Skip to content

Cross-Origin Requests

It is possible to integrate the UbiOps API in a website or browser based application. In that case, the browser of the end user will be making Cross-Origin requests: the domain of the UbiOps API ( will be different from the domain of the application.

By default, these types of requests are blocked by web browsers for security reasons. A domain needs to be configured explicitly to be allowed to make requests to the external source using a technique called Cross-Origin Resource Sharing (CORS). For more information about CORS, see Wikipedia.

Configuring Cross-Origin Resource Sharing in UbiOps

In case of the UbiOps API, this means that the origin (domain) of the website or application you want to access the UbiOps API from needs to be whitelisted in UbiOps. When a request is made from an origin that is whitelisted, UbiOps will include the correct CORS headers in the request response, such that the browser of the end user can validate the request and lets it through.

Whitelisting of origins in UbiOps can be done in the projects settings. When creating or updating a project, you can specify one or multiple origins where requests are allowed to come from. Then, when a request is made for this project, the request response has CORS headers added to it if the origin is included in the whitelist.

Note that the origin needs to be configured including the protocol, domain and port, but excluding any URL path or parameters. For example, the following are valid origins: