IP not working for whitelist

My website URL is: secureserver[dot]domains2go[dot]us/parth/

What I’m seeing is: I am trying to use an API on my site that can only be accessed by whitelisted APIs and so I have whitelisted the IP: 185.27.134.225, but the XML still can’t be accessed.

This is the error in the console:
Access to XMLHttpRequest at ‘https://test.httpapi.com/api/resellers/promo-details.json?auth-userid=769672&api-key=uqgiG4K6TqyxhdIq8wIpiheMC7zkJznP’ from origin ‘http://secureserver.domains2go.us’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I’m using this software: JSON & XML

Additional information: Using Chrome, HTML, JS, Jquery, XML, JSON.

1 Like

This is not a restriction on your website (or the hosting powering it) but rather on the site/hosting of test.httpapi.com.

I recognize this API as the testing endpoint for ResellerClub. Their API works fine, but is intended to be used in a backend application. If you see this error in your browser’s developer console, that tells me that you’re trying to access this API through the Javascript code sent to the visitor browser.

This is not going to work (or should not be done) because:

  • The API blocks AJAX requests from other domains, because it’s not intended for browser access.
  • Accessing this API requires a static API key. By adding this API key to the Javascript code, you would give anyone access to your entire reseller account.
  • The API requires an IP whitelist. If you try to execute this request from the visitor’s browser, the connection will originate from the visitor’s browser, device and network, not from your hosting account.

The intended way to use this API is to write backend code (i.e. PHP) which holds the API credentials and talks to the API. You can then expose your own PHP based API to visitors, which includes proper access controls (so people can only control their own domains). Since the frontend Javascript and backend PHP are on the same domain, you avoid any CORS issues as well.

2 Likes