Permitting web browsers to access a REST API by using Cross-Origin Resource Sharing

Permit web pages that are running in a web browser to make requests to a REST API that is running in IBM® Integration Bus by enabling Cross-Origin Resource Sharing (CORS).

Before you begin

You must create a REST API in the IBM Integration Toolkit, see Creating a REST API.

About this task

You can permit a web browser to access a REST API by using CORS. When you enable CORS on an integration server, it is enabled for all REST APIs and any other HTTP services that are running on that integration server. You are not required to configure CORS for each REST API that you deploy.


To permit a web browser to access a REST API, complete the following steps:

  1. Configure the integration server HTTP listener to enable CORS, see Permitting web browsers to access deployed HTTP services by enabling Cross-Origin Resource Sharing.
  2. Ensure that the CORS configuration meets the requirements for all operations that are deployed in the REST API.
    To permit cross-origin requests for additional HTTP methods, additional HTTP headers, or to allow authentication information to be passed into the REST API, you might have to change some extra parameters.


Your web browser can access a REST API by using CORS.

What to do next

You must package and deploy your REST API to an integration server, see Packaging and deploying a REST API.
You can also complete the following optional tasks: