Skip to main content
Chrome extensions require explicit host_permissions in the manifest for any external domains they communicate with. By default, the Composite SDK sends data to prod.alb.us.api.composite.com, which requires adding this domain to your manifest: 
"host_permissions": [
  "https://prod.alb.us.api.composite.com/*"
]
The problem: Adding a new third-party domain to host_permissions triggers a permission re-approval dialog for all existing users. By routing through your own domain, you can avoid this disruption.

Choose Your Setup

Custom Domain

Configure a subdomain via the Composite dashboard using DNS records. Recommended - no server setup required.

Cloudflare Workers

Use Cloudflare Workers to proxy requests at the edge.

AWS CloudFront

Route53 DNS with CloudFront CDN distribution.

Reverse Proxy

Nginx, Apache, Caddy, or any custom reverse proxy.

How It Works

Instead of sending analytics directly to Composite’s API, requests are routed through your domain: 
Your Extension → yourdomain.com/analytics → prod.alb.us.api.composite.com
Your manifest only needs permission for your own domain: 
"host_permissions": [
  "https://yourdomain.com/*"
]

SDK Configuration

Once your custom domain or proxy is set up, configure the SDK: 
await composite.init({
  apiKey: 'pk_your_api_key',
  apiHost: 'https://yourdomain.com/analytics',
  transport: 'chrome-extension'
});

Self-Hosted Proxy Requirements

If using Cloudflare, AWS, or a reverse proxy (not the dashboard Custom Domain option), your proxy must:
  1. Forward requests to https://prod.alb.us.api.composite.com with the path intact
  2. Preserve headers - Pass through X-Forwarded-For, X-Forwarded-Proto, and client IP
  3. Use HTTPS - All production traffic must be encrypted
Do not cache API responses. Analytics requests must reach Composite’s servers in real-time for accurate tracking.