Forum Discussion

akshays's avatar
2 years ago

Any way to make Khoros API calls from development servers?

Is there any way to make Khoros API calls i.e. following the OAuth authorization grant flow from a 3rd party locally hosted dev server without getting into CORS issues?. I require to test these calls and build a third-party app which communicated to Khoros. 

It does work on Postman but not on the dev server.

6 Replies

  • I recommend installing and using cors in the development node express server like below:

    npm install cors


    const express = require("express");
    const cors = require("cors");
    const app = express();
    app.use(cors());

  • MattV's avatar
    MattV
    Khoros Staff
    2 years ago

    You can reach out to support and ask them add the domain you are making the call from to the allowed origin list.

  • akshays's avatar
    akshays
    Ace
    2 years ago

    Thanks!. I am actually running a React app locally. Haven't built a backend yet. Apologies for not being clear before.

    I tried getting the Khoros Access Token from a locally hosted express app and it works fine, majorly because it is not running into the Browser's CORS policy. 

    Could there be any way to do the same for the React app?

  • akshays's avatar
    akshays
    Ace
    2 years ago

    Thanks. Currently I am hosting and running the app locally, so it is a localhost: address. Not sure if they can whitelist that.

  • AmanMalhotra's avatar
    AmanMalhotra
    Expert
    2 years ago

    Hi akshays 

    I don't think you can directly hit API calls from the Localhost React App to the Community APIs, you need to make a server (a simple node or express server) that will run on another port on localhost and there you can HIT API calls and if you want you can trigger those API calls from frontend to your local server and then local server to Khoros APIs.


    If you think my comments are helpful, do like my comments!

  • MattV's avatar
    MattV
    Khoros Staff
    2 years ago

    Ah, that makes sense. Your other option would be to ask support to disable CORS entirely. Obviously not recommended for prod, but could work for you on stage.