TIMEVERSE
Syncing T2°...
Timeverse
Docs

CORS & Integration Guide

How to configure cross-origin access for the Timeverse API.

To integrate the Timeverse API into your web applications, your server must be configured to allow requests from your domains. This is handled via CORS (Cross-Origin Resource Sharing) headers.

Authorized Domains

The following domains are typically authorized for Timeverse ecosystem integrations:

  • https://binutecoin.com
  • https://harmonysegment.com
  • https://hermessecund.com
  • https://tarwar.com

Configuration Samples

Depending on your server technology, apply the following configurations to your API endpoints (https://timeverse.ma/api/v1/*).

Apache (.htaccess)

Apache Config
<IfModule mod_headers.c>
    SetEnvIf Origin "https?://(binutecoin\.com|harmonysegment\.com|hermessecund\.com|tarwar\.com)$" CORS_ALLOW_ORIGIN=$0
    Header set Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
    
    # Respond to OPTIONS (preflight)
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>

Nginx

Nginx Config
location /api/v1/ {
    if ($http_origin ~* ^https?://(binutecoin|harmonysegment|hermessecund|tarwar)\.com$) {
        add_header Access-Control-Allow-Origin "$http_origin" always;
    }
    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
    add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
    
    if ($request_method = 'OPTIONS') {
        add_header Access-Control-Allow-Origin "$http_origin" always;
        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
        add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
        add_header Content-Length 0;
        add_header Content-Type text/plain;
        return 204;
    }
}

Node.js (Express)

Express Middleware
const cors = require('cors');
const allowedOrigins = [
  'https://binutecoin.com',
  'https://harmonysegment.com', 
  'https://hermessecund.com',
  'https://tarwar.com'
];

app.use(cors({
  origin: function(origin, callback) {
    if (!origin || allowedOrigins.includes(origin)) {
      callback(null, true);
    } else {
      callback(new Error('Not allowed by CORS'));
    }
  },
  methods: ['GET', 'POST', 'OPTIONS'],
  allowedHeaders: ['Content-Type', 'Authorization']
}));

Affected Endpoints

CORS must be enabled for all public and managed endpoints, including:

  • GET /v1/core/state
  • GET /api/v1/keys
  • GET /v1/clockchain/anchors
  • POST /v1/security/tsae

Verification

To verify the configuration, use curl to simulate a cross-origin request:

Verify with Curl
curl -H "Origin: https://binutecoin.com" -I https://timeverse.ma/api/v1/core/state

You should see the Access-Control-Allow-Origin: https://binutecoin.com header in the response.

Support

If you are still experiencing CORS issues, please contact the Timeverse engineering team with your Origin header value.

Contact Support