CORS issue during Firing API Requests from your Webpage

Why am I unable to make API requests to Bloomreach from my page?

Bloomreach API endpoint does not allow any API requests from the front end. Such requests are filtered based on the origin of headers and denied if the origin is different from the API domain. The precise mechanism behind the headers is described here.

This measure is in place to prevent malicious agents from intercepting your API keys, possibly exposing you to an attack with drastic consequences. The only way to interact with our API from the front end is to use the predefined functions of our Javascript SDK, described here.

You can still use third-party web-based tools such as Postman to test your requests directly from the browser, but the origin of the request should not be a webpage (in the case of Postman, the actual request is being fired from their server's back end).

Is there a workaround?

There is no way to set up API requests to Bloomreach directly from a webpage. You can still combine Javascript SDK functions and Jinja personalization to build sophisticated use cases or reach out to our consultancy team in case you are struggling.

You can also build your own solution with the requests first sent to your own API endpoint or a server-side application which would then request ours, process the response, and return the results to the webpage.


Did this article help you?

Please provide your feedback. We would like to know if our help center is effective in solving your queries. You can also leave comments and suggestions on how we can make our help articles better. You can also suggest topics you’d like us to cover.