get https://app.xkit.co/api/platform/origins
List all valid web origins
This endpoint can be used to retrieve all valid web origins.
To protect users against certain types of malicious behavior, Xkit uses CORS headers to limit the origins which can call the Platform User API.
Add the origin (hostname and protocol, like https://example.com) of the website where you will use xkit.js, host your own integration catalog, or otherwise call the Platform User API in order to add it to the allowlist.
The origins can use wildcard patterns. For example, the pattern https://app-*.example.com
would match https://app-production.example.com
and https://app-staging.example.com
.
The origins can also be managed in the Application Settings.