My Products

CORS Errors with API requests from local proxy server with SPA Integration

by ViktorGastro


I'm developing an integration to the ERP Interactive API through an SPA solution.
Since i'm developing it locally in React i'm accessing everything over localhost, however i have set up a proxy server to handle CORS issues and other issues in regards to getting my access token.


I have managed to get my access token without issue but when i try to make a get request to the API i keep getting CORS errors.


When i try the same thing in Postman with the access token i pulled from my local app i have no issues getting the content.


The error i get when i try to make the GET request:


"cross-origin request blocked the same origin policy disallows reading the remote resource "

I read some forum post about not being able to access the API over http, only over https. Could this be the issue here or have i missed something else?My settings in the Developer portal:

Application settings:


API Integration:




In my proxy server i'm using the following node packages to handle all the proxy setup:



The whole server is wrapped in the CORS Middleware to make sure it applies to all my urls from the proxy.


Any help with this would be greatly appreciated.




by adrianm

Visma.Net API does not support CORS, i.e. you can't call it from a browser.

in short, the browser only allows requests to API:s on the same domain as the page was fetched from unless the API explicitly allows it (CORS). This is a browser security feature


There was a request for enabling CORS in the API many years ago but it was denied.

I assume the reason is the API authentication uses a non-expiring token which can not be securely stored in the browser. Haven't looked into it but with the new authentication (OAUTH) it might be possible to use the API without storing keys in the browser so the decision could be reevaluated.


by Magnus Johnsen


I'd suggest that you check the error in the browser console when it occurs as specifics of the error are not available in your Javascript code.



Hello Magnus!


I am checking the browser console and I’m console logging all the steps of the way to try to figure out where the issue lies. 

I get different results depending on if I run it in chrome or Firefox.


in chrome it says connection refused when I send the request, and in Firefox it gives me the aforementioned cross origin error.


as stated, I get my access token without issue. I thought it might have something to do with my react localhost running on port 3000 and the proxy server running on 3001 but I still get the same error as before.