It is not possible to get topic API datas using document.browsingTopics() without using a non-friendly iframe context. It means a Javascript file https://example.com/getTopicAPIDatas.js even if the URL where the file is hosted was whitelisted after an enrollment, won't be able to execute document.browsingTopics(). Adding a non-friendly iframe that would target "https://example.com/getTopicAPIDatas.js" could have impacts on loading time of the web page or current script executions and therefore won't be the best solution.

Would it be possible to whitelist host/files that would allow javascript tags integrated directly on web pages to get topic API datas ?

Example: Considering a website "website.com" writing a javascript tag (<script src="https://example.com/getTopicAPIDatas.js">) and https://example.com is whitelisted/enrolled, https://example.com/getTopicAPIDatas.js would be able to execute document.browsingTopics().