CORS in IBM App Connect Enterprise
Here in this blog, we are going to learn about CORS in IBM App Connect Enterprise.
CORS (Cross-Origin Resource Sharing) is a security feature that web browsers use to control whether a web page running at one domain is allowed to request resources, like data or services, from a different domain. When you’re using IBM App Connect to connect to APIs or services hosted on different domains, you might encounter CORS-related issues.
CORS in IBM App Connect works similarly to how it works in any other context. When you’re creating flows or integrations that involve making API requests to domains different from where your integration is hosted, you need to ensure that the API you’re calling has the appropriate CORS settings. In IBM ACE we can use CORS to allow and restrict origins, methods hosts etc.
Procedure:
In IBM ACE we can enable CORS at both Integration Node and Integration Server levels with respect to listeners like HTTP/HTTPS, to enable the CORS at the Node level follow the below steps.
- Enable the CORS using below command
mqsichangeproperties integrationNodeName -b httplistener -o connectorName -n corsEnabled -v true
Where connectorName is HTTPConnector for HTTP calls and HTTPSConnector for HTTPS calls. - To define the CORS properties use below command
mqsichangeproperties integrationNodeName -b httplistener -o connectorName -n corsAllowmethods –v ‘POST’ - Similarly to enable CORS at Integration Server level use below command
mqsichangeproperties integrationNodeName -e integrationServerName -o connectorName -n corsEnabled -v true - To define the CORS properties under Integration Server use below command
mqsichangeproperties integrationNodeName -e integrationServerName -o connectorName -n corsAllowmethods -v ‘POST’ - To test the enabled CORS create the REST API be defining the method.
- Deploy in the respective CORS enabled servers.
- Call the REST API from web browser.
- Here as example we enabled CORS in such a way that allow only foe POST methods as shown in above commands.
- When we try to test an REST API with GET method it will restrict as shown below.
- We can achieve security with CORS in many accepts as shown above.