-1

I have following API with Javscript API for fast2sms.com:

function sendOtp() {
    var settings = {
            "async": true,
            "crossDomain": true,
            "url": "https://www.fast2sms.com/dev/bulkV2",
            "method": "POST",
            "headers": {
                "authorization": "APICodeOfMyAccount",
                "Content-Type":"application/json",
                "accept": "*/*",
          "cache-control": "no-cache",
            },
            "data": {
                "route": "v3",
                "sender_id" : "TXTIND", 
                "language" : "english",
                'flash':0,
                "message": 'Abccompany.com: '+Math.floor(100000 + Math.random() * 900000)+' is your OTP.' ,
                "numbers": $('#sendOtpForm input[name="mobileNumber"]').val()
            }
        }
    
        $.ajax(settings).done(function (response) {
            console.log(response);
        });

I have called sendOtp function on button click, but it does not work. If I used API using PHP according to API documentation Fast2sms.com, then sms is sent successfully.

But, if I use API wih Javascript, then CORS Policy error is displayed:

enter image description here

Why Php works so easily and Javscript API is causing too much trouble? Any help will be highly appreciated.

Ishpreet
  • 659
  • 5
  • 19
  • 1
    seems that API doesn't allow the `authorization` header - the reason it works with PHP is because it won't be cross origin from a server – Bravo Aug 08 '21 at 08:55
  • You can read documentation. whatever, they have written, I have written. Same PHP code which is provided by Documentation works, but why same Javascript code not works, why? – Ishpreet Aug 08 '21 at 08:56
  • 1
    it works in PHP because PHP runs on the server and isn't subject to cross origin protection - while that API seems to send some CORS responses, it seems it wasn't meant to be used from a browser - perhaps so you don't expose your authorisation key to the internet? – Bravo Aug 08 '21 at 08:59
  • you say I can read documentation ... well, perhaps if you actually linked to some I could, but your documentation link is a FAIL – Bravo Aug 08 '21 at 09:00
  • I see that you've done code similar to their example - if it doesn't work it's because fast2sms.com don't know how to allow CORS properly - however, you've triggered a pre-flight by adding headers not present in the example code ... remove the two headers you've added that don't appear in the documentation – Bravo Aug 08 '21 at 09:02
  • Then, there is no way to solve it? – Ishpreet Aug 08 '21 at 09:09
  • I don't know - did you try to duplicate the documented code? – Bravo Aug 08 '21 at 09:15
  • Completely same, just changed API key and contact number, still not worked. – Ishpreet Aug 08 '21 at 09:18
  • Now, I gave a try with GET method. GET method is working fine. POST method is not working. I will go with GET method now. – Ishpreet Aug 08 '21 at 09:23
  • did you try to do it using exactly the code documented in your link ... i.e. remove the headers you added – Bravo Aug 08 '21 at 09:24
  • @Bravo: Yes, initially I tried with one header only only. That didn't worked, then I added 2-3 more headers to check that it may work. But, unfortunately, adding more header information didn't give me output, just same error was showing. – Ishpreet Aug 08 '21 at 09:26
  • Well, that means `fast2sms.com` is wrong, maybe they need to know – Bravo Aug 08 '21 at 09:28
  • fast2sms are probably quite aware that they haven't granted permission to browsers to access their service directly and aren't remotely wrong to do so because if you give your API key to every visitor to your website then they can take it and use it to send their own messages. – Quentin Aug 08 '21 at 09:32

1 Answers1

-2

I gave a try with GET method. GET method is working fine. POST method is not working. I will go with GET method now

Ishpreet
  • 659
  • 5
  • 19