-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Need JavaScript example #51
Comments
Since node.js is server-side the same design principles wouldn't apply (as far as making requests without exposing credentials). Would we want to focus on client-side or server-side here? |
Most of the interest I've seen is client-side; I don't have any particularly relevant quotes handy. |
I am trying to create a client side call to Yelp API, but getting Access-Control-Allow-Origin error in response. I have tried various solutions, but no avail. It seems Yelp is not responding with this header. Does Yelp allow API calls from JS client? |
As I answered in #99 , we do not provide the CORS headers necessary to use clientside js to directly make requests to the api. Would that mean this is no longer a goal? |
We definitely want to have an example of doing client-side JS! That's this ticket. We just haven't figured out a way to do so that doesn't involve leveraging a separate server-side component (significant extra work), or putting all credentials in end-user-visible JS, etc. |
This answer on Stackoverflow might be useful to you. Note that your secret keys will be exposed here, but it is good for prototyping and playing around with the api. |
I see that a node-yelp-api libarary has been created: https://www.npmjs.com/package/node-yelp-api. But I don't know how to make use of this. Is this more secure? Any examples of using this would be appreciated. |
@marcusk71 : That Node package requires server-side code. |
Okay for sure. Opened an issue on the node-yelp repo. In order to yelp api you need to make request from a server not a browser. It sounds like there is no way to get past this CORS error using client side code Thank you! |
JSONP may be a good idea to get around CORS restrictions. I'm experimenting to see if I can come up with something that makes sense |
Hello, I've recently had to tackle this task and put my notes on it together - you might find my write-up useful. I've just posted it, you can find it here: Hope you find it useful. |
We are in the process of archiving this API v2 github repository, and as part of that are closing out all issues. Announcement: |
We used to have a JS example, but it was removed for security reasons in #17 .
We should have a JS example that doesn't expose OAuth credentials as publicly. Doesn't need to be super-high-security, but shouldn't be downright dangerous to emulate.
I wonder if Node.js or something similar might be close enough to fill this niche?
The text was updated successfully, but these errors were encountered: