To protect you and your users, the Threadeo web app and API allows only those domains listed here to host applications that require Threadeo API access, and to enable iframe access to the Threadeo web app from within those applications if needed.

Note: Authorized domains are applicable only to requests received by Threadeo API via a browser. If you are only making requests via a server, you do not need to specify authorized domains.

If there are no authorized domains specified and you would like to add one, click on “Add Authorized Domain”.

To allow subdomains, you can use the wildcard symbol (* Wildcards are allowed only for third-level and fourth-level domains (e.g., is a third-level domain, and is a fourth-level domain).

Enter the name of the authorized domain. Click “Add”.

Repeat the process to add more authorized domains. You can add a maximum of 5 authorized domains.

To delete an authorized domain, click on the “Delete” link on its right, read the overlay, and click “Yes” to proceed with deletion. Please read all warnings in this documentation and on your API Settings page before deleting any authorized domains.


Authorized domains and iframes work together

These authorized domains will apply to the “iframes” toggle in the section below as well.