Happy Business Starts Here

New Student

Is the Orders API CORS enabled?

Hi all - Thanks in advance for any help your help!

I'm attempting to create a new subscription via the Orders API. (The sandbox I'm using has Orders functionality enabled)

I have separately implemented the new account creation (Accounts API) and new payment method (payment-methods/credit-card API) via individual calls complete with CORS pre-flight.

For the new subscription piece I first tried to hit the api directly w/o CORS preflight. This produced an error indicating that the request was blocked due to CORS.  I then added the extra step to obtain an HMAC sig and token but the preflight fails with an error indicating the Orders API is not CORS enabled.  

Tags (2)
New Student

Re: Is the Orders API CORS enabled?

Some additional details:

Here is the error I get when I hit the orders API w/o preflight:

Access to XMLHttpRequest at 'https://rest.apisandbox.zuora.com/v1/orders' from origin 'http://localhost:8080' has been blocked by CORS policy: Request header field apiaccesskeyid is not allowed by Access-Control-Allow-Headers in preflight response.

and here is the error I get from the HMAC signatures API if I implement CORS preflight:

success: false,
processId: 'C33844F2DD871B4D',
[ { code: 59010020,
'\'https://rest.apisandbox.zuora.com/v1/orders\' is not allowed to call in manner of CORS.' } ]

It's as if the Orders API is and isn't CORS enabled at the same time...



New Student

Re: Is the Orders API CORS enabled?

Okay - figured this out... This issue was really just my misunderstading of CORS.  I was mistakenly thinking that non CORS enabled api's could all be hit directly from browser-based client.  After some experimentation and re-reading, I finally figured out that all of the calls need to come from the server and that CORS enablement allows calls from the client after the pre-flight token is returned.  The solution was to move the calls to non-CORS enabled APIs from the client into the server.