Using the API with AJAX

After encountering a few errors, it seems that it is not possible to use the Insightly API from inside a browser with javascript and AJAX, as the server doesn't set the 'Access-Control-Allow-Origin' header in its response.

Is this an intentional exclusion?

I'm working on a project without any sort of server-side interaction/computing, and so far I've managed to avoid the need for such. It would be nice if Insightly's API allowed for AJAX calls, exactly as it would allow for the same call made with a different language from a server.

1

Comments

2 comments
  • Official comment

    Hi Bryan,

    We do not support CORS in the API, primarily for security reasons, as a AJAX library that makes direct calls to the API server will expose user credentials.

    What you should do instead is set up an API proxy on your server that the AJAX script talks to. The proxy can then add user auth credentials in its request to the API server, and thus hide creds from the browser. This should be pretty straightforward to do as the proxy server doesn't need to parse or understand the requests (it just adds the Authorization header to the request it makes to Insightly, and then passes back whatever response it gets to the client).

    If you have any questions, let me know. Thanks,

    Brian McConnell

    Insightly Engineering Team

    Comment actions Permalink
  • Hi Brian,

    Thanks for the response. It actually took me longer than I'd like to realize that that was probably exactly the reason you guys wished to prevent AJAX requests, but that was well after I submitted this post. Thanks for confirming that for me!

    0
    Comment actions Permalink

Please sign in to leave a comment.