The API URL is to be used is:
The API expects one header containing an authentication token, called X-CM-PRODUCTTOKEN. This token will be provided by your account manager or you can request one via email@example.com.
As Content-Type, application/json is being used in all API communications. Please add this header to your requests as well.
We strongly recommend you to build a small proxy (a backend application) which add the X-CM-PRODUCTTOKEN header to all your requests and forward the api calls.
This comes with the following reasons:
On our API, Cross-Site Scripting (XSS) protection is enabled. XSS enables attackers to inject client-side scripts into web pages viewed by other users. To protect your web application and our API we disabled the option to make direct request from a web application.
It's not a good practise to store a api key/product token in a frontend application because everything is readable (one way or another).