I'm getting a 'Blocked by CORS policy' error with the API
CORS blocking your API? Move calls to backend to protect tokens and prevent security risks from exposed credentials.
If you're seeing this error when trying to use the HelpDocs API, it means your current setup isn't quite right. The good news is this error is actually protecting you from a security vulnerability ā
What's happening here?
CORS (Cross-Origin Resource Sharing) is a security feature built into web browsers. When you try to make API calls directly from your frontend code (like JavaScript running in a browser), the browser blocks these requests to protect your API credentials.
This error appears when you're trying to use the HelpDocs API from frontend code, which exposes your API token to anyone who visits your website.
Why this is a security risk
Your API token should be treated like a password. Just like you wouldn't put your password in JavaScript code that anyone can read, you shouldn't put your API token there either.
The secure solution
The fix is simple: move your API calls to your backend server instead of making them directly from the browser. Here's what you should do:
- Remove the API token from your frontend code
- Create an endpoint on your backend server that handles the API calls
- Have your frontend make requests to your own backend endpoint
- Your backend then securely calls the HelpDocs API using the token
Need help with implementation?
Check out our API documentation for detailed examples of secure API usage. The docs include sample code for various programming languages that show the proper backend implementation.
If you're building a chatbot that needs to access your Knowledge Base content, consider using our Chatbot Source Page which provides a secure way to feed your content to AI systems.
What did you think of this doc?
Can I have a single article appear in multiple categories?
How do I change my email?
