Documentation
FAQ: Can I call the API from a browser? in the NexoRouter documentation.
FAQ: Can I call the API from a browser?
NexoRouter responds to browser CORS preflight requests for the public API, but exposing an API key in frontend code is usually unsafe.
Recommended architecture
Call NexoRouter from your backend:
Browser -> your backend -> NexoRouter
Your backend stores the API key and applies user-level limits.
Browser-only risk
If you put a NexoRouter API key in browser JavaScript, users can extract it and spend your balance. Use a backend proxy for production.