API Groups
Folders for your API endpoints with unique documentation and BaseURLs
Last updated
Folders for your API endpoints with unique documentation and BaseURLs
Last updated
API Groups allow you to organize your API endpoints into logical "Folders". Each of these API endpoints has its own Documentation and unique BaseURL.
Xano Creates your CRUD Operations in an API Group called Default
The API Group My First API Group is a group that contains CRUD API Endpoints to modify data in the Database Table My First Database Table.
Visually separating your API Endpoints
Managing access between different types of groups (General vs Admin API Endpoints)
Separating out API Endpoints from Marketplace Extensions
Managing different versions of an API endpoint
Clicking inside an API Group
Cross-Origin Resource Sharing (CORS) is a security feature in web browsers that controls how web pages in one domain can request resources from another domain. It's a mechanism built into modern web browsers to enable controlled access to resources located outside of a given domain.
Browsers will sometimes send what is known as a 'pre-flight request' via the OPTIONS method to your API endpoints to retrieve the CORS parameters.
By default, Xano employs the following CORS options:
In Xano, you have the ability to define CORS options for each individual API group if the default options do not meet your needs.
Access the CORS Management panel from the API group you'd like to modify by clicking the icon in the top-right corner.
For each API Group, you can change one or more of the following options related to CORS.
Allow Credentials
Enable this to allow your APIs in the selected API group to accept requests that contain credentials, such as cookies or authentication tokens.
Allow Methods
Modify this setting to only allow certain methods to be used to call APIs in the selected API group.
Allow Origins
Define the domains that requests to your APIs can come from.
Allow Headers
Define what additional headers are allowed when calling your APIs in the selected API group.
Max Age
Define how long the browser can use the permissions returned via the pre-flight request before it is necessary to ask for new permissions.
You can also set CORS to 'disabled', meaning that any requests requiring specific CORS parameters will be denied.
You can quickly remove public access to an entire group via the group settings panel.
