Searchβ¦
π
Getting Started
π
Guides
π§βπ» Passage for Web
π
Frontend Frameworks
β
API Docs
π€
Integrations
β‘οΈ Advanced
π
Helpful Links
Deploying Your App
A few things to keep in mind when transitioning from local testing to a deployed application.
When preparing to deploy your application that uses Passage, there a few things to keep in mind to ensure that your application works as intended and is properly secured with Passage.
1. HTTPS
Passage requires TLS and will not work properly over insecure HTTP connection. At a protocol level, the biometric login with Passage requires HTTPS. Additionally, the cookies used for the authentication checks are set to be
secure cookies, which will not get set on insecure domains to prevent session-related security vulnerabilities.Browsers all allow an exception for localhost (for both the
secure cookies and the biometrics login) to enable easy local testing. Passage recommends adding TLS to your website and updating your application's authentication origin to match in the Console. 2. Securing API Keys
API Keys are critical for the security of using Passage, as they grant full access to the management functionality of your users. When deploying your application to a new environment, we recommend generating a new API Key and storing it in your system's secrets storage.
Last modified 3mo ago
Copy link
Contents