Closed herenickname closed 6 years ago
Hello,
What will you use this for? What will you do with endpoints that require an API key?
It's probably best to just do these requests on a backend server and front-end talks to your server instead.
Thanks
Well, for example: http://ekifox.me/vgo/
Unfortunately, I need to use workarounds (CORS proxy) to work with your API.
Do not ask users for their API keys.
The key is not passed anywhere except your server. Check my code :(
Doesn't change the fact that you're collecting user credentials.
Also, you don't need the end-user's API key to retrieve inventories. Use your own API key and a backend server to make the request.
It's more like excuses than real help with a request to solve the cross-domain query problem. In my case, it's not possible to use my backend, because it's does not exist. My site is hosted on the github pages. Even if I use my backend, why should I create an extra load on my server and my key. Suddenly, users will find some kind of loophole in your API, and I will be to blame. I globally wanted to make utility services for your api, where you can not only parse inventory, but apply all sorts of filters, for example.
I assure you that if there were a legitimate reason to enable CORS for all domains, we would consider it. But collecting user credentials (even if you aren't sending them to your backend) is not acceptable under any circumstances.
We're glad that you want to build services around our API, but you need to be using your own key. It's a violation of the TOS for users to enter their API keys into your application. And it's especially a violation for you to be sending user API keys to an untrusted, third-party service, as you're doing now (even though you believe it to be "necessary").
It is impossible to write a single-page web application directly communicating with your API, because the browser does not allow to access your site.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.