Define a CORS rule You can define a CORS rule to control which domains can access specific REST API endpoints. Before you beginRole required: web_service_admin Procedure Navigate to System Web Services > CORS Rules. Click New. Populate the form. Table 1. Fields Field Description REST API Select the REST API this CORS rule applies to, such as the Table API. Domain Enter the domain that this CORS rule applies to. This CORS rule is evaluated against requests from the specified domain. You can specify a domain pattern or an IP address. When using a domain pattern you can specify a single wildcard to match incoming origin headers. HTTP Methods Select the HTTP methods allowed. Only the selected methods can be called from the specified domain. HTTP Headers Enter a comma-separated list of HTTP headers to send in the response. Specified headers are added to the Access-Control-Expose-Headers header. Max age Enter the number of seconds to cache the client session. After an initial CORS request, further requests from the same client within the specified time do not require a preflight message.If you do not specify a value, the default value of 0 indicates that all requests require a preflight message. Click Submit. CORS domain requirementsWhen you define a CORS rule, the value you enter in the Domain field must meet certain requirements. Each CORS rule supports a single wildcard to match incoming Origin headers.