DocumentationPolicies & Security
Policies & Security
Configure CORS, Rate Limiting, and Access Controls.
Policies control who can access your endpoints and how much they can consume.
CORS & Origins
To prevent unauthorized websites from calling your API, you must whitelist Allowed Origins.
By default, new projects block all origins. Add existing domains (e.g., `https://myapp.com`) immediately.
fuseplane.config.ts
1export default {2 security: {3 allowedOrigins: ["https://myapp.com", "http://localhost:3000"]4 }5}
Rate Limiting
Protect your upstream services from abuse by setting global or per-IP rate limits.
fuseplane.config.ts
1export default {2 rateLimit: {3 window: "60s",4 max: 100 // 100 requests per minute per IP5 }6}