0

I am trying to implement a simple recurly API client to create an account in recurly using a local HTML page for testing purposes.

I am hard-coding the request in Javascript and using XMLHttpRequest to do the post operation.

var client = new XMLHttpRequest();
client.open("POST", "https://subdomain.recurly.com/v2/accounts", true);
client.setRequestHeader("Authorization", "Basic " + "API Key");
client.send([XML Request Here]);

The code is returning 404.

But if I comment out

client.setRequestHeader("Authorization", "Basic " + "API Key");

The code is returning 401 (unauthorized), which means that the endpoint exists but there is a problem with setting the Authorization header.

Edit:I have checked the method for the 404 request and it is OPTIONS instead of POST, is that due to the same origin policy?

Any help is appreciated.

Thank you.

user6921220
  • 1
  • 2
  • well... did you check in the developer tools, if your request looks correct? 404, in theory, is a valid response for a rest service, in case your resource is not mapped. – Vladimir M Oct 04 '16 at 13:55
  • I sent a similar request using cURL and it returned a success XML. – user6921220 Oct 04 '16 at 13:58
  • Then you should get the same result. It is very hard to compare "similar" to a very basic POST request with a single authorization header in it. – Vladimir M Oct 04 '16 at 14:11

1 Answers1

0

POST requests with certain content types should not be generating the pre-flight requests. Set this one:

application/x-www-form-urlencoded

client.setRequestHeader("Content-type", "application/x-www-form-urlencoded");

Send POST data using XMLHttpRequest

Community
  • 1
  • 1
Vladimir M
  • 3,972
  • 1
  • 15
  • 21
  • Thank you for answering, unfortunately it is still generating the 404 error. – user6921220 Oct 04 '16 at 16:00
  • can you see if there are other headers that are being added to the request? what is the content of the request in browser's developer tools. – Vladimir M Oct 04 '16 at 18:12
  • Thank you for following up. I have confirmed that the same origin policy is the reason of this. I used IE 8 (which doesn't force the same origin policy) and the request went through. I am currently trying to find a way to bypass the same origin policy on modern browsers. – user6921220 Oct 04 '16 at 19:22
  • CORS pre-flight is going to be sent for all but a very limited set of headers/types. (http://stackoverflow.com/questions/22968406/how-to-skip-the-options-preflight-request-in-angularjs) – Vladimir M Oct 04 '16 at 19:32