Acess-Control-Allow-Headers CORS Error with API after updating discourse

I have read the User API keys specification

In my case I have SSO with a frontend app in javascript, Could I consuming the API without using the authorization UI for every user? I would like a way that a could use de api-username … is that possible?

Regards