Overview

Add allowed origins (e.g., https://www.example.com) to prevent unauthorized usage from other domains.

Best practices

  • Add production and sandbox origins separately
  • Use exact origins (scheme + host + optional port)