description: Settings for API functionality of OpenProject
robots: index, follow
keywords: API settings
@ -8,12 +8,12 @@ keywords: API settings
# API system settings
In the API settings, you can selectively control whether foreign applications may access your OpenProject
API endpoints from within the browser.
API endpoints from within the browser.
## Cross-Origin Resource Sharing (CORS)
To enable CORS headers being returned by the [OpenProject APIv3](https://docs.openproject.org/api/),
enable the check box on this page.
To enable CORS headers being returned by the [OpenProject APIv3](../../../api/),
enable the check box on this page. This will also enable it for dependent authentication endpoints, such as OAuth endpoints `/oauth/token` and the like.
You will then have to enter the allowed values for the Origin header that OpenProject will allow access to.
This is necessary, since authenticated resources of OpenProject cannot be accessible to all origins with the `*` header value.