HTTPS

Appwrite Cloud serves all endpoints over an HTTPS connection by default. Requests made through an unsecure HTTP connection will be redirected to.

Redirected requests will show a 301 response status.

HTTP

HTTP/1.1 301 Moved Permanently
Content-Type: application/json
Location: https://cloud.appwrite.io/v1/<ENDPOINT>

Appwrite Cloud does not support HTTP, which is a common practice in modern development, because unencrypted HTTP traffic is dangerous and exposes sensitive user data to malicious attackers.

Strict-Transport-Security

Appwrite uses the Strict-Transport-Security header to inform browsers that the website should only be accessed using HTTPS, further protecting against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. By enforcing HTTPS, Appwrite Cloud's endpoint will always be served over a secure connection, which helps protect users' data and privacy.

Custom domains

You can add a custom domain to your Appwrite project so you can access Appwrite API endpoints on your own domain. Appwrite will generate TLS certificates for your domain and enforce HTTPS communication.

Function domains

Appwrite generates domains for Appwrite Functions so they can be executed through HTTPS requests. Appwrite also generates TLS certificates for these domains to enforce HTTPS communication.

Was this page helpful?

Update on GitHub

Strict-Transport-Security

Custom domains

Function domains

Recommended