We have an API that we like to restrict access to our domain. We have CSRF, CORS in place. But the same api need to accessed from mobile app as well, which apparently is not a b
