List all valid web origins

This endpoint can be used to retrieve all valid web origins.

To protect users against certain types of malicious behavior, Xkit uses CORS headers to limit the origins which can call the Platform User API.

Add the origin (hostname and protocol, like https://example.com) of the website where you will use xkit.js, host your own integration catalog, or otherwise call the Platform User API in order to add it to the allowlist.

The origins can use wildcard patterns. For example, the pattern https://app-*.example.com would match https://app-production.example.com and https://app-staging.example.com.

The origins can also be managed in the Application Settings.

Language
Authorization
Basic
base64
:
Click Try It! to start a request and see the response here!