InControl 2 API - CORS Issue


I created a Vue.js web application to do some testing of the InControl 2 API for an upcoming project. When I make calls to the API it doesn’t return the access-control-allow-origin: header. I am able to make calls to from the same application. That API returns the access-control-allow-origin header with my domain as the value. I am aware that I can “middleman” the request and avoid this but for testing I would like to be able to call straight to the API from the web application. Does anyone know if the InControl 2 API supports CORS or has plans to?


Sean Ainsley


InControl 2 API does not supports CORS and only support requests made from server side.


Hello Bonnie_Lam,

Since 2018, does the strategy changes and we’re able now to make api call from JS App?

Best Regards,

Samuel, Careprod Dev Team

Let us come back to you later this week.

Samuel, yes, you can now make API calls from JS apps.

We have introduced a Website Restrictions setting to the Client Applications settings screen. So you can restrict your API key to be applicable to your website only.