If you try to send requests to the DeepL API from the browser, your requests will fail with the HTTP 403 Forbidden status code with a message stating “blocked by CORS policy”. The DeepL API does not allow calls directly from browser-based applications.

Requests to third-party APIs from front-end applications would expose your credentials on the web, leaving your account vulnerable to fraud and abuse. You should never reveal your API authentication key in publicly accessible code.

If you realize your API authentication key has been compromised, log in to your DeepL account immediately. Under "Account Details", you have the option to generate a new authentication key. This will invalidate your compromised key.

To safely use the DeepL API on your website or application, you can route your requests through your own backend servers. This keeps your credentials hidden and allows you to specify CORS policies and rate limits as required by your use case.

DeepL's official open-source client libraries can help you create these backend implementations.