Ajax post to JSON API

andywigan · July 14, 2015, 7:55am

I’m trying to use Ajax to POST a request to the new JSON API. The request works from the Companies House test page (which suggests that the Application key is correct) but is not working from an HTML page when served from the same domain as the Application JavaScript domain.

When I try the request below, I see the following error:

No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://ericernie.co.uk’ is therefore not allowed access. The response had HTTP status code 401.

$.ajax({
    url: "https://api.companieshouse.gov.uk/search/companies?q=sandstone",
    beforeSend: function(xhr) { 
      xhr.setRequestHeader("Authorization", "Basic  xxxxxxx"); 
    },
    type: 'GET',
    dataType: 'text',
	 crossDomain: true,
        async: false,
        cache: false,
    contentType: 'application/json',
    processData: false,
    success: function (data) {
      alert(JSON.stringify(data));
    },
    error: function(){
      alert("Cannot get data");
    }
});

Any help gratefully received.

Thanks

Andy

csmith · July 14, 2015, 9:46am

This might be because your AJAX query is not sending the Origin header. This is mandatory for CORS to work. See the following… let us know if that does fix your issue?

andywigan · July 14, 2015, 10:01am

Hi

I included the domain of the site when I registered the application key.

Is there a non-forum channel I can use to discuss this issue?

Thanks

Andy

andywigan · July 14, 2015, 1:06pm

Hi

The Origin header is specified in the request, and this matches (one of) the JavaScript domains configured against the account.

The browser console (in Chrome) is reporting the following errors:

12:35:33.421 This site makes use of a SHA-1 Certificate; it’s recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.1 companies

12:35:33.463 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.companieshouse.gov.uk/search/companies?q=sandstone&_=1436873733231. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).1

Thanks

Andy

clucas1976 · March 24, 2016, 4:18pm

I am having this issue now:- how was it resolved?

mfairhurst · March 29, 2016, 10:16am

@clucas1976

Could you possibly provide a snapshot of the request/response headers that are being sent/returned so we can perform some further investigation, as per: -

Thanks

@mfairhurst

clucas1976 · March 29, 2016, 10:49am

Hope these help !!

mfairhurst · March 29, 2016, 11:16am

@clucas1976,

Could you try removing the cache-control header and see if that works. Also what specific error message are you encountering?

Thanks,

Mark.

clucas1976 · March 29, 2016, 11:34am

Still not working

mfairhurst · March 29, 2016, 12:30pm

@clucas1976,

Looking at the header sent you are requesting using http

but we can only see HTTPS https://www.ltdonline2.com defined as domains against api keys? Have you defined a domain with HTTP

Thanks

Mark.

clucas1976 · March 29, 2016, 1:36pm

I have changed it to see if that makes a difference.

mfairhurst · March 29, 2016, 2:21pm

@clucas1976

The error message now seems to relate to the authorisation being used. The authorisation key to be sent should be the base 64 of

API Key + :

The colon needs to be appended before encoding, and then not appended to the encoded string.

Thanks

Mark.

clucas1976 · March 29, 2016, 2:29pm

Mark, you are a star, all sorted !!! Thank you

mfairhurst · March 29, 2016, 2:34pm

Excellent news…

info10 · November 4, 2017, 11:51am

Can someone update with working example of this?

Thank you