Level 3

Solved

CORS Policy Error while calling token API programmatically

Forum|Forum|2 years ago
March 29, 2023
2 replies
2111 views

Hi,

we’re trying to fetch profile & event details via API. To establish a connection with AEP, we are using token api to generate token which return CORS policy error. Please note this error occurs only when we try to access token api programmatically. With Postman, it works.

Token API End Point : https://ims-na1.adobelogin.com/ims/exchange/jwt/

Payload : {

“client_id” : “<clientId>”,

“client_secret”:”<clientSecret>”,

“jwt_token”:”<jwtToken>”

}

Error :

Access to fetch at 'https://ims-na1.adobelogin.com/ims/exchange/jwt/' from origin '<origin>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Thanks.

Experience Platform

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Manoj_Kumar

Hello @vikashyadav

The right way to call the API would be in a backend code.

The CORS issue occurs when you call the API on the front end with JS code, which is not secure as it will expose your API credentials.

Suppose you want to use the API on the front end. I suggest creating an API endpoint within your original website to generate the TOKEN so you can do any API call from the backend code without exposing the credentials. With this approach, you won't face the CORS issue because you will use the same domain for the API request.

arijitg

Adobe Employee

@vikashyadav once check please if your postman pre-request script is incorporated correctly in your program.

V

VikashyadavAuthor

Level 3

Hi @arijitg,

Thanks for your reply.

Wondering pre-request script is needed to incorporate in program to call token api?

My understanding is we might need some response headers to be defined on the requested resource. Not sure how to add those headers/config on token resource.

We had similar issue with Pega connector which is resolved by adding headers on requested resource in Pega.

Pre-request script is heavily using environment variables and not sure how to incorporate while calling API from JAVA program.

Also, didn't see anything related to pre-request script on Adobe Doc. https://experienceleague.adobe.com/docs/experience-platform/landing/platform-apis/api-authentication.html#generate-an-access-token

I feel it should be straight forward without complicating much from API consumer side.

Thanks.

arijitg

Adobe Employee

@vikashyadav For Reference If This Helps :

https://developer.adobe.com/developer-console/docs/guides/authentication/JWT/samples/

Manoj_Kumar

Accepted solution

Community Advisor

Hello @vikashyadav

The right way to call the API would be in a backend code.

The CORS issue occurs when you call the API on the front end with JS code, which is not secure as it will expose your API credentials.

Suppose you want to use the API on the front end. I suggest creating an API endpoint within your original website to generate the TOKEN so you can do any API call from the backend code without exposing the credentials. With this approach, you won't face the CORS issue because you will use the same domain for the API request.

Manoj | https://themartech.pro

V

VikashyadavAuthor

Level 3

Thanks @_manoj_kumar_ ,

we were testing these api and quick way was through JS. But now we moved entire code into backend which works. Thanks.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded