Bybit API & CORS

[blake41]

Apologies if this is a stupid question. I'm trying to run the bybit-api module in my browser. I'm using a CORS extension in chrome to allow CORS request from any origin but keep getting a CORS issue when I try and use the bybit-api library. I can make requests directly myself when I hit the actual bybit api manually with an axios get request in a JS script so I'm not sure why axios in bybit-api is not being allowed to make CORS requests

[tiagosiebler]

Would love to gather some of the options in one place. Primarily this comes down to how bybit's APIs are configured, as they need to include a few headers in their responses for browsers to happily make requests.

These are the possible solutions that come to mind from my side:

• Bybit enhances their API to work with CORS.
  • Not sure if/when that will happen.
  • We should keep asking them for this to stress the importance.
• Or, make a backend for your web-based app that handles API requests to bybit, instead of doing them client side.
  • This is the least "hacky" way I can think of. Server-side requests are not subject to CORS.
  • If you take this route, you should look at the per IP limits that bybit have and talk to them to have them lifted or increased. It can quickly add up when making requests for amny API keys.
• Or, use a proxy that handles CORS headers for you.
  • The final parameter in the REST clients let you pass options to axios, both for linear and inverse.
  • You can use this to pass proxy settings to axios, look in their docs for "proxy: {": https://github.com/axios/axios#request-config
• Or, use something like CORS anywhere, though ideally host your own so you don't get unexpectedly rate limited: https://github.com/Rob--W/cors-anywhere#readme

Would be curious if for development any browser extensions can help here but I haven't tried that personally...

[blake41]

Thanks! Going with the second option. Was trying to avoid setting up a server and just do some simple dev in browser but CORS is such a pain. I've gotten away with it in the past using browser extension that allow CORS but ran into some issues

[pixtron]

There is still an open issue regarding CORS on bybit's side: bybit-exchange/bybit-official-api-docs/issues/29.

[tiagosiebler]

There is still an open issue regarding CORS on bybit's side: bybit-exchange/bybit-official-api-docs/issues/29.

Yes unfortunately. Spoke to them a few times about it. Last time (few months ago) they stated they still had no plans on changing this on their side yet. Best recommendation is to keep asking them about it so they're aware of demand, while using one of the above suggestions in the meantime (unless other ideas come to mind ofc).

[tiagosiebler]

Closing this but leaving it pinned for visibility.

[tiagosiebler]

Announced today:

CORS support has been added to the Futures API. This means that frontend JavaScript code can directly call the Futures API due to the presence of the response header

Access-Control-Allow-Origin: *

A huge thank you to the many users who requested this change. You feedback improves the Bybit API!