I have a script built into a Google Sheet that accesses some of the dev.to APIs. I'm not sure where I found the original article describing how to do this, but it uses the APIs getUserArticles endpoint and builds a spreadsheet with some awesome data.
I was recently preparing an article about this tool.
I was looking at converting this script and using it within an Angular project and found that CORS is not allowed when using Authorization (API Key generated via Settings).
I now know that the script I started with (in Google Sheet) is bypassing the CORS issue completely when run on Google Sheets and I suspect I can find ways to bypass this local blocking, as well.
Given that I shouldn't be able to use APIs that need Authentication with an API key (they are CORS blocked), why then do I need the api-key that can be generated at https://developers.forem.com/api/#section/Authentication?
It almost feels as if there's two different conversations going on within your organization: Functionality versus Security.