Self-Host / Server

Rebuild the apps model for self-hosting.

In Sendity Cloud, an app is the configuration boundary between a website and the verification backend. Self-hosted installations need the same concept, even if you expose it through your own admin UI or seed it from configuration.

Required fields

public_app_id
Safe to expose in markup. Used by the Client when creating challenges.
client_secret
Server-side credential for adapters and trusted backend calls. Show it once when created; store only a hashed form where possible.
allowed_origins
Origins allowed to create browser challenges for this app.
verification_channel
The app’s single channel: email or phone. Channel recipients remain server configuration.

For each AuthRequest, the server derives verification_action. Email actions contain the configured inbox and a complete mailto: URL. Phone actions contain the configured SMS number, an optional Twilio RCS recipient, and a complete action URL. The browser Client must not reconstruct any of these values.

Secret handling

Client secrets are operational credentials. Generate them with enough entropy, show them once, allow rotation and never render them back to users as copyable masked values. The browser Client only needs the public app id.

Cookie Settings

Sendity uses privacy-friendly analytics to learn which pages help developers. We only load Google Analytics after you consent.

Sign in

Already created a passkey?