Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

CORS issues when trying out API in swagger UI.

When trying out an API (either in admin portal or in developer portal) you may encounter CORS issues. First of all, you should make sure that your API (either in your backend or via gateway policies) handles CORS correctly and allows calls from our frontend.

In addition, we have noticed another, more subtle problem: If your OpenAPI document is configured to pass the api-key as a query parameter everything should work. But if your OpenAPI document is configured to pass the api-key inside a header, you may encounter unexpected CORS errors. This is most likely because the browser does not include the api-key header in the preflight requests (OPTIONS calls). The preflight requests will then fail, because the gateway rejects them as unauthorized and the browser reports a CORS error. The solution is to make sure that your gateway allows preflight requests even without api-keys. How excatly this is done, depends on your platform, but generally, you want to add some policy to pass through any OPTIONS requests without requiring an api-key.

Table of Contents

Table of Contents
minLevel1
maxLevel6
include
outlinefalse
indent
styledisc
exclude
typelist
class
printabletrue