Open API call returns can potentially be susceptible to cross-site request forgery (CSRF) attacks. To manage this security risk, the administrator UI includes the API Domain List.

You can add a domain to the list for an account integration that points to VMware Lab Platform and that runs within a browser. If your account uses a hosted tool on a web server that makes API calls to VMware Lab Platform, then you must add the domain to the list. Also, if your account includes a vanity domain for a user interface, then you must add that domain into the list.

In the following example,VMware Hands-On-Labs uses the following dashboard:

 http://web.hol.vmware.com/navigator/web.hol.vmware.com

This domain makes API calls to VMware Lab Platform and must be added to the domain list.