CORS - Cross Origin Resource Sharing
You can make CORS settings for the Login API endpoints that are included in delivery by default as well as for the API endpoints that you create. You can use the CORS settings to control from which websites or portals the API endpoints can be called (in the browser).
CORS settings for API login endpoints
The CORS settings for Login API Endpoint are made in the portal properties.
Step-by-step guide
Proceed as follows to make the CORS settings for API login endpoints:
-
Open the portal properties ("Portal" > "Properties")
-
Select the "Security" entry.
-
Go to the tab "CORS settings for login endpoints"
-
Click on the icon.
A dialog box for entering the origin domain is displayed.
-
Enter the origin domain.
For the origin domain to be valid, the protocol, host, and port (optional) must be specified.
-
Click on "OK".
The origin domain is displayed.
CORS settings for Application API endpoints
Step-by-step guide
Proceed as follows to make the CORS settings for Application API endpoints:
-
Start the application.
-
Click the "API Endpoints" area.
Make sure that the API endpoints view is activated.
("View" > "API endpoints")
-
Select the endpoint for which you want to make the CORS settings.
You can also mark multiple endpoints and make the CORS settings for all marked endpoints at the same time.
-
Click on the icon.
The "API Settings" dialog box is displayed.
Allow All Origins (*)
The "Allow All Origins (*)" option sets a wildcard as the origin, which allows access to the endpoints from all possible sources.
Use Whitelist
The whitelist can be used to allow endpoints to be called from individual sources. By default, an empty whitelist is selected. This allows the API endpoints to be called only from within the same domain.
-
Click the icon to create an entry in the whitelist.
-
Click on "OK".