User and Administrator
This topic is about the relationship between you as an administrator and your users and the access scope of both.
You aka. the administrator is an entity that creates, develops and maintains one or more projects on Grandeur. The administrator has full authority over a project's resources (users, devices, files, and data) and can monitor and control all its projects from the dashboard.
A user is an entity that uses your product. While you have full control over your project, a user of your product has access to his profile and delegated access limited to its device scope only.
In the real world, you would not want to add a new user or pair a device with that user manually every time someone buys your product. Therefore you delegate a part of your project authorities to the SDK when you plug your project's API Key in. And so a new user gets to sign up, pair, monitor and control your device through your product's companion app.
Using just your project's API Key for full delegation is like putting all of your eggs in one basket. A stolen API Key can give the hacker, at the minimum, user-level access to your project. He can register any number of bogus users and do whatnot. Hence the concept of CORS comes to play.