> ## Documentation Index
> Fetch the complete documentation index at: https://api.simkl.org/llms.txt
> Use this file to discover all available pages before exploring further.

# CORS

> Cross-origin request support on api.simkl.com.

The Simkl API supports **Cross-Origin Resource Sharing (CORS)** on the `api.simkl.com` domain — you can call it directly from a browser using `fetch` or `XMLHttpRequest`.

```js theme={"theme":{"light":"github-light","dark":"vesper"}}
const res = await fetch(
  'https://api.simkl.com/tv/17465?client_id=YOUR_CLIENT_ID&app-name=my-app-name&app-version=1.0',
  {
    headers: {
      'Content-Type': 'application/json',
      'User-Agent':   'my-app-name/1.0',
    },
  },
);
```

<Warning>
  **Don't ship `client_secret` in browser code.** If you need authenticated calls from a browser, use the [PIN flow](/api-reference/auth#how-the-pin-flow-works) (no secret) or proxy calls through your own server.
</Warning>

## Useful reading

* [CORS W3C working draft](http://www.w3.org/TR/cors)
* [HTML5 Security: Cross-Origin Request Security](http://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity)
