All docs
This doc
API Manager provides the capability to whitelist multiple host names if you use different host names to access API Store in your environment.
In this case, localhost is by default considered as a whitelisted host name.
Similarly, you can whitelist multiple host names for store as follows.
<API-M_HOME>/repository/deployment/server/jaggeryapps/store/site/conf/site.json
as comma separated values.See the following example configuration.
"whiteListedHostNames": ["www.wso2.org", "www.example.com"]
Note :
When you try to access API Store with a host which is not whitelisted, or is not specified in <API-M_HOME>/repository/conf/carbon.xml,
you will notice the following warning being logged in the server logs.
Possible HOST Header Attack is identified. Hence, rewriting to default host in configuration.