API and CORS

The API only allows a limited list of addresses in the Access-Control-Allow-Origin header.
Even in Postman, you may encounter the error: Error: CORS request rejected: /auth/connect/token.

In the case of Postman, it’s enough to use Postman Desktop instead of the browser.

However, if the application communicating with the API must run in the browser, you can add the AccessControlAllowOrigin key to the web service’s Web.config file:

<add key="AccessControlAllowOrigin" value="*" />

Alternatively, you can specify a single address:

<add key="AccessControlAllowOrigin" value="https://www.postman.com" />