There's no reason to use the browser to test, since the browser won't be the deployment platform. Use cURL, Postman, etc.
The reason for the CORS error should be self-evident: it isn't a browser API, so the Access-Control headers are not present.
You must never, ever, ever even consider calling the REST API directly from the browser. Just think about what you're exposing for a second.
Yes, agreed with you. Calling the rest API from the browser is not a safe way. But I am doing it for testing purpose.
From Server, I am able to call the API successfully but I was testing using browser-side also.
Retrieving data ...