Getting kintone app records data from other domain by RestAPI

legacy_user · October 3, 2018, 4:35am

I’m new in kintone. in kintone subdomain, everything are working properly. But When i try to get records data from other domain using ajax request then it returns an error like,

return error----  
Cross-Origin Request Blocked: The Same Origin Policy disallows reading   
the remote resource at https://atom.kintone.com/k/v1/record.json?app=1&id=1.   
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

my code example:

 var params = '?app=1&id=1';  
 var url = 'https://atom.kintone.com/k/v1/record.json' + params;  
   
 var xhr = new XMLHttpRequest();  
 xhr.open('GET', url, true);  
 xhr.setRequestHeader('Access-Control-Allow-Origin', '\*');  
 xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');  
 xhr.setRequestHeader('X-Cybozu-API-Token', 'api-token-string');  
   
 xhr.onload = function() {  
 if (xhr.status === 200) {  
 // success  
 console.log(JSON.parse(xhr.responseText));  
 } else {  
 // error  
 console.log(JSON.parse(xhr.responseText));  
 }  
 };  
 xhr.send();

But when i try in postman then it works properly.

Again, I used kintone.proxy() it also doesn’t work. it returns another error like,

return error---- ReferenceError: kintone is not defined

my code example is bellow,

var url = 'https://atom.kintone.com/k/v1/records.json';
var method = 'POST';
var headers = {
'Content-Type':'application/json',
'X-Cybozu-API-Token':'api-token-string',
'X-HTTP-Method-Override':'GET'
};
var params = {
app:1,
id:1
};

kintone.proxy(url, method, headers, params).then(function(r){
console.log(r);
}).catch(function(e){
console.log(e);
});

Please know me, How to get records data using RestAPI from other cross domain.

legacy_user · October 5, 2018, 4:05pm

Hi Salman,

XML request cannot be executed because of cross domain restrictions.

“Due to cross domain restrictions, communication between kintone.com and external sites using XHR(XMLHttpReuest) cannot be run. The Access-Control-Allow-Origin header cannot be added.”

▼ Secure Coding Guidelines
https://developer.kintone.io/hc/en-us/articles/212494698-Secure-Coding-Guidelines#storedata

As an alternative option, kinton.proxy can be used.

Here is an example of code based yours.

  var url = 'https://<subdomain>.kintone.com/k/v1/record.json';
         var method = 'POST';
         var headers = {
         'Content-Type':'application/json',
         'X-Cybozu-API-Token':'<API token>'
         };

         var params = {
         app:<app ID>
         };       

        kintone.proxy(url, method, headers, params).then(function(r){
         console.log(JSON.parse(r));
         }).catch(function(e){
         console.log(e);
         });

“‘X-HTTP-Method-Override’:‘GET’” is removed in this above example.

In your code, “records.json” has been registered multiple times, but in this case, the required parameters need to be specified, so only one time is registered in the above example.

▼ kintone Proxy
https://developer.kintone.io/hc/en-us/articles/213148917-kintone-Proxy

Thanks.

Junko

legacy_user · October 9, 2018, 10:59pm

Hello, Salman.

In order to access Kintone API from an external site, you may want to use API Gateway service such as Amazon API gateway.

I personally have an experience in this situation and wrote a blog.

Please refer to this blog link:

https://fujibiz.com/blog/was/get-kintone-data-into-external-microsite-via-aws/

Best regards,

Mo

legacy_user · October 31, 2018, 4:50am

Thank you Junko Werner & Mo.

legacy_user · July 16, 2020, 3:10pm

I’m also new to kintone and have the exact same issues. Here is my code and the error message I’m receiving (I was to follow the AWS walkthru and get responses back from the API, thanks Mo!):

CODE:

varurl = ‘https://{subdomain}.kintone.com/k/v1/record.json’;

varmethod = ‘POST’;

varheaders = {

‘Content-Type’:‘application/json’,

‘X-Cybozu-API-Token’:‘token’,

‘X-Cybozu-Authorization’:‘username:password’

};

varparams = {

app:7

};

kintone.proxy(url, method, headers, params).then(function(r){

console.log(JSON.parse(r));

}).catch(function(e){

console.log(e);

});

ERROR:
Access to XMLHttpRequest at ‘https://{subdomain}.kintone.com/k/v1/records.json?{%22app%22:7}’ from origin ‘http://mysite.example.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

In advance thanks for everyone’s help!

legacy_user · July 17, 2020, 5:51pm

Hello Sean,

The error appears to be caused by a cross-domain constraint and due to cross-domain restrictions, communication between kintone.com
and external sites using XHR(XMLHttpRequest) cannot be run. The Access-Control-Allow-Origin header cannot be added.

Please refer to the following page for secure coding guidelines.

Secure Coding Guidelines:
https://developer.kintone.io/hc/en-us/articles/212494698-Secure-Coding-Guidelines

Also, since the errors don’t seem to match up with the process, you’re performing,
I was not sure about the situation you are going through the request you are running.

Are you trying to register records from kintone to kintone in a different environment?

Could you please be a little more specific about what you have done and what environment you are running the API in?

Thanks,
Sean