Hi Jeoff,
Serving your own API to the outside world is even easier in Wappler because this is what we do with our Server Connect actions.
Each action file is an API endpoint by itself and returns standard JSON output. So it can be called from everywhere. You can also secure it fully with the included Security Provider.
Actually our own front-end framework App Connect uses the same principle in connecting - by just utilizing the Server Connect actions API and processing the JSON.
As for the CORS headers you can simply set them in the .htaccess file if needed.