CORS Cross origin resource sharing allows you to decide if a script from a domain other than your website/app can access data aka make AJAX calls etc. to your server. For your frontend API you probably want to limit the origin to just your domain. For a developer API you probably want to allow all origins.
CORS for Developers by W3C – explains CORS for developers in clear wording