must be allowlisted before the SDK works in production.

## Add a domain[​](#add-a-domain "Direct link to Add a domain")

1. Navigate to **Project Settings** → **Allowlist**.
2. Click **Add Domain**.
3. Enter the complete origin including protocol (for example, `https://myapp.com`).
4. Save the configuration.

## Supported URL formats[​](#supported-url-formats "Direct link to Supported URL formats")

The allowlist accepts the following formats:

| Format             | Example                 |
| ------------------ | ----------------------- |
| Production domain  | https://myapp.com       |
| Subdomain          | https://app.myapp.com   |
| Subdomain wildcard | https://*.myapp.com     |
| localhost          | http://localhost:3000   |
| Port-specific      | https://myapp.com:8443  |
| iOS bundle ID      | com.yourcompany.yourapp |
| Android package    | com.yourcompany.yourapp |
| Deep link scheme   | yourapp://auth          |

Always use HTTPS for production domains. Include all subdomains and ports your dapp uses. Remove development URLs before going to production.

## Next steps[​](#next-steps "Direct link to Next steps")

- [Project settings](/embedded-wallets/dashboard/project-settings/) — configure basic project information
- [Advanced project settings](/embedded-wallets/dashboard/advanced/session-management/) — session management and key export