Skip to main content

Domain whitelisting for Chat widget

Domain whitelisting allows you to secure your chatbot and ensures chatbot acces only in authorized domains. It prevents unauthorized users from copying the script and embedding the bot on their websites and Mobile SDK apps (Android and iOS apps).

Yellow.ai allows businesses to whitelist domain(s) where you want to deploy the chatbot.

note
  • When a domain (example: yellow.ai) is whitelisted, all its subdomains (example: cloud.yellow.ai, live.yellow.ai) will also be whitelisted by default.
  • Yellow.ai and yellowmessenger.com are whitelisted by default to allow you to preview your chatbot seamlessly.

Whitelist domain(s) to deploy chat widget

To whitelist a domain to deploy chat widget, follow these steps:

  1. On the module switcher, click Channels.

  2. Click on Chat widget.

  3. Navigate to the Secure bot tab and expand the drop-down corresponding to Web.

    drawing
  4. Enter the domain that you want to whitelist, then click + Add. You can also add multiple domains based on your requirements.

    drawing
note
  • Whenever the chatbot script is deployed on any website, it will fetch and display the domains so that you can whitelist them if needed.
  • If none of the domains are whitelisted, the chatbot will load on all domains where the script is deployed
  • If one or more domains are whitelisted, the chatbot will load only on whitelisted domains.
  • The domain will be successfully whitelisted.

    drawing
  1. If your domain is not whitelisted, a red tick mark next to your domain will be displayed. Click Whitelist Domain to load your bot.

    drawing
  2. A pop-up is displayed with a confirmation message, click + Whitelist domain to whitelist your domain.

    drawing
  • This will whitelist your domain.

    drawing
  1. To test your chatbot locally, you need to enable Allow localhost. Note that, you need to disable it after deployment.

    drawing

Remove whitelisted domains

To remove whitelisted domains, follow these steps:

  1. To remove the added domain, click Remove domain icon.

    drawing
  2. A pop-up is displayed with a confirmation message, click Remove.

    drawing

Whitelist Mobile apps

The platform supports whitelisting for bots deployed using all SDK frameworks, including Android, iOS, React Native, Cordova, Flutter, and Xamarin. By default, the bot will load on any app where the SDK is integrated. If you choose to whitelist one or more apps, the bot will exclusively load in the whitelisted app.

To whitelist specific apps, follow these steps:

  1. Navigate to the Secure bot tab and expand the drop-down corresponding to App.

    drawing
  2. Enter the App ID of your app and click + Add. You can also add multiple app IDs based on your requirements.

    drawing
  • This will whitelist your app.

Remove whitelisted Mobile apps

To remove whitelisted apps, follow these steps:

  1. To remove the added app, click Remove domain icon.

    drawing
  2. A pop-up is displayed with a confirmation message, click Confirm.

    drawing
  • This will remove the whitelisted app.