Avatar

Getting kintone app records data from other domain by RestAPI

Salman Quader

I'm new in kintone. in kintone subdomain, everything are working properly. But When i try to get records data from other domain using ajax request then it returns an error like,

return error----
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at https://atom.kintone.com/k/v1/record.json?app=1&id=1.
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

my code example:

 var params = '?app=1&id=1';
var url = 'https://atom.kintone.com/k/v1/record.json' + params;

var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
xhr.setRequestHeader('Access-Control-Allow-Origin', '*');
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X-Cybozu-API-Token', 'api-token-string');

xhr.onload = function() {
if (xhr.status === 200) {
// success
console.log(JSON.parse(xhr.responseText));
} else {
// error
console.log(JSON.parse(xhr.responseText));
}
};
xhr.send();

But when i try in postman then it works properly.

Again, I used kintone.proxy() it also doesn't work. it returns another error like,

return error---- ReferenceError: kintone is not defined

my code example is bellow,

var url = 'https://atom.kintone.com/k/v1/records.json';
var method = 'POST';
var headers = {
'Content-Type':'application/json',
'X-Cybozu-API-Token':'api-token-string',
'X-HTTP-Method-Override':'GET'
};
var params = {
app:1,
id:1
};

kintone.proxy(url, method, headers, params).then(function(r){
console.log(r);
}).catch(function(e){
console.log(e);
});

Please know me, How to get records data using RestAPI from other cross domain.

Follow 5 followers
1

5 comments

Avatar
Junko Werner 1 vote
Hi Salman,
 
XML request cannot be executed because of cross domain restrictions.
 
"Due to cross domain restrictions, communication between kintone.com and external sites using XHR(XMLHttpReuest) cannot be run. The Access-Control-Allow-Origin header cannot be added."
 
 
As an alternative option, kinton.proxy can be used.
 
Here is an example of code based yours.
 
  var url = 'https://<subdomain>.kintone.com/k/v1/record.json';
         var method = 'POST';
         var headers = {
         'Content-Type':'application/json',
         'X-Cybozu-API-Token':'<API token>'
         };

         var params = {
         app:<app ID>
         };       

        kintone.proxy(url, method, headers, params).then(function(r){
         console.log(JSON.parse(r));
         }).catch(function(e){
         console.log(e);
         });
"'X-HTTP-Method-Override':'GET'" is removed in this above example.
 
In your code, "records.json" has been registered multiple times, but in this case, the required parameters need to be specified, so only one time is registered in the above example.
 
 
Thanks.
 
Junko
1
Comment actions Permalink
Avatar
Sean R. Harris 0 votes

I'm also new to kintone and have the exact same issues. Here is my code and the error message I'm receiving (I was to follow the AWS walkthru and get responses back from the API, thanks Mo!):

CODE:

varmethod = 'POST';
varheaders = {
'Content-Type':'application/json',
'X-Cybozu-API-Token':'token',
'X-Cybozu-Authorization':'username:password'
};

varparams = {
app:7
};

kintone.proxy(url, method, headers, params).then(function(r){
console.log(JSON.parse(r));
}).catch(function(e){
console.log(e);
});

ERROR:
Access to XMLHttpRequest at 'https://{subdomain}.kintone.com/k/v1/records.json?{%22app%22:7}' from origin 'http://mysite.example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

In advance thanks for everyone's help!

0
Comment actions Permalink
Avatar
Sean Tachibana 0 votes

Hello Sean,

The error appears to be caused by a cross-domain constraint and  due to cross-domain restrictions, communication between kintone.com
and external sites using XHR(XMLHttpRequest) cannot be run.  The Access-Control-Allow-Origin header cannot be added.

Please refer to the following page for secure coding guidelines.

Secure Coding Guidelines:
https://developer.kintone.io/hc/en-us/articles/212494698-Secure-Coding-Guidelines

Also, since the errors don't seem to match up with the process, you're performing,
I was not sure about the situation you are going through the request you are running.

Are you trying to register records from kintone to kintone in a different environment?

Could you please be a little more specific about what you have done and what environment you are running the API in?

Thanks,
Sean

0
Comment actions Permalink