Hosted Webapps
RestAPI.com hosts your static websites and single-page applications (SPAs) with automatic SSL and CDN distribution.
Hosting Your App
Subdomain Hosting
Your app is accessible at:
https://<api-name>.restapi.cloud
Example:
https://my-app.restapi.cloud
Custom Domains
Use your own domain with managed SSL certificates:
https://www.my-domain.com
Configure custom domains in the Developer Portal under your API's Web App Settings.
Multiple Hostnames
You can specify multiple custom hostnames by separating them with commas:
www.my-domain.com, app.my-domain.com, my-other-domain.com
This is useful when you want to serve the same application from multiple domains or subdomains.
Supported Frameworks
Any static site or SPA works, including:
- React
- Angular
- Vue
- Svelte
- Static HTML/CSS/JS
Web App Configuration
Configure your hosted app under Web App Settings in the Developer Portal:
| Setting | Description |
|---|---|
| Default Document | File served for root and directory requests (e.g., index.html) |
| Error Document | Custom page shown for 404 errors |
| Use Default on 404 | Serve the default document instead of 404 — required for SPAs with client-side routing |
| Cache Max Age | Browser cache duration in seconds |
File Resolution
When a request comes in, the server resolves files in this order:
- Exact path match (e.g.,
/about.html) - Path with
.htmlextension (e.g.,/about→/about.html) - Path as directory with default document (e.g.,
/about→/about/index.html) - Default document (if Use Default on 404 is enabled)
For SPAs (React, Angular, Vue, etc.), set your Default Document to index.html and enable Use Default on 404. This ensures client-side routing works correctly.
Deployment Options
Developer Portal
Upload your build files directly through the portal's File Explorer. You can upload individual files or ZIP archives that are automatically extracted.
CI/CD Pipelines
Deploy automatically from:
- GitHub Actions
- Azure DevOps
The VFS API provides sync endpoints for efficient CI/CD deployments, including manifest-based diffing to upload only changed files.
Virtual Paths
Hosted apps access APIs through virtual paths, eliminating CORS configuration:
| Path | Description |
|---|---|
/<region>-api | Region-specific, CORS-free |
/api | Region-free, CORS-free |
/login | Hosted authentication page |
Examples
Instead of calling the full URL:
fetch("https://<region>.restapi.com/<api-name>/products");
Use the virtual path:
fetch("/api/products");
No CORS headers needed. The request is handled internally.
Full URL Examples
https://my-app.restapi.cloud/eu-api/my-api/products
https://www.my-domain.com/api/my-api/products
The region-free /api path may have slightly higher latency than region-specific paths like /eu-api.
CORS Configuration
If you need to access your API from external domains (not your hosted app), configure CORS in the Developer Portal:
- Navigate to Security → CORS
- Add allowed origins
For hosted apps using virtual paths, CORS configuration is not required.
Authentication
Use the hosted login page at /login for user authentication:
https://my-app.restapi.cloud/login
This provides a ready-to-use authentication UI with your configured identity providers.
Cookie-Based Authentication
Hosted webapps use cookie-based authentication. After a user logs in, the server sets secure cookies:
- Authorization cookie — contains the access token (HttpOnly, Secure, SameSite=Lax)
- Refresh cookie — used to obtain new access tokens
Tokens are automatically refreshed via the /api/_refresh endpoint. To log out a user, send a POST request to /api/_logout — this invalidates the current session and clears both cookies.
App Configuration Endpoint
Your frontend can query /api/_webAppConfig to retrieve the webapp's authentication configuration (e.g., which login providers are enabled).