Problem

* You get an 'origin not allowed' error when invoking a REST API, similar to the following:

DEBUG 3/17/15, 13:37:06.151 Origin ___ not allowed by API key. Allowed ones are:

Resolution

-- When setting up an API Key for your application you need to specify the domains (i.e. the Javascript Origins) from which your API can be invoked using that API Key. By default this is left blank, thus forcing the user to think about where they want the API to be invoked from. You may set it to * if you want to let anyone invoke it. This is done in the 'Javascript Origins' setting on the application: