You can enable cross-origin resource sharing (CORS) support for your API. CORS allows embedded scripts in a web page to call the API across domain boundaries.
About this task
You can complete this task either by using either the API Designer UI application, or by using the browser based API Manager UI.
Procedure
To enable CORS support for an API, complete the following steps:
-
In the navigation pane, click
Develop, then select the APIs tab.
-
To enable CORS support for an existing API, click the API that you want to work with.
-
Select API Setup. Scroll to the Lifecycle
section, and select CORS.
-
Click Save to save your changes.
- Optional:
To implement your own CORS solution using custom OPTIONS operations,
complete the following steps:
-
Add the following headers to your HTTP responses:
Access-Control-Allow-Origin: https://<portalhostname>
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Where
<portalhostname> is your
Developer Portal host
name.
- Optional:
You can proxy your API through API Connect as an enforced
invoke API so that CORS is handled automatically.
Important:
- If you implement your own CORS solution, you must disable the CORS
option described in step 3
- CORS preflight requests are sent by using the HTTP
OPTIONS
method. Therefore,
if you require these requests to be handled by the API Connect gateway then you
must enable the OPTIONS
method for all APIs that will handle preflight requests;
see Defining Paths for a REST API.
OPTIONS
requests are counted as API calls against any configured rate limit.
Note that you can apply rate limits to individual operations; see Defining rate limits for an API operation.