Add a CORS domain

By default, browser security prevents one server making a client side HTTP request to another server unless the responding server specifies special instructions allowing the request from the originating domain.

CORS (Cross Origin Resource Sharing) allows services to get around this restriction by specifying a specific domain from which to allow requests. You will need to add CORS domains to your API if you are receiving a 401 status code with your response, and include your API key if you receiving a 401 (unauthorized).

Add CORS domains to your API

To add domain(s) to a specific API so that client side HTTP requests can be made from that domain, navigate to the API docs tab of the API Detail page.

Enter a domain into the input field under CORS Domains

on the left side of the screen and click Add to add a new domain. Individual domains can be removed by clicking the x next to the domain in the list.

Each time kimono receives a client-side HTTP request, we will iterate through every domain added to the CORS domains list attempting to find a match with the origin domain.

In the event that the origin domain matches one of your supplied domains, kimono will allow the request and respond with the Access-Control-Allow-Origin: {DOMAIN} response header.

Powered by Zendesk