When calling the API via the HTTP verbs POST, PUT, DELETE and PATCH, you must specify the Origin header. The header value must correspond to the calling URL without path. The header is not required for read access (e.g. GET).

It is necessary to specify a value for Origin in order to prevent CSRF (Cross-Site Request Forgery) attacks.

Request

PUT /dms/sampleuri
Origin: https://samplehost

If the header is missing, the DMSApp will reply with HTTP 403 Forbidden.