@bernhard has addressed the CORS question, but I am curious: why run a separate JSON API for each party? JSON API is only a data-converting proxy for the underlying ledger API, and does not use given tokens outside the request in which they’re given.
Moved to a new topic since this is a separate question
I don’t think you’d run a JSON API per Party, but a JSON API per Participant Node. Since the JSON API Server only connects to a single Ledger API Server, there’s no way to run one JSON API for multiple Ledger APIs. If every Party runs their own Participant Node, that ends up being the same thing as running a JSON API per Party.