Skip to content

Network & CSP Whitelisting

The Averer WebSDK makes network requests to the domains listed below. If your application enforces a Content Security Policy, firewall rules, or proxy allow-lists, add these domains to ensure the SDK works correctly.

If you do not enforce a CSP or restrict outbound traffic, you can skip this page.

Required domains

The following domains are required regardless of environment:

  • api.internal.averer.co
  • identity.averer.co
  • app.dynamic.xyz
  • app.dynamicauth.com
  • raw.githubusercontent.com
  • fonts.googleapis.com
  • fonts.gstatic.com
  • *.ingest.de.sentry.io
  • api-js.mixpanel.com

Additionally, add the domains for your target environment:

Environment Additional Domain RPC Domain
Testnet api.uat.averer.co governors.testnet.redbelly.network
Mainnet governors.mainnet.redbelly.network

CSP header

Add the following to your server's HTTP response headers. Use the section that matches your environment.

Testnet

Content-Security-Policy:
  default-src 'self';
  script-src 'self' 'unsafe-inline';
  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
  font-src 'self' https://fonts.gstatic.com data:;
  img-src 'self' data: blob:;
  connect-src 'self'
    https://api.internal.averer.co
    https://api.uat.averer.co
    https://governors.testnet.redbelly.network
    https://app.dynamic.xyz
    https://identity.averer.co
    https://raw.githubusercontent.com
    https://*.ingest.de.sentry.io
    https://api-js.mixpanel.com;
  frame-src 'self'
    https://app.dynamicauth.com
    https://identity.averer.co;

Mainnet

Content-Security-Policy:
  default-src 'self';
  script-src 'self' 'unsafe-inline';
  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
  font-src 'self' https://fonts.gstatic.com data:;
  img-src 'self' data: blob:;
  connect-src 'self'
    https://api.internal.averer.co
    https://governors.mainnet.redbelly.network
    https://app.dynamic.xyz
    https://identity.averer.co
    https://raw.githubusercontent.com
    https://*.ingest.de.sentry.io
    https://api-js.mixpanel.com;
  frame-src 'self'
    https://app.dynamicauth.com
    https://identity.averer.co;

Permissions-Policy header

Required for camera and microphone access during identity verification:

Permissions-Policy: camera=(self "https://identity.averer.co"), microphone=(self "https://identity.averer.co")

Environments

Your environment is determined by the configId provided to AvererSdkProvider.

Environment Chain ID API Domains RPC Endpoint
Testnet 153 api.internal.averer.co, api.uat.averer.co https://governors.testnet.redbelly.network
Mainnet 151 api.internal.averer.co https://governors.mainnet.redbelly.network

Troubleshooting

If the SDK is not working as expected, open your browser's developer console and check for errors like:

  • Refused to connect to ... — the domain is missing from connect-src.
  • Refused to frame ... — the domain is missing from frame-src.
  • Refused to load the stylesheet ... — the domain is missing from style-src.
  • Camera/microphone not working during verification — the Permissions-Policy header is missing or incorrect.

For further assistance, contact Averer support.