REF: https://support-portal.rkd.refinitiv.com/SupportSite/TestApi/Op?svc=TokenManagement_1&op=CreateServiceToken_1
REF: https://community.developers.refinitiv.com/questions/41617/get-access-token-via-browser-access-control-allow.html
REF: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
There is no reason this API should be restricted by CORS, please add the header as required for full web access. The TRKD data APIs are not similarly restricted, this appears a simple implementation flaw.
Access-Control-Allow-Origin: *
Currently I am accessing as recommended in the documentation via a reverse proxy.