Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

We have implemented URL protection on several critical API endpoints. This update introduces a whitelisting requirement for URLs, enhancing the security and integrity of our API interactions. Operators must now explicitly whitelist the URLs to which these endpoints can respond.

Affected Endpoints:

  • /account/logout?redirectUrl=
  • /api/1/sso/saml/logout?redirectUrl=
  • /api/1/samp/generateEmail?shipmentId=0&tracker=0&hashIdentifier=0&staticEmail=
  • /account/social-login/link?returnPath=
  • /api/1/redirect/account/social-login/link?returnPath=
  • /redirect/login?returnPath=
  • /api/1/redirect/login?returnPath=
  • /api/1/redirect/account/register?returnPath=


Purpose of the Update:
This update is part of our ongoing commitment to security and data protection. By requiring the whitelisting of URLs, we prevent unauthorized redirection and potential phishing attacks. This ensures that only trusted and verified URLs are used in conjunction with our API endpoints.

Actions required:

  • For existing ticket shops on point of sales:

No actions required. Our service team will whitelist the current URLs that are in use for you. You can find them in the Gravity tab for you POS.
Path; Organizations context > Sales channel > Point of sales > Characteristics > Gravity tab (see image below)


  • For all clients setting up a new ticket shop on the POS:
    • Please whitelist the domains/URL you are pointing to when defining the path for the endpoints listed above


The whitelisted domains / URLs need to be defined in the section highlighted below under "Domain restrictions"


Impact on Users:

  • API consumers will need to review and adjust their integrations to accommodate this change.
  • Operators are required to configure and maintain a whitelist of allowed URLs for each of the specified endpoints.
  • Enhanced security measures will provide an added layer of protection against malicious redirection and data breaches.

Next Steps for API Users:

  • We urge all API users to review their current configurations and ensure compliance with the new whitelisting requirements. 
  • No labels