Update settings

There are two main settings for your API: CORS (Cross-Origin Resource Sharing) and IP whitelist. They are useful depending on your use case.

• CORS makes sense for blogs. forms, CMS use cases.
• IP whitelist makes sense for backend prototyping and data storage use cases.

IP whitelist

IP whitelist allows specifying network range of IP addresses to perform API calls. By default there is no whitelist. It means that the API is open on the internet to anyone. When IPs are specified, then APIsheet will block calls originating from IPs outside the whitelist.

The IP whitelist feature makes sense when your clients are servers or VPNs with an assigned static IP.

CORS origins

CORS is a web browser mechanism that prevents your web data/resources from being fetched by a third-party origin (or domain). By default, there is no CORS policy on your API. When enabled, web client requests from a third-party domain are blocked.

CORS origins feature makes sense when you want your spreadsheet resources to be only available from your domain name.