Skip to main content

Auth Origin Not Allowed (403)

Doc type: How-to guide

Symptoms

  • POST /api/oauth/token returns 403 because the request origin is not allowlisted.

Checklist

  1. Ensure the request includes a valid Origin or Referer header.
  2. Ask the Yoyo Auth team to add your origin to the allowlist.
  3. Use a single parent domain when possible to simplify allowlisting.

Next steps