FireAPI Tool Setup Guide

This step is critical for developers building apps/tools that must run inside the FireAPI dashboard marketplace.

1. Iframe Compatibility (Required)

All FireAPI marketplace tools are opened inside an iframe.
Your app MUST allow iframing.

Next.js Fix (Recommended)

Add this in next.config.ts:

import type { NextConfig } from "next";

const nextConfig: NextConfig = {
  async headers() {
    return [
      {
        source: '/:path*',
        headers: [
          {
            key: 'Content-Security-Policy',
            value: "frame-ancestors *",
          },
        ],
      },
    ];
  },
};

export default nextConfig;

You may also restrict framing to FireAPI domains:

value: "frame-ancestors 'self' https://fireapi.io http://localhost:5173",

Express / Node.js Fix

2. Authentication (SSO Integration)

FireAPI passes a token in the URL:

?token=xxxxx

Your app must:

detect token

verify token with FireAPI

initialize local session

Example Token Verification

3. CORS Configuration

Your backend must allow FireAPI domains.

Example (Express):

4. Best Practices for Marketplace Tools

Make your UI responsive (dashboard iframe environment)

Avoid heavy redirects

Handle SSO token silently for a smooth login

Ensure cookie settings support iframe (`SameSite=None; Secure`)

FireAPI Tool Setup Guide

1. Iframe Compatibility (Required)#

Next.js Fix (Recommended)#

Express / Node.js Fix#

2. Authentication (SSO Integration)#

Example Token Verification#

3. CORS Configuration#