It's basically a copy of the sign in API, with your modification to check the origin from the request and tally it with if the current user is allowed to login from it or not.. Hope this is what you wanted 🙂