Origin URL adds an extra layer of authentication to the data sent to callstats.io. callstats.io will accept the data only from the origin (Origin URL) that is set on the dashboard. The Origin URL can contain wildcards. E.g www.foobar.com is covered by *.foobar.com but foobar.com is not covered by *.foobar.com.
If you do not set the Origin URL and the credentials (AppID and AppSecret) are exposed to third-party, the credentials can be used by an attacker to send invalid data.
For the security aficionados, we provide a third-party authentication using JWT (JSON Web Tokens).