This endpoint can be used to retrieve all valid web origins.
To protect users against certain types of malicious behavior, Xkit uses CORS headers to limit the origins which can call the Platform User API.
Add the origin (hostname and protocol, like https://example.com) of the website where you will use xkit.js, host your own integration catalog, or otherwise call the Platform User API in order to add it to the allowlist.
The origins can use wildcard patterns. For example, the pattern
https://app-*.example.com would match
The origins can also be managed in the Application Settings.