question

Kevin Prettre avatar image
Kevin Prettre asked surabhi published

CORS preflight and Authorization Header

Hi,

it seems that you can't really call the REST API without sending the access_token as a query param, because the Authorization Header is not send during the OPTION preflight.

Example will better explain. 1/ you can the REST API through an Ajax call, and you plan to pass the access_token through the Authorization header (Authorization: Bearer mytoken). 2/ You brower does a preflight OPTION call WITHOUT that header (since it's asking CORS if that header is allowed) 3/ Clover API answer with a 401, because access token is missing.

No other choice than to pass access token as a query param.

Has anyone been able to work only with the Authorization header ?

Thanks people

1 comment
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

kocurek avatar image kocurek commented ·

I can't even get the query param option to work in IE.

0 Likes 0 ·
rawrkats avatar image
rawrkats answered

You know I've been dealing with issue 6+ months after this was originally posted. I cannot establish a reliable connection to the clover API without putting the access_token directly in the query string.

Ridiculous, considering the docs specifically advise against doing that, and it does NOT support CORS....

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

surabhi avatar image
surabhi answered surabhi published
I am facing this issue even when I am passing access_token in my query string for posting an order. I am getting 401 error - "Response for preflight has invalid HTTP status code 401". I tried setting it in authorization header also, but the same issue. Has anyone tried to post an order with access token in sandbox?
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community