API system settings

In the API settings, you can selectively control whether foreign applications may access your OpenProject API endpoints from within the browser.

Cross-Origin Resource Sharing (CORS)

To enable CORS headers being returned by the OpenProject APIv3, enable the check box on this page. This will also enable it for dependent authentication endpoints, such as OAuth endpoints /oauth/token and the like.

You will then have to enter the allowed values for the Origin header that OpenProject will allow access to. This is necessary, since authenticated resources of OpenProject cannot be accessible to all origins with the * header value.

For more information on the concepts of Cross-Origin Resource Sharing (CORS), please see: