ngvhoang96Q: Domain whitelisting/blacklisting
Is it possible to restrict the usage from a certain sources only? I understand the new granular secret keys can somewhat help with security. But technically someone can still find the secret keys in the console dev tools and abuse it. I’d like to know if it is possible to ensure only requests from a list of known hosts get response.
Riya_NoCodeBackend
Oct 31, 2025A: Hi,
Though you should never expose or put the secret keys in client files, like front end code, but rather store as variables in some env files. Else they WILL be visible in console logs.
But what you proposed is an excellent additional layer of security 👌🏼. I will definitely propose this to our dev team- Restricting API usage for whitelisted domains only.
Verified purchaser
Thank you for considering that idea Riya!
I feel like for other vibe coding platforms like Greta to integrate which ncb, it’ll need to make client api calls to ncb, which will expose the secret key. Having whitelisted domains is a great additional security layer.
Verified purchaser
Btw I just bought the tier3 which probably is more than what I need - your responses like this make us the buyers feel supported and we’d love to support you back!
thank you 😊
Hi,
Domain whitelisting is LIVE now.
Verified purchaser
@Riya Wow, that was fast! Next feature: Specific DB table exports (not only whole DBs), please.
We will have a discussion on this. Domain whitelisting was a critical security feature which had to be prioritized above all
Thanks