If you are using Apperian's API to call Apperian web services from a web application (for example, a custom administration portal), you need to define a domain whitelist that includes the host domain of any web site that will send API requests to Apperian. This whitelist enables CORS (Cross-Origin Resource Sharing) in the header of the API response, which allows browsers to communicate with the Apperian web server across domain-boundaries.
To enable a domain whitelist for custom administration sites
On the Admin Portal navigation bar, click Settings.
Click CORS Domain Whitelist.
In the field, enter the domain of a web site you need to include in the whitelist. Follow these specifications: