Permitting web browsers to access a REST API by using Cross-Origin Resource Sharing

Permit web pages that are running in a web browser to make requests to a REST API that is running in IBM® App Connect Enterprise by enabling Cross-Origin Resource Sharing (CORS).

Before you begin

You must create a REST API in the IBM App Connect Enterprise Toolkit, see Creating a REST API.

About this task

Cross-origin resource sharing (CORS) is a mechanism for integrating applications. CORS defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. If your REST API is going to be used by client-side code that is running in a web browser, you might have to configure Cross-Origin Resource Sharing (CORS). You can permit a web browser to access a REST API by using CORS. When you enable CORS on an integration server, it is enabled for all REST APIs and any other HTTP services that are running on that integration server. You are not required to configure CORS for each REST API that you deploy.

Procedure

To permit a web browser to access a REST API, complete the following steps:

  1. Configure the integration server HTTP listener to enable CORS as described in HTTP listeners.
  2. Ensure that the CORS configuration meets the requirements for all operations that are deployed in the REST API.
    To permit cross-origin requests for additional HTTP methods, additional HTTP headers, or to allow authentication information to be passed into the REST API, you might have to change some extra parameters. For more information about requirements for a RESTAPI, see Developing integration solutions by using REST APIs.

Results

Your web browser can access a REST API by using CORS.

What to do next

You must package and deploy your REST API to an integration server, see Packaging and deploying a REST API.
You can also complete the following optional tasks: