Insomnia and other REST clients: Electron shells and why they differ from Chrome CORS

Do not treat REST client success as proof that public websites can call your API.

OAuth redirects in Insomnia still need correct redirect URIs separate from CORS.

Publish example fetch snippets that run in the browser for integrators who copy-paste.

Keep Insomnia exports for internal QA, not as customer-facing guarantees.