Hi,
we’re trying to fetch profile & event details via API. To establish a connection with AEP, we are using token api to generate token which return CORS policy error. Please note this error occurs only when we try to access token api programmatically. With Postman, it works.
Token API End Point : https://ims-na1.adobelogin.com/ims/exchange/jwt/
Payload : {
“client_id” : “<clientId>”,
“client_secret”:”<clientSecret>”,
“jwt_token”:”<jwtToken>”
}
Error :
Access to fetch at 'https://ims-na1.adobelogin.com/ims/exchange/jwt/' from origin '<origin>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Thanks.
Solved! Go to Solution.
Views
Replies
Total Likes
Hello @vikash4
The right way to call the API would be in a backend code.
The CORS issue occurs when you call the API on the front end with JS code, which is not secure as it will expose your API credentials.
Suppose you want to use the API on the front end. I suggest creating an API endpoint within your original website to generate the TOKEN so you can do any API call from the backend code without exposing the credentials. With this approach, you won't face the CORS issue because you will use the same domain for the API request.
Views
Replies
Total Likes
Hi @arijitg,
Thanks for your reply.
Wondering pre-request script is needed to incorporate in program to call token api?
My understanding is we might need some response headers to be defined on the requested resource. Not sure how to add those headers/config on token resource.
We had similar issue with Pega connector which is resolved by adding headers on requested resource in Pega.
Pre-request script is heavily using environment variables and not sure how to incorporate while calling API from JAVA program.
Also, didn't see anything related to pre-request script on Adobe Doc. https://experienceleague.adobe.com/docs/experience-platform/landing/platform-apis/api-authentication...
I feel it should be straight forward without complicating much from API consumer side.
Thanks.
@vikash4 For Reference If This Helps :
https://developer.adobe.com/developer-console/docs/guides/authentication/JWT/samples/
Hello @vikash4
The right way to call the API would be in a backend code.
The CORS issue occurs when you call the API on the front end with JS code, which is not secure as it will expose your API credentials.
Suppose you want to use the API on the front end. I suggest creating an API endpoint within your original website to generate the TOKEN so you can do any API call from the backend code without exposing the credentials. With this approach, you won't face the CORS issue because you will use the same domain for the API request.
Views
Replies
Total Likes
Thanks @_Manoj_Kumar_ ,
we were testing these api and quick way was through JS. But now we moved entire code into backend which works. Thanks.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies