I’ve been trying to use the Zoom API to get a listing of webinars to display on a custom web page, however I keep getting a CORS origin error: Access to XMLHttpRequest at 'https://api.zoom.us/v2/users?status=active' from origin 'https://myurlhere' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I’ve seen somewhere in your docs that I have to use the Web SDK. I will appreciate it if there are clear directives/instructions on how to achieve this.
You’re correct that you can use the Zoom Web Client SDK to overcome these limitations, but you’ll be aware that behind the scenes, this is using Web Assembly: https://marketplace.zoom.us/docs/guides/zoom-sdks/Web-Client-SDK (please pay special attention to the LIMITATIONS section of the docs)
There are only one of three ways to resolve CORS issues:
Proxy the requests from Client->Your Server (removes browser/sandbox restrictions, best practice…most in control of developers)
Use Web Assembly or Web Workers (but these can still have limitations that need exploring)
If the server accepts your domain or wildcard domains (not recommended since it is introduces security risks, and will never be supported by Zoom’s APIs)
Personally, unless your use-case requirements insist on having client-side code perform these Zoom API requests, I would recommend proxying them through your backend services. This has an added benefit of limiting security risks while also working well with elastic architectures to address scale without impacting client-side usability.
Hi i read on other cors error post, that i need to do a request from a server side, its actually more relevant if i post a reply there on that post but unfortunately its been closed that i cant post any reply, so i decided to ask it here instead
what about refreshing a token, should it also be a server side request? or can i do it from the client? as i can do a token request from client side
Good question. For all of our API endpoints, your requests should be executed server side. You will run into errors (CORS) if you try to submit requests from your client side.