Zuora CORS REST
The Cross-Origin Resource Sharing (CORS) specification provides an additional security mechanism to process some Zuora REST APIs. REST API calls can be made from your customer's browser directly to Zuora using AJAX – securely transferring data, such as a user's personal information – without passing this data through your servers.
The CORS and Zuora REST API article in Zuora Developer Center describes Zuora CORS REST and explains how Zuora REST API calls are made when CORS-enabled. Please navigate to the Developer Center article for details.