Using Axios to GET spins. Status code 200, but Cross-Origin Request Blocked

[SOLVED] I am a frontend noob. I want to make a simple React app that uses Axios to make GET requests to recent spins so that I can dynamically display our recent spins on my radio stations recently played page. I do not wish to POST. My request would be purely READ-ONLY, but when I attempt to make the request and store the JSON returned with a useState hook i get this error.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://spinitron.com/api/spins?access-token=my_api_key. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

If I am understanding this correctly spinitron doesn’t allow for just any client to make a request using GET, despite having an API key. Am I understanding this correctly? Or is there a way to get around it?

Hi @3ak thanks for joining the forum.

CORS is a topic you can read about on the web. It’s not a limitation imposed by our systems, it comes from your web browser as a security feature.

If you are getting CORS errors that my guess is you are making API requests from a web client. This is not allowed by our terms of service. The API is for use by stations’ back-end servers for web or mobile apps. Stations are not allowed to distribute API keys to web or mobile clients. And back-end servers must implement a cache.

Thank you for the clarification.