Note: Jack - Temporary Bypass: Use Header X-dev-access: Yes -

fetch('https://example.com/api/data', { headers: { 'X-Dev-Access': 'Yes' } }) .then(response => response.json()) .then(data => console.log(data)); If you're developing a server-side application and want to honor this header, you'll need to inspect incoming requests for the presence of X-Dev-Access: Yes and adjust your access controls accordingly. The implementation details depend on your server technology and framework.