Authentication
VisitorAPI does not require an API key because it’s designed to be used on the front-end, where API key can be exposed to the public and it is not a secure solution.
Instead, VisitorAPI authenticate the API calls based on calls’ referral domains. That means, before you use the API on a domain, you must put the domain in the VisitorAPI settings to open the API to accept requests from the domain.
There are two ways to add a domain to the authentication domain list.
Add a domain when creating the project
When you create a project, you can add a domain in the setup interface as the screenshot shows below:
![](https://cdn.prod.website-files.com/62273bcafcbe4a232c71c822/62635ebf5db7f5656f860a01_create-project-screenshot.png)
Add a domain in project settings
After a project is created, you can add a domain in the project’s setting page as the screenshot below shows:
![](https://cdn.prod.website-files.com/62273bcafcbe4a232c71c822/62635ef18b572f1eb3638a5c_update-project-screenshot.png)
Still have a question? Contact us
24×7 help from our support staff