Making cross-origin, browser-side API requests

If I want to make a app that creates and reads tickets for unauthenticated end-users, who would I set up authentication with the Zendesk API? Or end-user do not have a Zendesk-account.

Hello Vivace,

The token should be specified in the "request.setRequestHeader",please try the below

  request.setRequestHeader("Authorization", "Bearer " + token);

Hi

I want to use API with localhost, so I've made OAUTH with http://127.0.0.1:8080/zoauth/ticket_details.html

However, it keeps giving me 'invalid_token'. The only thing I changed from your demo code is putting my OAUTH token in makeRequest() manually like 'makeRequest(oauth, ticket_number)'.

But it keeps giving me 401 unauthorized.

Hi Jon,

Zendesk only implements CORS for API requests authenticated with OAuth access tokens, not basic authentication. Example:

request.setRequestHeader("Authorization", "Bearer " + access_token);

See the article above for all the details of getting and using an OAuth access token.

Hi!

I'm facing an issue with Ticket Imports.

Cors policy states that when a resource is protected by any kind of authentication mechanism (http basic, token...) Access-Control-Allow-Credentials cannot be '*' (everywhere).

I'm trying to implement an application which makes use of Ticket Imports and I cannot use it.

Is there something I can do? I believe the AJAX call is being performed correctly, but the answer isn't well (the ticket gets created but I receive that error).

My code snipet:

var request = new XMLHttpRequest();
request.withCredentials = true;
var url = "https://***.zendesk.com/api/v2/imports/tickets.json";
request.open('POST', url, true);

request.setRequestHeader("Authorization", "Basic *****");

request.onreadystatechange = function() {
  if (this.readyState == 4 && this.status == 200) {
    // do something
  }else{
    // do something else
  }
};
request.send(jsonObjStr);