If you have ever tried to make an AJAX request to another site, you have probably seen an error message like this:
Access-Control-Allow-Origin header is a part of a specification called Cross-Origin Resource Sharing, or CORS. The CORS specification allows the browser to make requests from the browser to sites other than the origin. There are a lot of great resources on how to use CORS, I’ve linked to handful at the bottom of this post.
We recently had a customer ask if the Tradier API could support CORS requests. Without question, it makes developing web applications much easier (and potentially faster) as it reduces the need for backend servers to proxy requests.
With our recent release, Tradier now fully supports the CORS specification. All REST-based API requests can be made following cross-origin request standards.
Here is a quick example using jQuery, courtesy of Steve Agalloco:
Additional CORS Resources:
Note: OAuth APIs don’t support CORS requests for security purposes. Access tokens should be handled carefully in the browser.