Managing Allowed Origins for Digital Humans

this section details the process of configuring domain whitelisting for your embedded digital human this allows you to define the approved websites where the digital human is authorized to operate the /head/{id}/allowed origins https //platform api unith ai/api/#/head/headcontroller setallowedoriginsbyid endpoint controls which domains can access the digital human api the default value is , meaning that requests from any origin are permitted while convenient for initial setup, restricting allowedorigins to a whitelist of known domains is crucial for enhanced security in production deployments to whitelist domains, you must specify the unique head id, as origin whitelisting is managed individually for each digital human curl example curl x 'put' \\ 'https //platform api unith ai/head/yourheadid/allowed origins' \\ h 'accept application/json' \\ h 'authorization bearer yourbearertoken' \\ h 'content type application/json' \\ d '\[ "yourdomain" ]' restricting the origin to allow access only from https //www unith ai https //www unith ai , configure the origins parameter as follows \[“ https //www unith ai“ ] to permit access from both https //www unith ai https //www unith ai and https //www unith2 ai https //www unith2 ai , use the following configuration \[“ https //www unith ai https //www unith ai “, “ https //www unith2 ai https //www unith ai “] to allow access from any origin, effectively making the digital human public again, set the origins parameter to \[“ “] iframe the same principles of origin restriction apply to embedding the digital human within an iframe to control which domains are allowed to embed the digital human via an iframe, you can manage a separate whitelist of origins specifically for iframe integration use the following endpoint /head/{id}/iframe/allowed origins https //platform api unith ai/api/#/head/headcontroller setallowediframeoriginsbyid in order to set specific domains for your digital human using id curl x 'put' \\ 'https //platform api unith ai/head/yourheadid/iframe/allowed origins' \\ h 'accept application/json' \\ h 'authorization bearer yourbearertoken' \\ h 'content type application/json' \\ d '\["www yourdomain ai"]' interface to restrict domains, you can do so within interface itself first, navigate to your "dashboard" and click the edit button (the pencil icon) on any of your deployed digital humans this will open a new window where you can control all aspects of your digital human's configuration within this window, go to the "security" section, enable the "restrict domains" toggle, and then add the specific domains you wish to restrict please be aware that when configuring allowed iframe origins /head/{id}/iframe/allowed origins , you must also include https //chat unith ai in the general allowed origins /head/{id}/allowed origins also, note that you might not be able to preview the digital human directly unless you've specified its domain in the allowed domains list when adding new domains, it's crucial to use the correct format here's an example to follow https //www unith ai