Ctrl K

Set CORS settings

Published Oct 17, 2025

The *Set CORS settings* endpoint allows you to register allowed origins (i.e. your domains) for use in cross-origin resource sharing ([CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing)). Enabling CORS with Codat is required by our embeddable UIs (such as [Connections SDK](https://docs.codat.io/auth-flow/optimize/connection-management) and [Link SDK](https://docs.codat.io/auth-flow/authorize-embedded-link)) to access Codat's API endpoints.

Script codat Verified

Use in Windmill

The script

Submitted by hugo697 Bun

Verified 235 days ago

All edits

Permalink

//native
type Codat = {
	encodedKey: string
}
/**
 * Set CORS settings
 * ﻿The *Set CORS settings* endpoint allows you to register allowed origins (i.e. your domains) for use in cross-origin resource sharing ([CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing)).
 
Enabling CORS with Codat is required by our embeddable UIs (such as [Connections SDK](https://docs.codat.io/auth-flow/optimize/connection-management) and [Link SDK](https://docs.codat.io/auth-flow/authorize-embedded-link)) to access Codat's API endpoints.
 */
export async function main(auth: Codat, body: { allowedOrigins?: string[] }) {
	const url = new URL(`https://api.codat.io/corsSettings`)

	const response = await fetch(url, {
		method: 'POST',
		headers: {
			'Content-Type': 'application/json',
			Authorization: `Basic ${auth.encodedKey}`
		},
		body: JSON.stringify(body)
	})
	if (!response.ok) {
		const text = await response.text()
		throw new Error(`${response.status} ${text}`)
	}
	return await response.json()
}


`1`	`//native`
`2`	`type Codat = {`
`3`	`encodedKey: string`
`4`	`}`
`5`	`/**`
`6`	`* Set CORS settings`
`7`	`* The Set CORS settings endpoint allows you to register allowed origins (i.e. your domains) for use in cross-origin resource sharing ([CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing)).`
`8`
`9`	`Enabling CORS with Codat is required by our embeddable UIs (such as [Connections SDK](https://docs.codat.io/auth-flow/optimize/connection-management) and [Link SDK](https://docs.codat.io/auth-flow/authorize-embedded-link)) to access Codat's API endpoints.`
`10`	`*/`
`11`	`export async function main(auth: Codat, body: { allowedOrigins?: string[] }) {`
`12`	const url = new URL(`https://api.codat.io/corsSettings`)
`13`
`14`	`const response = await fetch(url, {`
`15`	`method: 'POST',`
`16`	`headers: {`
`17`	`'Content-Type': 'application/json',`
`18`	Authorization: `Basic ${auth.encodedKey}`
`19`	`},`
`20`	`body: JSON.stringify(body)`
`21`	`})`
`22`	`if (!response.ok) {`
`23`	`const text = await response.text()`
`24`	throw new Error(`${response.status} ${text}`)
`25`	`}`
`26`	`return await response.json()`
`27`	`}`
`28`