Due to API key being in header, all requests are pre-flighted, increasing latency

[corneliusroemer]

I was wondering why all my requests to the API were preceded by an OPTIONS request, before the actual GET request.

This seemed wasteful and I couldn't see what I'd done wrong.

I learned this is called preflighting and is necessary due to CORS restrictions.

If the API key was added to the URL, preflighting wouldn't be necessary saving time. Are you aware of this impact of implementing authentication like that?

[clampr]

It's a good point. Originally, the API didn't handle CORS requests properly at all. At some point a user requested this feature, so they could use the API with modern JavaScript.

For now I cannot work on this topic because I'm short in time. But it's something I will consider when working on the next version of the API. I'm actually planning to move the API to RapidAPI at some point in the future, so they can handle the authentication for Meteostat.