CORS Problem when add payout for using IRIS API

[mister-ard97]

I'm sorry if my question is out of topic. I send data from my web app to add payout using IRIS API with method POST, but why i get error CORS? But using POSTMAN, i can send method POST to IRIS API. Thanks. (I already hosting my web app with SSL )

[rizdaprasetya]

Hi @mister-ard97 please refer to this answer, which also apply to IRIS API:

For now that is expected you will get CORS issue when calling /transactions endpoint from frontend (at least until our Snap API team decided to allow CORS). Please send the API request securely from backend.

Because for security purpose, you should not call API which require Server Key authorization from Frontend. You are risking to expose your Server Key to public (which should be kept secret). Your Server Key on frontend code are easily accessible from client side. Server Key should be used from backend. You should send the frontend HTTP request to your backend first, which your backend should securely add the Authorization header, then send the request to the API.

Copied from https://github.com/veritrans/veritrans.github.io/issues/124#issuecomment-538284941

[mister-ard97]

Thank you for your kind response. We have changed the calling of API to Back-End and it worked!

[rizdaprasetya]

Great, thanks for confirming