In my web app (running inside the browser), I’m calling /auth/v1/refresh REST api to get a new access token. However, it fails with the following error message in Chrome:
XMLHttpRequest cannot load https://api.hubapi.com/auth/v1/refresh?refresh_token=xxx&client_id=xxx&grant_type=refresh_token. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://myapp.mydomain.com’ is therefore not allowed access.
Below is my request header:
Accept-Encoding:gzip, deflate, br
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Below is my response header:
Date:Fri, 19 Aug 2016 08:19:01 GMT
If I use a Chrome plugin to force add the CORS header, it works just fine. So it looks like CORS header from hubspot server side is the only missing piece for this API to work. Could you please advice whether I missed something or this is a bug in refresh API?