I’m trying to call the BambooHR API in my React (TS) project, but I keep getting CORS error from both localhost and server. I’m not sure why as this API is supposed to be public.
The API call works on Postman but it doesn’t on the client.
I followed their API docs: https://documentation.bamboohr.com/docs/getting-started
https://{API Key}:[email protected]/api/gateway.php/{subdomain}/v1/employees/directory
It’s very basic. How do I fix this?
2
Answers
It’s not surprising that a CORS error does not show up on Postman: Postman is not expected to respect CORS rules.
CORS is a security protocol. Either you are violating rules intentionally put in place by BambooHR or BambooHR has misconfigured their server. Since there does not seem to be any documentation to the effect that BambooHR allows cross-origin references, my bet is on the former.
Language bindings are perl, php, ruby, python, .net, and java.
It’s not meant to be used from the browser.
You’ll have to proxy your requests through a server if you want to use it.