I wrote the following JavaScript to call a Smartsheet API:
$.get( "https://api.smartsheet.com/1.1/users/sheets", "Authorization: Bearer [My Access token]" )
.done(function( data ) {
alert( "Data Loaded: " + data );
});
But this threw the following error:
XMLHttpRequest cannot load https://api.smartsheet.com/1.1/users/sheets?Authorization:%20Bearer%[My Access token]. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
After some reading, I realized the code had to make a cross-origin resource sharing (CORS) request. I came upon the following code to do that using jQuery from here:
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
alert("cors created");
return xhr;
}
var xhr = createCORSRequest('GET', "https://api.smartsheet.com/1.1/users/sheets?Authorization=Bearer+[My Access token]");
if (!xhr) {
throw new Error('CORS not supported');
}
xhr.onload = function() {
var text = xhr.responseText;
alert('Response from CORS request: ' + text);
};
xhr.onerror = function() {
alert('Woops, there was an error making the request.');
};
xhr.send();
However, this again produces the same error in my browser console:
XMLHttpRequest cannot load https://api.smartsheet.com/1.1/users/sheets?Authorization=Bearer+[My Access token]. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
Am I headed in the right direction? How can I fix the issue?
Thanks.
As has been alluded to in the comments, the Smartsheet API does not currently support CORS.