diff --git a/config/express.js b/config/express.js
index 20da68f7..66f21b7d 100644
--- a/config/express.js
+++ b/config/express.js
@@ -34,6 +34,17 @@ module.exports = function(app, historicSync, peerSync) {
   app.use(express.methodOverride());
   app.use(express.compress());
 
+  if (config.enableEmailstore) {
+    var allowCopayCrossDomain = function(req, res, next) {
+      res.header('Access-Control-Allow-Origin', '*');
+      res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
+      res.header('Access-Control-Allow-Headers', 'Content-Type,Authorization');
+
+      next();
+    }
+    app.use(allowCopayCrossDomain);
+  }
+
   if (config.publicPath) {
     var staticPath = path.normalize(config.rootPath + '/../' + config.publicPath);
     //IMPORTANT: for html5mode, this line must to be before app.router
diff --git a/config/routes.js b/config/routes.js
index 59d6a7be..cd449407 100644
--- a/config/routes.js
+++ b/config/routes.js
@@ -57,6 +57,7 @@ module.exports = function(app) {
     app.post(apiPrefix + '/email/register', emailPlugin.post);
     app.post(apiPrefix + '/email/validate', emailPlugin.validate);
     app.get(apiPrefix + '/email/retrieve/:email', emailPlugin.get);
+    app.get(apiPrefix + '/email/retrieve', emailPlugin.retrieve);
     app.get(apiPrefix + '/email/validate', emailPlugin.validate);
     app.post(apiPrefix + '/email/change_passphrase', emailPlugin.changePassphrase);
   }
diff --git a/plugins/emailstore.js b/plugins/emailstore.js
index d8ee5f8f..4ad9645f 100644
--- a/plugins/emailstore.js
+++ b/plugins/emailstore.js
@@ -422,11 +422,14 @@ emailPlugin.retrieveDataByEmailAndPassphrase = function(email, key, passphrase,
 };
 
 /**
- * Retrieve a record from the database.
+ * Retrieve a record from the database (deprecated)
  *
  * The request is expected to contain the parameters:
+ * * email
  * * secret
+ * * key
  *
+ * @deprecated
  * @param {Express.Request} request
  * @param {Express.Response} response
  */
@@ -446,6 +449,34 @@ emailPlugin.get = function (request, response) {
   });
 };
 
+/**
+ * Retrieve a record from the database
+ */
+emailPlugin.retrieve = function (request, response) {
+  if (!request.header('authorization')) {
+    return emailPlugin.returnError(emailPlugin.errors.INVALID_REQUEST, response);
+  }
+  var authHeader = new Buffer(request.header('authorization'), 'base64').toString('utf8');
+  var splitIndex = authHeader.indexOf(':');
+  if (splitIndex === -1) {
+    return emailPlugin.returnError(emailPlugin.errors.INVALID_REQUEST, response);
+  }
+  var email = authHeader.substr(0, splitIndex);
+  var secret = authHeader.substr(splitIndex + 1);
+
+  var key = request.param('key');
+  if (!secret || !email || !key) {
+    return emailPlugin.returnError(emailPlugin.errors.MISSING_PARAMETER, response);
+  }
+
+  emailPlugin.retrieveDataByEmailAndPassphrase(email, key, secret, function (err, value) {
+    if (err) {
+      return emailPlugin.returnError(err, response);
+    }
+    response.send(value).end();
+  });
+};
+
 /**
  * Marks an email as validated
  *