Greetings Community,

I hope you’re doing well. I am currently encountering an issue with CORS (Cross-Origin Resource Sharing) for some of my APIs on the API Gateway. Specifically, I am facing a CORS issue for the AccessToken endpoint at https://xyz.com/invoke/pub.apigateway.oauth2/getAccessToken.

I would appreciate any advice or guidance on how to fix this CORS issue for the AccessToken endpoint. Any insights on this matter would be greatly appreciated. Thank you in advance for your assistance.

I am working with on premise Api-Gateway setup.

Can you share the exact error you are facing ?

Hy @Bharath_Meka1,

Below is error message am receiving in browser :

Access to XMLHttpRequest at: ‘url to API’ from origin ‘from where requrest is started’ has been blocked by CORS policy: Response to preflight request doesnt pass access control check No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Is it possible to export and share the API artifact?

Hello @mhaseeb.tariq, you can try to create some wrapper API for generating access token (and inside wrapper API routing policy, use https://xyz.com/invoke/pub.apigateway.oauth2/getAccessToken as a native endpoint) and then configure CORS in response processing policy of the wrapper API.

Note: Wrapper API will be pass-through API only where it simply takes JSON request payload and pass on to native endpoint and will return native’s response back to consumer.

Ask API consumers to invoke wrapper API instead of builtin getAccessToken endpoint. Hopefully this will solve CORS error you are currently seeing in case of built-in getAccessToken endpoint.

Thanks

I have the samen issue. And maybe a wrapper API will be a solution. I would like to have a fix so I can add the right CORS headers to the oauth getAccessToken endpoint.