{"templateId":"../../@theme/Templates/ChangelogEntry","sharedDataIds":{},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"⚠️ Upcoming Change","siteUrl":"https://developers.signable.app","description":"Integrate Signable’s eSignature API to send, sign, and manage documents with envelopes and webhooks.","image":"/assets/hero-placeholder-small.5b052639e5d5a3b6265375db1ac2835173dda2c0ed22f8c167f6284080cc84ce.db81178d.png","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"️-upcoming-change","__idx":0},"children":["⚠️ Upcoming Change"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["On ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["16 June 2026"]},", we’ll be enabling CORS restrictions on the Signable public API."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This will prevent web browsers from making direct client-side requests to the API."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Our API is designed to be called from your server, not from browser-based JavaScript."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"what-this-means","__idx":1},"children":["What this means"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If you’re currently making direct requests to the Signable API from frontend code (for example, using ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["fetch"]}," or ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["axios"]}," in the browser), those requests will be blocked once CORS restrictions are enabled."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You’ll need to move those requests to your server before this date."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"why-were-doing-this","__idx":2},"children":["Why we’re doing this"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Restricting browser-based access improves security and ensures API credentials are not exposed in client-side applications."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"need-help","__idx":3},"children":["Need help?"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If you think this change might affect you, please contact support and we’ll be happy to help."]}]},"headings":[{"value":"⚠️ Upcoming Change","id":"️-upcoming-change","depth":2},{"value":"What this means","id":"what-this-means","depth":3},{"value":"Why we’re doing this","id":"why-were-doing-this","depth":3},{"value":"Need help?","id":"need-help","depth":3}],"frontmatter":{"title":"Enabling CORS restrictions on the public API","date":"2026-03-16T00:00:00.000Z","type":"API","breaking":true,"template":"../../@theme/Templates/ChangelogEntry","seo":{"title":"⚠️ Upcoming Change"}},"lastModified":"2026-03-17T10:43:19.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/changelog/entries/2026-03-16-cors","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}