Hi Andrew, we don't have cross-origin headers at the moment, although we may add them in the near future. What this means is that, as with many APIs, you cannot make the call directly from Javascript on a webpage because of browser security. The workaround would be to proxy the requests through the server hosting the website, using PHP, Rails, node.js, ASP, or whatever technology stack it is running on.