...
Enabling SSL would ensure that communication between the end user's browser to be server is secure. Please see Setting Up SSL on Tomcat to learn more.
Domain Whitelist for API Calls
Refer to API Domain Whitelist in Settings to whitelist domains that are consuming Joget's APIs.