List all valid web origins

This endpoint can be used to retrieve all valid web origins.

To protect users against certain types of malicious behavior, Xkit uses CORS headers to limit the origins which can call the Platform User API.

Add the origin (hostname and protocol, like of the website where you will use xkit.js, host your own integration catalog, or otherwise call the Platform User API in order to add it to the allowlist.

The origins can use wildcard patterns. For example, the pattern https://app-* would match and

The origins can also be managed in the Application Settings.

Click Try It! to start a request and see the response here!