0

I am trying to use this Mercedes Benz API in my app. Inside controller I have a ajax request:

    onInit : function () {
        var oModel = new JSONModel();
        var url = 'https://api.mercedes-benz.com/image/v1/vehicles/WDDZH3HB8JA394212/components?apikey=my_apikey';

        $.ajax({
            beforeSend: function() {
                //armamos la url y la asignamos a una var       
            },
            url: url,
            type: 'GET',
            accepts: "application/json",
            success: function (resp) {
                console.log(resp)
            },
            error: function (jqXHR, estado, error) {
                console.log(error +":" + " " + estado)
            },
            timeout: 10000
        });
    },

I just want response as OK but getting some error:

Request header field X-XHR-Logon is not allowed by Access-Control-Allow-Headers in preflight response.

Responses response

response

If you take a look to the documentation API I just need the API key. Maybe I am doing something wrong? Guide me if you has use an API inside a FIORI app it will be thankful

NOTE: my fiori server is on premise so we don't use SCP

Naoto
  • 11
  • 1
  • 5
  • if you put a debugger statement in the `beforeSend` event, can you see `x-xhr-logon` in the headers of the request? – Jorg Sep 24 '18 at 22:37
  • you know of destinations in SAP cloud platform? https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/e4f1d97cbb571014a247d10f9f9a685d.html You can fix this issue by having a destination created to the URL you are trying to call – Nandan Chaturvedi Sep 25 '18 at 04:56
  • my fiori server is on premise so we don't use SCP :C – Naoto Sep 25 '18 at 11:40
  • @Jorg i put a break but where can i see that ? this is my first time that i use ajax :C maybe there is another way – Naoto Sep 25 '18 at 11:48
  • replace `//armamos la url y la asignamos a una var ` with `debugger;`, and add an import parameter to the function: `beforeSend: function(request)`. Then open the console of the browser. Chrome will stop and you can check the values of `request`, in a similar way to SE80. Check the Sources tab. – Jorg Sep 25 '18 at 14:03
  • wich of the properties: overrideMimeType pipe progress promise readyState setRequestHeader state statusC success then – Naoto Sep 25 '18 at 18:32

1 Answers1

1

If you really want to do an XHR you need to whitelist APIKEY in neo-app.json like this 

{
    "welcomeFile": "/webapp/index.html",
    "routes": [{
        ...
    ],
    "sendWelcomeFileRedirect": true,
    "headerWhiteList": [
        "APIKey"
    ]
}

Otherwise I strictly recommend using destinations, explained in here:

dotchuZ
  • 2,621
  • 11
  • 39
  • 65
  • that's my case, without SCP my fiori server is on premise – Naoto Sep 25 '18 at 11:51
  • I doubt that anyone might solve this satisfying to anyone not revoking security patterns. Maybe you should build an OData Service in SAP onPrem, calling your external API and provide this to your app. I dont see any other solutions here. And yes you could also do HTTP requests from abap ... thats revoking security because your onPrem has to communicate with the internet... – dotchuZ Sep 25 '18 at 12:45
  • maybe using a proxy on the fiori server ? and i never has build an odata that communicates with internet :O i din't know that – Naoto Sep 25 '18 at 13:13
  • it is ABAP doing an http request, you could put it in an odata service and work with the response in your app. https://blogs.sap.com/2014/11/09/calling-an-external-restful-service-from-abap-http-method-post/ – dotchuZ Sep 25 '18 at 13:19
  • thanks! but i think i have to make a https request or i will get an error in abap is it possible to ? – Naoto Sep 25 '18 at 14:00