Problem with CORS Domain

Report Inappropriate Content · ‎Dec 21, 2017

We have a custom domain and we try to make requests on Hubspot API, but, the requisitions doesn’t allowed by API.

All files are in the Hubspot Server, someone can help me?

Thanks;

Derek_Gervais · ‎Jan 4, 2018

The issue comes from the fact that you’re making cross origin requests, not with where the JavaScript file is hosted. As long as the request being made to the HubSpot APIs (api.hubapi.com) is coming from a server, not the client, you should be fine.

Derek_Gervais · ‎Dec 29, 2017

Hi @caico,

Yes: In order to make AJAX requests, you have to make your requests to an external server, since the HubSpot CMS doesn’t support CORS requests.

Report Inappropriate Content · ‎Jan 3, 2018

If my JavaScript file is on an external server but being called inside the Hubspot platform should it work? Or should I build my entire platform off to use the API?

Derek_Gervais · ‎Dec 22, 2017

Hi @caico,

At this time, HubSpot APIs do not support support cross-origin (CORS) AJAX requests. Making the request client-side using JavaScript would expose any authentication you’re using for the request. For this reason, I’ve deleted the screenshot you attached (since your hapikey was visible). You might want to consider deactivating that hapikey and generating a new one since it was visible on the forum for a while.

In order to use JavaScript/AJAX, you would need to make the request (excluding any authentication) to an external server that could then add the needed authentication and make requests to HubSpot’s APIs server-side.

Report Inappropriate Content · ‎Dec 26, 2017

Ok, I’ll change the hapikey but, the recommendation is to use an external server and not use the API within Hubspot?

APIs & Integrations