### What do I do when Bloomreach Engagement API returns an HTTP 400 error?


Generally, this error is usually returned for API requests, which sent somehow incorrectly formatted request body (usually JSON).

Common root causes might be:

  1. Valid JSON format but invalid JSON content (missing mandatory fields, etc.).

  2. Invalid JSON format.


The first root cause requires carefully reading specific API endpoint documentation, especially the mandatory fields.

The second root cause might return the following example of a general HTTP 400 error.

In that case, try to verify whether your request body is not automatically compressed by **gzip**. If yes, disable gzip API compression.

### CORS issue: Why am I unable to make API requests to Bloomreach from my page?


Bloomreach [API endpoint](🔗) does not allow any API requests from the front end. Such requests are filtered based on the origin of headers and denied if the origin is different from the API domain. The precise mechanism behind the headers is described [here](🔗).

This measure is in place to prevent malicious agents from intercepting your API keys, possibly exposing you to an attack with drastic consequences. The only way to interact with our API from the front end is to use the predefined functions of our Javascript SDK, described [here](🔗).

You can still use third-party web-based tools such as Postman to test your requests directly from the browser, but the origin of the request should not be a webpage (in the case of Postman, the actual request is being fired from their server's back end).


There is no way to set up API requests to Bloomreach directly from a webpage. You can still combine Javascript SDK functions and [Jinja personalization](🔗) to build sophisticated use cases or reach out to our consultancy team in case you are struggling.

You can also build your own solution with the requests first sent to your own API endpoint or a server-side application which would then request ours, process the response, and return the results to the webpage.