diff --git a/api/internal/middleware/auth/auth.go b/api/internal/middleware/auth/auth.go
index d9795592..8a6b2c82 100644
--- a/api/internal/middleware/auth/auth.go
+++ b/api/internal/middleware/auth/auth.go
@@ -127,9 +127,9 @@ func NewCookieTempAuthn(token string, path string, cfg config.APIConfig) *fiber.
 func NewWebAuthn(cfg config.APIConfig) *webauthn.WebAuthn {
 	var webAuthn *webauthn.WebAuthn
 	config := &webauthn.Config{
-		RPDisplayName: cfg.Name,                     // Display Name for your site
-		RPID:          cfg.FQDN,                     // Generally the FQDN for your site
-		RPOrigins:     []string{cfg.ApiAllowOrigin}, // The origin URLs allowed for WebAuthn requests
+		RPDisplayName: cfg.Name,                               // Display Name for your site
+		RPID:          cfg.FQDN,                               // Generally the FQDN for your site
+		RPOrigins:     strings.Split(cfg.ApiAllowOrigin, ","), // The origin URLs allowed for WebAuthn requests
 	}
 
 	webAuthn, err := webauthn.New(config)