In order to make the calls of Web APIs from a different domain you will need to use the token from your user.

How to generate a Token

You can generate a unique token key from the /admin/profile page. Keep this key in secret.

Use the Token from server calls (PHP)

You can send the token as post parameter:

$url = "";
$token = "<UNIQUE_TOKEN>";
$options = [
  'http' => [
    'method'  => 'POST',
    'header'  => "Content-type: application/json",
    'content' => http_build_query(['id'=>2, 'token'=>$token]),
    'ignore_errors' => true

$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);

Authenticate from front-end (Javascript)

In order to make calls from a different domain, you should include the domain of your front-end app in the website’s cors value. In config.php of your installation add:

'cors'=> ['']

From javascript you should authenticate first the user with cedentials and then use the token in your calls.

Example using axios:

// authenticate'', {
  email: '[email protected]',
  password: 'password'
.then((response) => {
  token_key =;

// send a request'', {
  id: 2,
  token: token_key