Skip to main content

Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) is an HTTP-based mechanism that lets a server specify which other origins (domains, schemes, or ports) can load its resources.

By default, a browser blocks requests from an app running on a different origin than the server. To allow access, the server must either permit all origins (using *) or explicitly allow the app's origin.

Learn More

You can find more in-depth information about CORS here.

CORS in Showpad

Showpad enforces a strict policy for cross-origin requests, where only requests originating from your authorized Showpad customer domain are permitted. As a result, the following behavior applies to the request:


GET https://{{subdomain}}.showpad.biz/api/v4/users

AllowedBlocked
https://{{subdomain}}.showpad.bizhttps://{{other-cust}}.showpad.com
https://{{subdomain}}.showpad.com https://customer-app.com

Additional Origins

If the default Showpad policy is too restrictive for your needs and you need to call the Showpad API from a browser app running on a non-Showpad domain, please contact Showpad support. They can assist you in adding additional origins to the allow-list for your Showpad instance.

Please specify the following in your request:

Required InformationFormat
your Showpad instance{{subdomain}}.showpad.biz
the origin you want to allowhttps://{{app domain}}(:<port>)