Cross Origin Resource Sharing is a security feature of modern browsers that keeps browser users secure. It prevents malicious activity like cross site scripting. CORS implements headers in the response of any request to the server to say what domains are allowed to make specific types of calls to that server. In SendGrid’s case, we do not allow our customers to make a browser based call to our v3/mail/send endpoint.
Making your API key publicly accessible could result in anyone authenticating API calls with your API key — this is a significant security concern both for you and SendGrid.
You can create a server based application, which will protect your API keys from being released to the world. Languages like NodeJS, PHP, Ruby, Python, C#, Go, and Java, and others can be implemented to make calls to the API from the security of a locked down server environment.