Backend configuration guide

A self hosted backend provides dynamic data which can be shown on an add-on. A backend requires below configuration to integrate with an add-on.

• A content security policy in the manifest to allowlist the backend domain.
• JWT validation to authenticate the request originating from an add-on.
• CORS configuration to allow the cross origin requests originating from the add-on hosted within Square Dashboard.

A sample backend is bundled with the add which gets initialized automatically along with an add-on.

Initializing sample backend

If you followed the Get Started guide, you will already have an example backend.

square-cli add-ons init

The square cli command initializes an add-on along with the sample backend in the input directory provided on the command prompt.

Running the backend

cd <addon_dir>
cd example-backend
npm run build && npm run start

Backend configuration

Content security policy

Add the domain for the backend to the add-on manifest.

// manifest.json
{
    "content_security_policy": {
        "connect-src": [
            "http://localhost:9000",
        ]
    }
}

JWT validation

Backend should implement JWT validation to authenticate the request originating from an add-on. A sample implementation is provided in the example backend. For more details, refer authentication guide.

CORS header

These are needed to allow cross origin requests originating from an add-on hosted within Square Dashboard. Refer Access-Control-Allow-Origin for enabling CORS in the backend.

CORS is enabled in the example backend.

app.use('*', cors());