Enable communication with Transmit APIs

For successful integration, make sure your environment doesn't disrupt the communication with Transmit's resources:

Allow URLs and IP addresses
Update the Content Security Policy (if it's already deployed)

Allow URLs and IP addresses

Before deploying the application to production, configure your firewall or other networking devices to allow Transmit's domains and IP addresses.

Allow the following domains:

*.transmitsecurity.io
*.riskid.security
*.identity.security

Also, contact your account manager for a list of production IP addresses and allow them all on your network.

Configure the Content Security Policy

Content Security Policy (CSP) helps prevent and mitigate certain type of attacks (XSS, injections...) through input sanitation and other measures.

If you have a deployed CSP in your application, you'll need to authorize the scripts and apply the policy to connections from AJAX and WebSocket.

To authorize the scripts and the connections, add the following directives to the Content-Security-Policy header:

Copy

Copied

script-src: <existing-content> https://cdn.riskid.security/sdk/web_sdk_latest.js
connect-src: <existing-content> https://api.transmitsecurity.io/risk-collect/ https://api.transmitsecurity.io/ https://api.eu.transmitsecurity.io

Example implementation for Node.js:

Copy

Copied

var http = require('http');
http.createServer(function (req, res) {
  res.setHeader(
    "Content-Security-Policy", 
    "script-src 'self' 'https://cdn.riskid.security/sdk/web_sdk_latest.js'; connect-src 'self' 'https://api.transmitsecurity.io/risk-collect/' 'https://api.transmitsecurity.io' 'https://api.eu.transmitsecurity.io'"
  );
  // Do the rest: serve the content... 
}).listen(1234);

For additional information, see Content Security Policy (MDN) and the documentation for your programming language or framework.