You are correct. It's just an intro showing a request that works followed by one that fails. They seem similar, but are being affected by the same-origin policy.
api.website.com has to be returning Access-Control-Allow-Origin: https://www.mywebsite.com since the second example denies the request coming from anotherdomain.com.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.