Access an API (Billbee) with JavaScript & API key and basic authentification

Question

recently I started working with APIs and JavaScript. Now for testing with a "real" project I want to access data that is stored in the merchandise management system called Billbee. They offer an API and have a short documentation here: https://app.billbee.io//swagger/ui/index

In order to access data in the system, Billbee requires one to:

1. Contain a valid API Key identifying the application/developer. It has to be sent as the HTTP header X-Billbee-Api-Key
2. Contain a valid user login with billbee username and api password in form of a basic auth HTTP header

I tried my code on some other APIs without API Key and authentification and it worked. So probably there is something wrong with the authentification...

Here is the relevant part of my code:

var username = "***@***.de";
var password = "*******";
let xhr = new XMLHttpRequest();
xhr.open('GET', "https://app.billbee.io/api/v1/orders?tag=Picking", true);
xhr.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password));
xhr.setRequestHeader("X-Billbee-Api-Key", "D0A057BD-F2DA-4570-AE07-F051C8A967A6");
xhr.send();

In the console I get the following errors:

[Error] Preflight response is not successful

[Error] XMLHttpRequest cannot load https://app.billbee.io/api/v1/orders?tag=Picking due to access control checks.

[Error] Failed to load resource: Preflight response is not successful (orders, line 0)

Is there anything I missed?

Thanks for taking a look

Answer 1

Access-Control-Allow-Origin is a response header, it means that it comes from the API.

The browser is blocking you as it usually allows a request in the same origin for security reasons. You probably need to do some configurations on billbee.