/
Contact usSee pricingStart building
Node
​

    About Stytch

    Introduction
    Integration Approaches
      Full-stack overview
      Frontend (pre-built UI)
      Frontend (headless)
      Backend
    Migrations
      Migration overview
      Migrating users statically
      Migrating users dynamically
      Additional migration considerations
      Zero-downtime deployment
      Exporting from Stytch
    Custom Domains
      Overview

    Authentication

    DFP Protected Auth
      Overview
      Setting up DFP Protected Auth
      Handling challenges
    Magic Links

    • Email Magic Links

        • Getting started with the API
        Getting started with the SDK
        Replacing your password reset flow
        Building an invite user flow
        Add magic links to an existing auth flow
        Adding PKCE to a Magic Link flow
        Magic Link redirect routing

    • Embeddable Magic Links

        • Getting started with the API
    MFA
      Overview
      Backend integration
      Frontend integration
    Mobile Biometrics
      Overview
    M2M Authentication
      Authenticate an M2M Client
      Rotate client secrets
      Import M2M Clients from Auth0
    OAuth

    • Identity providers

        • Overview
        Provider setup
      Getting started with the API (Google)
      Add Google One Tap via the SDK
      Email address behavior
      Adding PKCE to an OAuth flow
    Connected AppsBeta
      Setting up Connected Apps

    • Resources

        • Integrate with AI agents
        Integrate with MCP servers
    Passcodes
      Getting started with the API
      Getting started with the SDK

    • Toll fraud

        • What is SMS toll fraud?
        How you can prevent toll fraud
      Unsupported countries
    Passkeys & WebAuthn

    • Passkeys

        • Passkeys overview
        Set up Passkeys with the frontend SDK

    • WebAuthn

        • Getting started with the API
        Getting started with the SDK
    Passwords
      Getting started with the API
      Getting started with the SDK
      Password strength policy

    • Email verification

        • Overview
        Email verification before password creation
        Email verification after password creation
    Sessions
      How to use sessions
      Session management examples
      Custom claims
      Custom claim templates
      Session tokens vs JWTs
      How to use Stytch JWTs
    TOTP
      Getting started with the API
      Getting started with the SDK
    Web3
      Getting started with the API
      Getting started with the SDK

    Authorization

    Implement RBAC with metadata

    3rd Party Integrations

    Planetscale
    Supabase
    Feathery
    Unit

    Testing

    E2E testing
    Sandbox values

Get support on Slack

Visit our developer forum

Contact us

Consumer Authentication

/

Guides

/

About Stytch

/

Custom Domains

/

Overview

Use your own domain for Stytch assets and API calls

What is a custom domain?

When using a service like Stytch to implement part of your application's functionality, your users's browsers will be making API calls and requesting assets that are handled by Stytch's servers. While it is often workable to have these requests go directly to Stytch, it is usually desirable, and sometimes necessary, to configure your application to serve these requests from your own domain.

Why use a custom domain?

Having the URL for components of your application served from your own domain instead of calling out to stytch.com is a better experience for your users. In essence, it is a form of "white labeling" to show all requests coming to and from your app. As your users are less likely to be familiar with Stytch, not only is it confusing if they see requests coming to our servers, they may consider this to be a security or vulnerability concern.

In addition, some Stytch products are more directly affected by not using a custom domain. Fraud protection, for instance, is more likely to be blocked by ad blockers. Emails to your users, such as those sent by Magic Links, will appear to come from an stytch.com address instead of your domain. More info on how custom domains interact with our products can be found below.

Setting up a custom domain is an important part of integrating Stytch seamlessly with your app.

Setting up a custom domain

In order to configure a custom domain, there are two sources which you will need to update:

  • Your DNS records will need to be updated with your provider to include a CNAME record. This will create a subdomain on your site which acts as an alias for a subdomain of stytch.com
  • Your Stytch configuration will need to be updated to inform Stytch of the details of your subdomain.

It's best to approach this process by doing both steps in parallel.

1
Adding a custom domain

Start by going to your Project details in the Stytch dashboard. Scroll down in the Project Settings view until you see the "Custom domain setup" section.

Creating a custom domain

Click the "+ Add New" button to open a dialog with information needed for the next step. Take note of the URL provided, {SUBDOMAIN}.stytch.com, as we will need it for the next step.

Configuring the custom domain in the Stytch Dashboard

2
Updating your DNS records

A CNAME record in your domain should be updated to point to this URL.

Stytch custom domains for live and test environments cannot use the same subdomain name in their CNAME entries.

The process for this varies by DNS provider, but most providers will have instructions to follow. Here are links to updating the appropriate DNS records for some popular providers:

  • Amazon Web Services (Route 53)
  • Google Cloud Platform (Cloud DNS)
  • Cloudflare
  • GoDaddy
  • Namecheap

It may take a moment for this change to propagate across DNS servers on the Internet.

3
Finish configuring Stytch

Finish the configuration process in Stytch by entering your full domain in the final field of the dialog box and clicking "Verify".

Stytch products which use custom domains

Custom domains can have a far-reaching impact on how your app interacts with Stytch. These are some of our products which benefit from a custom domain:

Device fingerprinting (DFP) / Fraud protection

In order for our device fingerprinting product to operate successfully we provide a script that infers details about the end users’ environment. This type of introspection can be flagged by ad blockers. Serving this script from your own domain provides some assurance that the script should be allowed to run.

For more detailed information about fraud prevention please reach out to support@stytch.com.

HttpOnly Cookies

Stytch's SDKs will make requests to api.stytch.com by default, but HttpOnly cookies cannot be used across domains. To properly use HttpOnly cookies with Stytch's SDKs your app will need to configure a custom domain.

Magic Links

If Stytch is not configured with a custom domain, emails sent by Stytch to your users (for instance, when using magic links) will appear to come from a Stytch email address (e.g. login@stytch.com). Using a custom domain can alleviate user confusion and affect how your email is processed by spam filters.

OAuth

For some OAuth providers (such as Google), the domain used for logging in must be authorized by the provider in order to properly display your app's consent screen. In order for the consent screen to indicate that it is returning to your app instead of to stytch.com, the redirect URI provided to the login flow must be owned by your authorized domain.

Next steps

Read more about the above products for more specifics about how they each work.

For questions, reach out to support@stytch.com.

What is a custom domain?

Why use a custom domain?

Setting up a custom domain

1.

Adding a custom domain

2.

Updating your DNS records

3.

Finish configuring Stytch

Stytch products which use custom domains

Device fingerprinting (DFP) / Fraud protection

HttpOnly Cookies

Magic Links

OAuth

Next steps