The domain allowlist controls which websites are authorized to load your chat widget. The widget will only appear on pages served from domains in your allowlist.Documentation Index
Fetch the complete documentation index at: https://docs.bkstr.io/llms.txt
Use this file to discover all available pages before exploring further.
Configure allowed domains
- Go to Settings → Widget in your admin dashboard
- Under Allowed domains, add each domain where you want the widget to appear
- Click Save
Domain formats
| Format | Matches | Example |
|---|---|---|
example.com | Exact domain only | example.com |
*.example.com | All subdomains | app.example.com, staging.example.com |
Common setups
- Single domain
- Domain + subdomains
- With staging
- Local development
What happens when a domain isn’t allowed
If someone tries to embed the widget on a domain not in your allowlist, the widget will not load and an error will be logged. Your visitors will not see any error — the chat button simply won’t appear.Security
- Tokens generated for the widget are bound to the requesting domain
- Tokens expire after 24 hours and are automatically refreshed
- The allowlist is checked on every widget load, so changes take effect immediately