Go live

To deploy your project to production some changes need to be made in order ensure stricter security.
If you've successfully developed and tested your product locally or on a staging server, some changes need to made (some cannot be reversed for a Corbado project).

1. Set final Relying Party ID

Set a final Relying Party ID here, where passkeys are bound to. Note that all passkeys you created and used during development and testing will not work anymore once this value is changed. That's also why a later change in production is not possible anymore (as it would invalidate all existing, working passkeys in production).

2. Set final CNAME

If you've integrated Corbado via web component, you need to update the CNAME here to one of yours that points to <project ID> This property can be changed later.
To verify the CNAME run the following DNS test in a terminal.
dig cname <CNAME>
The result should be:
<CNAME>: 43200 IN CNAME <project ID>
It can take up to 5 minutes until Corbado has registered your CNAME.
If you use one of our Backend SDKs, you need to update the Frontend API URL to be the same like the defined CNAME (otherwise you could get a JWT validation error because the iss JWT claim would not match anymore). See details here:

3. Update relevant URLs

Update Redirect URL and Application URL here and Webhooks URL here. These values can be changed later.

4. Add authorized origins for production

Add a new authorized origin for your production here. You can add more authorized origins later.

5. Create API secrets for production.

Create a new API secret here that is only valid for production in order to prevent the leakage of a development's API secret.