Getting Kintone App's Record data from another domain via REST API

How to get record data using REST API from another domain?

I am trying to extract Records data from another Kintone Subdomain using AJAX request.
However, I get the following error:

return error----
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://SUBDOMAIN.kintone.com/k/v1/record.json?app=1&id=1.
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

My Script:

var params = "?app=1&id=1";
var url = "https://SUBDOMAIN.kintone.com/k/v1/record.json" + params;

var xhr = new XMLHttpRequest();
xhr.open("GET", url, true);
xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
xhr.setRequestHeader("X-Cybozu-API-Token", "api-token-string");

xhr.onload = function () {
  if (xhr.status === 200) {
    // success
    console.log(JSON.parse(xhr.responseText));
  } else {
    // error
    console.log(JSON.parse(xhr.responseText));
  }
};
xhr.send();

:zap: When I execute the above code in Postman, then it works properly.

Using kintone.proxy()

When I used kintone.proxy(), it still did not work and returns the following Reference error:

return error---- ReferenceError: kintone is not defined

My script with kintone.proxy():

var url = "https://SUBDOMAIN.kintone.com/k/v1/records.json";
var method = "POST";
var headers = {
  "Content-Type": "application/json",
  "X-Cybozu-API-Token": "api-token-string",
  "X-HTTP-Method-Override": "GET",
};
var params = {
  app: 1,
  id: 1,
};

kintone
  .proxy(url, method, headers, params)
  .then(function (r) {
    console.log(r);
  })
  .catch(function (e) {
    console.log(e);
  });

Hi Salman,

XML requests cannot be executed because of cross-domain restrictions.

Due to cross-domain restrictions, communication between kintone.com and external sites using XHR(XMLHttpRequest) cannot be run. The Access-Control-Allow-Origin header cannot be added.

For more information, refer to the Secure Coding Guidelines article.

kintone.proxy() Option

As an alternative option, kintone.proxy() can be used.

Here is an example code based on yours:

var url = "https://<subdomain>.kintone.com/k/v1/record.json";
var method = "POST";
var headers = {
  "Content-Type": "application/json",
  "X-Cybozu-API-Token": "APP_TOKEN",
};

var params = {
  app: APP_ID,
};

kintone
  .proxy(url, method, headers, params)
  .then(function (r) {
    console.log(JSON.parse(r));
  })
  .catch(function (e) {
    console.log(e);
  });

:zap: “‘X-HTTP-Method-Override’:‘GET’” is removed in this above example.

In your code, “records.json” has been registered multiple times, but in this case, the required parameters need to be specified, so only one time is registered in the above example.

▼ kintone Proxy
Kintone Proxy - Kintone Developer Program

Thanks,
Junko

Hello, Salman.

In order to access Kintone API from an external site, you may want to use API Gateway service such as Amazon API Gateway.

I personally have an experience in this situation and wrote a blog.

Get kintone data into external microsite via AWS - Fuji Business Software Inc.

Best regards,
Mo

1 Like

Thank you Junko Werner & Mo.

 

I’m also new to Kintone and have the exact same issues.

Here is my code and the error message I’m receiving (I was to follow the AWS walkthru and get responses back from the API, thanks Mo!):

Code

var url = 'https://SUBDOMAIN.kintone.com/k/v1/record.json';
var method = 'POST';
var headers = {
  'Content-Type':'application/json',
  'X-Cybozu-API-Token':'token',
  'X-Cybozu-Authorization':'username:password'
};

var params = {
  app: APP_ID,
};

kintone.proxy(url, method, headers, params).then(function(r){
  console.log(JSON.parse(r));
}).catch(function(e){
  console.log(e);
});

Error

Access to XMLHttpRequest at 'https://SUBODMAIN.kintone.com/k/v1/records.json?app=1&id=7' from origin ‘http://mysite.example.com’ has been blocked by CORS policy:

Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Thank you in advance thanks for everyone’s help!

Hello Sean,

The error appears to be caused by a cross-domain constraint, and due to cross-domain restrictions, communication between kintone.com and external sites using XHR(XMLHttpRequest) cannot be run.

The Access-Control-Allow-Origin header cannot be added.

For more information, refer to the Secure Coding Guidelines article.

Also, since the errors do not seem to match up with the process, you’re performing, I was not sure about the situation you are going through the request you are running.

Are you trying to register records from Kintone to Kintone in a different environment?

Could you please be a little more specific about what you have done and what environment you are running the API in?

Thanks,
Sean