0

I'm trying to replicate a Curl request to download a PDF in Ajax. The Curl requests are explained in the PDF Filler docs here. The following Curl request successfully yields a response of the file content:

curl -X "GET" "https://api.pdffiller.com/v1/fillable_template/DOCUMENT_ID/download" -H "Authorization: Bearer API_KEY_FROM_STEP1"

I've tried the following Ajax:

$.ajax({
    method: 'GET',
    url: 'https://api.pdffiller.com/v1/fillable_template/DOCUMENT_ID',
    headers: {
      Authorization: 'Bearer API_KEY_FROM_STEP1',
    },
})

Which yields the following error message:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I've also tried xhr for the header, which also gives the same error:

$.ajax({
    method: 'GET',
    url: 'https://api.pdffiller.com/v1/fillable_template/DOCUMENT_ID',
    beforeSend: function(xhr) {
        xhr.setRequestHeader('Authorization', 'Bearer ' + 'API_KEY_FROM_STEP1');
        xhr.setRequestHeader('Accept-Language', 'en_US');
    },
})

Any thoughts on where I'm going wrong? Thanks!

DanielBarbarian
  • 5,093
  • 12
  • 35
  • 44
sjf125
  • 1
  • 1
  • 3
  • Possible duplicate of [Origin is not allowed by Access-Control-Allow-Origin](http://stackoverflow.com/questions/10143093/origin-is-not-allowed-by-access-control-allow-origin) – Bert Aug 19 '16 at 13:47
  • Thanks @Bert, but it seems like most of those answers assume I have control over the server, which I do not in this case. – sjf125 Aug 19 '16 at 13:56
  • Then you have to ask the owner of the site to allow you to do cross-domain requests. – Bert Aug 19 '16 at 13:58

1 Answers1

2

You need to add CORS headers to your request too, because you want to do a cross-domain request. Your requested url must allow CORS too, but because it is an API call, it should be allowed on their side ...

$.ajax({
    method: 'GET',
    url: 'https://api.pdffiller.com/v1/fillable_template/74275400',
    crossDomain: true,
    xhrFields: {
        withCredentials: true
    },
    headers: {
        Authorization: 'Bearer S1qAS0YFCfUbRemx2OGaeUcmm6mni1EXK3T1FkkL',
    },
});
eisbehr
  • 12,243
  • 7
  • 38
  • 63
  • That makes sense that I need to add CORS, but running the code above gave me the same error message :/ – sjf125 Aug 19 '16 at 13:52
  • Well, it ssem that `api.pdffiller.com` not allow cross domain requests then. @Sean Are you sure you are allowed to use this api? – eisbehr Aug 19 '16 at 13:56
  • I guess I'll have to email them, but I have a paid account and an API key. What would be the point of an API you can only make Curl requests on? – sjf125 Aug 19 '16 at 14:30
  • Browsers blocking it for security reasons. Others like curl ignoring it. @sjf125 – eisbehr Aug 19 '16 at 14:37