In some cases, when you try to call the Piano API endpoints from the frontend, you may receive an error response with the reason CORS header ‘Access-Control-Allow-Origin’ missing.
Any requests to /publisher/* (i.e. /publisher/offer/template/list) endpoints are prohibited to be performed on the frontend since it exposes the API token. The API token must never be shared publicly.
There are API methods that you can use on the frontend, and they can be found under the Anon module in our API documentation here. We also suggest using the tp.api.callApi("<ENDPOINT>", {<DATA>}, function(data){ <DATA OPERATION> }) method to call these API endpoints.
This function uses JSONP to make these requests, and as a result, is not prone to CORS restrictions.
Under the following links here, here, and here you can review some further examples.