masterT
commented
7 years ago Hi @nitins1, all your API requests should be made on the server side.
Closed nitins1 closed 7 years ago
masterT
commented
7 years ago Hi @nitins1, all your API requests should be made on the server side.
t3chnoboy
commented
7 years ago Hi!
I don't think Amazon product api allows setting cors headers.
That means you can't make requests to the api from the browser (unless you disable the browser security checks, for example in chrome: http://stackoverflow.com/questions/17679399/does-disable-web-security-work-in-chrome-anymore).
Even if somehow you manage to run this on the front-end, users will see your credentials(which must be secure and shouldn't be exposed to the users) by looking at the script code or the network inspector. So I'd suggest you to use this library on the back end. The easiest way would be something like this https://github.com/t3chnoboy/amazon-product-api#example-1
nitins1
commented
7 years ago Thank you both for the quick responses :)
@masterT by "server side" do you mean in my server.js file?
@t3chnoboy I'm trying to understand what is happening in your example, and how it applies to my server file.
Instead of koa, I'm using express, right? and that is okay?
How does process.env.AWS_TAG know your AWS Tag? Can I replace this with a string?
Where is the response going to in the request made in this code block?
app.get('/amazon/:index', function* (){
this.body = yield client.itemSearch({
keywords: this.query.title,
searchIndex: this.params.index,
responseGroup: 'ItemAttributes,Offers,Images'
});
});Specifically, should I replace /amazon/:index with index.html or the path to my index.html file? Will this.body point to the file in that path?
t3chnoboy
commented
7 years ago @masterT by "server side" do you mean in my server.js file?
yep
How does process.env.AWS_TAG know your AWS Tag? Can I replace this with a string?
process.env contains your environment variables.
So you can either pass your credentials as the environment variables like this:
env AWS_TAG=your_aws_tag AWS_ID=xxxxxxxx node server.jsOr, as you mentioned, you can simply use a string.
Instead of koa, I'm using express, right? and that is okay?
heh, of course this is fine 😄
Where is the response going to in the request made in this code block?
In the koa example this.body = sets the response text
and this.query/this.params contain the request params/query.
Specifically, should I replace /amazon/:index with index.html or the path to my index.html file? Will this.body point to the file in that path?
no, /amazon/:index is the url where the requests from the front-end should come to.
I have an express server that is listening to port 3000
The index.html file is pointing to a js file called bundled.js
<script type="text/javascript" src="dist/bundled.js"></script>I am using browserify to make bundled.js from scripttest.js, because I get an error (require is not defined) from
var amazon = require('amazon-product-api');. scripttest.js looks like this:replacing the credentials of course.
The error I'm getting now is "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."
I believe the issue is arising because I'm not making a call on the domain that I registered for the product developer api with, but instead on localhost.
After googling the error message, I am aware of this article in the docs: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html#how-to-cors-prerequisites am not sure how to implement the instructions in the article or if there is another solution to get this working?
Beginner here so ELI5 if possible, thanks.