Turnkey has an open CORS policy for its public API. This means your frontend can choose to POST sign requests straight to https://api.turnkey.com
. Your frontend can also choose to forward the requests via a backend server (which POSTs the signed request to Turnkey).