You can add allowed origins programmatically via the management API.
Another solution I have seen proposed:
– “Before you call the authorize endpoint, first save a state ID referencing the vanity URL, and send it in the call to /authorize. When the transaction completes and redirects the user to your callback URL, load the state, save the user information you need on the frontend’s local or session storage, and redirect them to the vanity URL.”
Not at this time. It is possible that a limit will be added at some point and we want customers to be aware of that possibility. We encourage users to be as efficient as possible with allowed origins.