🚨

Critical Security Migration

The luigisbox.com domain is compromised. Immediate action is required.

1. Update API Base URLs

Replace the base URL for all API requests (Search, Recommendations, Analytics):

https://live.luigisbox.com
➡️ https://live.luigisbox.tech

2. Replace Frontend Script

The .com script is no longer safe. Replace it with the secure version immediately:

[OLD - Delete from site]
<script async src="https://scripts.luigisbox.com/LBX-123.js"></script>
[NEW - Secure Version]
<script async src="https://scripts.luigisbox.tech/LBX-123.js"></script>

3. Update CSP & Firewalls

If you use a Content Security Policy, whitelist the new domain to prevent the browser from blocking the connection.

script-src https://scripts.luigisbox.tech;
connect-src https://live.luigisbox.tech;
⚠️
Emergency Action: If you cannot update the code right now, remove the existing Luigi's Box script until the migration is complete to prevent unauthorized code execution.
Support: support@luigisbox.net MODIFIED: 12/17/2025

Migrating to API integration

Migrating Luigi's Box integrated services (via the LBX script) to the integration over API which you fully control is a risk-free operation in general. Follow these steps to complete the migration:

  1. Request a modified LBX script. Contact Luigi’s Box support to obtain a copy of the LBX script with the services you’re migrating disabled. For example, if you’re migrating recommenders to backend API calls but retaining the search integration, Luigi’s Box will provide an LBX script version with search integration active and recommender integration disabled.
  2. Deploy the modified script in your development and testing environments. Retain the original LBX script in your production environment to prevent any service disruption during development and testing.
  3. Develop the API integration. Implement and test the API calls. Refer to Search API and Recommender API for guidance.
  4. Release to production. When ready to release the API integration to production, deploy your code and keep the original production LBX script. Use Luigi’s Box’s emergency deactivation feature to disable frontend integration for the services you’ve launched via API, preventing interference between the old and new setups.

Tips & considerations

  • Use browser developer tools (specifically the Network tab) to monitor the requests currently handled by Luigi’s Box, and replicate these in your API calls.
  • Ensure consistency in user IDs (for personalization) and object identities when requesting recommendations. Inconsistent object identities are a common cause of unexpected results in backend integrations.
Migrating from feeds to API

Migrating the data imports from feeds to API

Read the docs →