0

There is an API I have to access with basic authorization,

Note that I don't have access to the server where the API is stored. I cannot modify the api and is created using ASP.net,

I can view the json data when I access the api's url on the browser after providing my credentials,

however, when I'm trying to retrieve the data via AJAX request I'm getting this error

OPTIONS https://apis url/HR/api/employees 405 (Method Not Allowed)

XMLHttpRequest cannot load https://apis url/HR/api/employees. 
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://xxx.xx.xx.xx' is therefore not allowed access. The response had HTTP status code 405.

how do I retrieve the json data in any legal means?

here is my code 

function getDataF()
            {
                var _token = $("input[name='_token']").val();
                $.ajax({
                    xhrFields: {
                        withCredentials: true
                    },
                    headers: { 
                        'Authorization': "Basic encryptedvalue_here"
                    },
                    url: 'https://apis url/HR/api/employees',
                    type: 'GET',
                    dataType: 'json',
                    contentType: "application/json",
                    success: function(response){  
                        console.log(response);
                    }
                });
            }
Phil
  • 157,677
  • 23
  • 242
  • 245
apelidoko
  • 782
  • 1
  • 7
  • 23
  • this might help: https://stackoverflow.com/questions/6114436/access-control-allow-origin-error-sending-a-jquery-post-to-google-apis – JJJ Aug 25 '17 at 03:40
  • – Md Hasibur Rahaman Aug 25 '17 at 03:42
  • i dont have access to the api itself, i cannot use jsonp because it will require me to wrap the json data with a function to make it jsonp, – apelidoko Aug 25 '17 at 03:53
  • 1
    If the server you’re trying to get data from requires authentication using the Authorization header & doesn’t allow the OPTIONS method, there’s no way you can access its responses cross-origin from frontend JS running in a browser—because your browser will never actually even get to the point of attempting to send the GET in your code. Instead the browser just stops after it gets that 405 response for the OPTIONS (CORS preflight). And having your frontend code make the request through a CORS proxy also won’t work in this case. So your only option is: instead make the request from backend code – sideshowbarker Aug 25 '17 at 04:06
  • thanks sideshow, well explained, Can you guarantee me that the solution to this problem is by allowing the OPTIONS method on the response header of the api, and adding the access-control-allow-origin with my ip address as the value, – apelidoko Aug 25 '17 at 04:12
  • Im wondering because they tested their api, they created a java app that would retrieve the json data., they were able to retrieve the data without any problem, they just added the authorization on the request header, they did not encounter allow origin and 405 error, – apelidoko Aug 25 '17 at 04:15

0 Answers0