whitelist

Embedding the YAP widget on your platform requires a one-time free whitelist approval. This protects your users and ours by ensuring the widget only loads from verified domains.

Why a whitelist?

YAP uses Content-Security-Policy: frame-ancestors to control which domains can embed the widget. Only domains on the approved list can load it. This prevents:

• Unauthorised use of the widget on unknown domains

• Phishing sites impersonating legitimate platforms

• Abuse of the chat infrastructure

How to apply

Go to yaphub.xyz/whitelist and fill in the form:

Field	Description
Platform name	Name of your project or terminal
Domain	The exact domain where the widget will be embedded, including https://
Platform type	Trading terminal, DEX, portfolio tracker, etc.
Contact email	Used for approval confirmation only
Expected users	Approximate monthly active users

What happens after submission

1. You receive an acknowledgement immediately

2. We review your application within 24 hours

3. If approved, your domain is added to the server's allowlist

4. The widget will start loading on your domain automatically — no changes needed on your side

What we check

• That the domain is a real, publicly accessible platform

• That the platform is not involved in scams, phishing, or illegal activity

• That the expected use case is consistent with the widget's purpose

We do not charge for whitelist approval and we do not reject applications from legitimate platforms.

Multiple domains

If you need the widget on multiple domains or subdomains (e.g. staging and production), mention all domains in the notes field of your application.

After approval

Once approved, embed the widget using the standard iframe code. No API key or token is required:

<iframe
  src="https://widget.yaphub.xyz/token/YOUR_CONTRACT_ADDRESS"
  sandbox="allow-scripts allow-same-origin allow-popups"
  referrerpolicy="no-referrer"
  width="380"
  height="600"
  frameborder="0"
></iframe>