CORS is now enabled.

Often one of the blockers to onboarding new clients onto an API is the fact that Cross-origin resource sharing (CORS) is not enabled; therefore it hinders developing any client side applications that run in browsers.

If you are not familiar with Cross-origin resource sharing (CORS) then it is a specification that permits cross-domain requests from one domain to another domain via a browser e.g. can’t request resources from unless CORS is enabled on the server.

After some consideration we went ahead and enabled CORS and added support for OAuth 2.0 Implicit Grant Flow.

So what does this mean exactly?

In essence this means there is no longer any limitations for creating browser-based client-side web applications using the Mendeley API. You should be good to go.

Further reading here and here.

As we have stated previously we are currently working on improving the documentation so until then if you have questions on CORS and the Implicit Grant Flow then please email us at

This entry was posted in Uncategorized on by .

About Joyce-Stack - Developer Outreach

Joyce Stack completed a BSc. (Hons) Computer Science from The Open University while working in a startup in Co. Cork, Ireland. She moved to London in 2005 to join one of the City’s leading exponents of agile techniques at that time to work as a Java Developer. She is now working in the Developer Outreach role in Mendeley where her responsibilities are to meet and educate developers about the Mendeley API, attend conferences, meetups and hackathons and basically be the face of the API. She is passionate about providing an excellent developer experience and APIs. She likes biking, swimming and yoga but she hates potatoes despite being Irish.