As you may know, API GW follows CORS specifications which are defined by Mozilla. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin Due to CORS specification, the server cannot respond with multiple domains in a single Access-Control-Allow-Origin header unfortunately. For REST API to have multiple domains in CORS, a work around could be to create an API with a Lambda proxy integration. So that we can assign…