Security

SSL/TLS

For security the widgets must be hosted in a page using SSL/TLS (i.e. https). The Bubi Api settings has CORS policy and will cause the browser (under default settings) to block any API requests from a non-secure site. The SSL certificate for the partner's domain and SSL Settings is the responsibility of the partner.

CORS

The partner site's domain name must be listed in a white list maintained by Bubi. Otherwise the CORS policy will cause the browser to block API requests. If your site is served from multiple domains, please contact Bubi Support to add all host names used by your site. Also make sure that SSL certificates are issued for all host names used by the site