> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flexslot.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# Remove an allowed origin from the partner

> Manage the partner's allowed-origins list.

POST adds an origin (idempotent — adding an existing origin is a no-op).
DELETE with ?origin=... removes one (404 if not present, so the partner
knows their request had no effect).

Origins gate write-path CORS — adding a new app domain shouldn't require
a Flexslot admin to do anything. This is the most common partner
self-service action.



## OpenAPI

````yaml /openapi.json delete /api/public/v1/me/partner/allowed-origins
openapi: 3.0.3
info:
  title: Flexslot API
  version: 1.0.0
  description: API documentation for Flexslot decks application
servers:
  - url: https://api.flexslot.gg
    description: Production
  - url: https://api-dev.flexslot.gg
    description: Development
security: []
paths:
  /api/public/v1/me/partner/allowed-origins:
    delete:
      tags:
        - Me
      summary: Remove an allowed origin from the partner
      description: |-
        Manage the partner's allowed-origins list.

        POST adds an origin (idempotent — adding an existing origin is a no-op).
        DELETE with ?origin=... removes one (404 if not present, so the partner
        knows their request had no effect).

        Origins gate write-path CORS — adding a new app domain shouldn't require
        a Flexslot admin to do anything. This is the most common partner
        self-service action.
      operationId: me_partner_allowed_origins_remove
      parameters:
        - in: query
          name: origin
          schema:
            type: string
          description: Origin URL to remove. Returns 404 if not present.
          required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PartnerAllowedOriginsRemoveResponse'
          description: ''
      security:
        - PersonalAccessToken: []
        - OAuth2Bearer: []
components:
  schemas:
    PartnerAllowedOriginsRemoveResponse:
      type: object
      properties:
        allowed_origins:
          type: array
          items:
            type: string
            format: uri
      required:
        - allowed_origins
  securitySchemes:
    PersonalAccessToken:
      type: http
      scheme: bearer
      bearerFormat: flx_pat_...
      description: 'User-issued personal access token (format: flx_pat_<token>).'
    OAuth2Bearer:
      type: http
      scheme: bearer
      bearerFormat: flx_at_...
      description: >-
        OAuth2 access token issued via the authorization-code + PKCE flow
        (format: flx_at_<token>). Grants the partner user-scoped access to act
        on behalf of the consenting end-user.

````