---
title: Network requests
description: >
  Shop Minis can only make network requests to approved domains. This page
  describes how to add trusted domains and how to perform fetch requests inside
  your Mini.
api_name: shop-minis
source_url:
  html: 'https://shopify.dev/docs/api/shop-minis/network-requests'
  md: 'https://shopify.dev/docs/api/shop-minis/network-requests.md'
---

# Network requests

Shop Minis can only make network requests to approved domains. This page describes how to add trusted domains and how to perform fetch requests inside your Mini.

***

## Trusted domains

To allow your Mini to make network requests to external domains, you need to add them to the `trusted_domains` array in your `manifest.json` file. This will be reviewed when your Mini is submitted.

## Adding trusted domains to manifest.json

```json
{
  "name": "My Mini",
  "trusted_domains": ["example.com", "api.example.com"]
}
```

***

## Making requests

Once you have added trusted domains to your manifest, you can use standard fetch requests in your Mini to communicate with your backend services. See [Custom backend](https://shopify.dev/docs/api/shop-minis/custom-backend) for more information on how to verify requests.

Make sure to handle errors appropriately and provide feedback to users when requests fail.

**Authenticating requests:**

Do not include secret tokens or API keys in your Mini code. If you need to make authenticated API requests, you should wrap or proxy the request on your own backend using the verification process for rate limiting.

***

## Handling CORS

Any backend services that your Shop Mini communicates with must be configured to allow [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) requests from `localhost:*` (all localhost ports).

This applies to both development and production environments, as Shop Minis use this origin to make requests. Ensure your server includes appropriate CORS headers to allow requests from these origins.

***