Cross site requests are allowed for the following endpoints:
Except for the sustainability API, all of the above endpoints don’t allow you to pass credentials in cross-site requests. In other words, these API endpoints allow you to access public information only.
On a technical level, this is achieved by implementing the CORS standard, which is supported by all major browsers. We implement it such way that it strictly match the intention of the API endpoint.