Hi @ashrivastava42 

You could try to allow CORS by editing the web.config of your instance:

<system.webServer>
     <httpProtocol>
         <customHeaders>
            <add name="Access-Control-Allow-Origin" value="http://111.111.111.111" />
            <add name="Access-Control-Allow-Methods" value="*" />
            <add name="Access-Control-Allow-Headers" value="*" />

Change the origin to the one you receive as a header in your request.

Thanks for your responce,

I have added the following code in config

<system.webServer>

<httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Methods" value="*" />
        <add name="Access-Control-Allow-Headers" value="*" />
      </customHeaders>
    </httpProtocol>

</system.webServer>

I am able to get token by

1. URL:{{AcumaticaInstance}}/identity/connect/token
2. Type:POST

but when I call following API and passing token value in header

2. URL:{{AcumaticaInstance}}/entity/default/23.200.001/Customer
3. Type:GET

getting error:- Access to XMLHttpRequest at 'https://abc.com/Acumatica24R1/entity/default/23.200.001/Customer' from origin 'https://xyz.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

whiling using this code

$.ajax({             
        url : 'https://abc.com/Acumatica24R1/entity/default/23.200.001/Customer',        
        type : 'GET',       
        headers: {        
        "Authorization": "Bearer " +tokenvalue)
        },   
        dataType:'json',
        success : function(data) {           
            console.log(data);
        },
        error : function(request,error) {
            console.log(request);            
        }
    });

You’re using a wildcard in your web.config. What might be the problem is that wildcard requests are only allowed for the requests without authorization - you can read about it at the mozilla web doc.

Try to specify allowed origins. methods and headers explicitly.

I’ve read that some people also create proxies to avoid the issue altogether, like in this topic:

In theory, you could also just disable CORS policy altogether in your browser, but it’s bad idea - security-wise and because this issue might happen at the production environment and you’ll have to deal with it anyway.

Thanks,

I have update the Config file with following

<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />
<add name="Access-Control-Allow-Headers" value="Authorization, X-PINGOTHER, Content-Type" />

again I am able to get token but not able to get data by GET API passing with token value

$.ajax({             
        url : 'https://abc.com/Acumatica24R1/entity/default/23.200.001/Customer',        
        type : 'GET',       
        headers: {        
        "Authorization": "Bearer " +tokenvalue)
        },   
        dataType:'json',
        success : function(data) {           
            console.log(data);
        },
        error : function(request,error) {
            console.log(request);            
        }
    });

Hi @ashrivastava42 were you able to find a solution? Thank you!

Not yet,