grocca 1 Report post Posted November 7, 2015 Hi, I am new to the CIAPI and I keep receiving a CORS error at login attempt: Below are two different attempts to login - AJAX and jQuery <script> $.ajax({ type: "PUT", url: 'https://ciapi.cityindex.com/TradingAPI/session', data:jQuery.parseJSON('{"UserName":"DM205345","Password":"XXXXXX"}') Content-Type: application/json, dataType : 'json', //jsonp for cross origin request creates another error crossDomain:true, success: function(data, status, xhr) { alert(data); }, error: function(jqXHR, textStatus, ex) { alert(textStatus + "," + ex + "," + jqXHR.responseText); } }); </script> Image of cors error for the ajax attempt above is the attached cors1.png JQUERY <script> $.post("https://ciapi.cityindex.com/TradingAPI/session",{"UserName":"DM205345","Password":"XXXXX"}, function (data, textCode){ }); </script> Image of cors error for the jQuery attempt above is the attached cors2.png I have tried numerours variations of the above and still no success. My username and password works as i have tried it in the test harness and seems to have returned correctly. Share this post Link to post
Physicsman 25 Report post Posted November 9, 2015 Hello grocca, We're looking into this for you. When I hear back from the team I'll post again with an update. Kind Regards, PM! Share this post Link to post
Physicsman 25 Report post Posted November 11, 2015 Hi grocca, Cross Origin Request Sharing (CORS) is not currently enabled on our Trading API servers, hence why you are receiving the error. I have started the process of enabling CORS for the API servers, after which you should be able to use the API without this particular error. The time frame for this to be released into the Live environment is a couple of weeks. I shall post again as soon as it has been deployed into Live. Thank you for your patience. PM! Share this post Link to post
grocca 1 Report post Posted November 11, 2015 Thank you. Looking forward to it Share this post Link to post
Physicsman 25 Report post Posted November 16, 2015 Hi, You should be able to access the CIAPI using jQuery or AJAX without the CORS error. This has been re-enabled on the server - long story short, a recent API change accidentally disabled CORS and this change has been rolled back. I performed a quick check using CURL to simulate a preflight request with an origin of "http://example.com" and received back the expected Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers. curl -H "Origin: http://example.com" \ -H "Access-Control-Request-Method: POST" \ -H "Access-Control-Request-Headers: X-Requested-With" \ -X OPTIONS --verbose \ https://ciapi.cityindex.com/TradingAPI Please let me know if it now works for you as expected. Kind Regards, PM! Share this post Link to post
grocca 1 Report post Posted November 17, 2015 Thanks for the reply but I am still having no luck However my response code is different saying Cors header access-control-allow-origin does not match * I have tried all variations and still no access. Were you able to get an Ajax or jquery working call to ciapi from an external site? Share this post Link to post
Physicsman 25 Report post Posted November 17, 2015 Hmmm. Let me investigate further and get back to you. Please attach a screenshot of the new error message you are receiving now when you have a moment. Thanks! Share this post Link to post
Physicsman 25 Report post Posted November 18, 2015 Hi, I've found what it is - the changes to the API have only been applied to the QA and Pre-Production environments at this time and not yet in Live. I've sent you a private message with the credentials for a Pre-Production environment account that you can use to check if you still get a CORS error there. Please send your calls to the PPE API address at: https://ciapipreprod.cityindextest9.co.uk/TradingApi/ Should it work fine in PPE then once the changes are deployed in the Live environment you can use the API normally without errors. If you still receive errors in PPE then we can look into it some more at that time. Kind Regards, PM! Share this post Link to post
grocca 1 Report post Posted November 19, 2015 I have tried the new address with my credentials the ones you had sent I am getting the error as per image "Capture.png" for both addresses I have also tried doing a simple post form <form action="https://ciapipreprod.cityindextest9.co.uk/TradingApi/session" method="post"> <input type="text" name="UserName" value="DM######" /> <input type="text" name="Passwrod" value="xxxxxx" /> <input type="submit" name="submit" value="submit" /></form> and the response is: {"HttpStatus":400,"ErrorMessage":"The request content-type is not supported","ErrorCode":4005} Share this post Link to post
Physicsman 25 Report post Posted November 23, 2015 Hello, I think we may have found the cause of the problem and the solution!! In your AJAX call, the content type in the request should be: contentType: 'application/json' //with single quote marks instead of what is currently being used: Content-Type: application/json As an example the following code works: Without the content type is when the we get the CORS error: Hope this helps. Kind Regards, PM! Share this post Link to post
grocca 1 Report post Posted November 24, 2015 My Friend this is unbelieveable. You have done it! Thanks for persisting with me on this. I had tried so many different combinations and my code has become a complete mess. But you have cleared all that up now - Many Thanks Share this post Link to post
Physicsman 25 Report post Posted November 24, 2015 Great news - we're glad we could help! Share this post Link to post
grocca 1 Report post Posted December 1, 2015 Hi PM, I have had no problem at all with a GET request But i am having a CORS problem again with a POST to this address https://ciapi.cityindex.com/TradingAPI/order/newtradetorder I have copied exactly as my login post but of course have changed the post variables - Is it another page on the server that would need to be enabled? Share this post Link to post
Physicsman 25 Report post Posted December 1, 2015 Hi Grocca, CORS is enabled for the entire server - requests to any address won't cause an issue. The previous error encountered with the GET request was due to the missing single quote marks in the request. The syntax of requests must be 100% exact or errors will result as we've seen. There is a POST body example in the API reference for placing a trade, which is when you would POST to the https://ciapi.cityindex.com/TradingAPI/order/newtradetorder address. See http://docs.labs.cityindex.com/#HTTP Services/Trade.htm%3FTocPath%3DCIAPI%2520Reference%7CHTTP%2520Services%7CTrades%2520and%2520Orders%7C_____14 The problem is likely caused by a missing or extraneous symbol somewhere in the POST request. Kind Regards, PM! Share this post Link to post