You can create Cross-Origin Resource Sharing (CORS) policies to ensure that your APIs can be securely accessed by client applications from different domains. CORS is a security feature implemented by web browsers to prevent web pages from making requests to a different domain than the one that served the web page.
When your API is hosted on a different domain than your web application, you can configure CORS to allow requests from the web application’s domain. CORS acts as a security layer that controls and regulates how external applications or domains access your API, ensuring secure data exchange while preventing unauthorized access.
When a web page makes an HTTP request to your API to load an asset such as a font, image, or JSON file, that request can come from many different places across the internet. If these HTTP requests go unchecked, the security of your browser might be at risk. CORS enables you to allow requests to be made on your behalf while simultaneously blocking any potential malicious request. It gives you control over which websites or applications can access your resources, ensuring that trusted sites can interact with your data, while untrusted or malicious sites are prevented from making unauthorized requests. CORS helps keep your information secure and ensures that only approved interactions take place across different domains.
The API References area of a CORS policy displays all the managed REST and SOAP APIs, managed custom APIs, and managed API groups that use the policy as shown in the following image:
