0

Using the Postman Pro API, i have created a Postman mock for my collection.

I have created an example response for GET /auth/jwt/login which returns an example JWT token.

I have used the mock successfully via postman (including the x-api-key header) but when i try and use this in the browser, adding the header into my request (using axios), Postman responds to the preflight OPTIONS request with {"error":{"name":"invalidCredentialsError","message":"Please provide the required `x-api-key` authentication header."}}

as expected the browser is stripping the x-api-key header (as per CORS spec) see: How do you send a custom header in a cross-domain (CORS) XMLHttpRequest?

So how do i use the Postman mock servers from my application while in development?

Kieran
  • 35
  • 8

1 Answers1

0

This looks like it is missing the x-api-key in the preflight OPTIONS request. Can you inspect the OPTIONS request and see if the x-api-key header is being passed?

If the x-api-key is being passed then check if the response is sending a Access-Control-Allow-Origin: * header. If it is not then your CORS request will not work. The mock server needs to allow this and AFAIK this will be rolled out to all users soon.

Pratik Mandrekar
  • 9,362
  • 4
  • 45
  • 65
  • I also emailed help@getpostman.com and got the following response. ```We're aware of this, and will be rolling out support for CORS soon, hopefully within a week. Stay tuned to https://twitter.com/postmanclient for updates``` So looks like an issue on the Postman side not allowing for preflight. – Kieran Jul 12 '17 at 23:32
  • @Kieran - You should be able to use it now. Works for me. – Pratik Mandrekar Jul 20 '17 at 18:42