Permitting web browsers to access a REST API by using Cross-Origin Resource Sharing
Permit web pages that are running in a web browser to make requests to a REST API that is running in IBM® Integration Bus by enabling Cross-Origin Resource Sharing (CORS).
You must create a REST API in the IBM Integration Toolkit, see Creating a REST API.
Before you begin
You can permit a web browser to access a REST API by using CORS. When you enable CORS on an integration server, it is enabled for all REST APIs and any other HTTP services that are running on that integration server. You are not required to configure CORS for each REST API that you deploy.
About this task
To permit a web browser to access a REST API, complete the following steps:
- Configure the integration server HTTP listener to enable CORS, see Permitting web browsers to access deployed HTTP services by enabling Cross-Origin Resource Sharing.
Ensure that the CORS configuration meets the requirements for all operations that are deployed in the REST API.
To permit cross-origin requests for additional HTTP methods, additional HTTP headers, or to allow authentication information to be passed into the REST API, you might have to change some extra parameters.
Your web browser can access a REST API by using CORS.
You must package and deploy your REST API to an integration server, see Packaging and deploying a REST API.
What to do next
You can also complete the following optional tasks:
- Secure your REST API by using HTTPS for encrypting communications between client and server, see Securing a REST API by using HTTPS.
- Secure your REST API by authenticating users with HTTP Basic Authentication, see Securing a REST API by using HTTP Basic Authentication.