+ Start a Discussion
Eric DelgadoEric Delgado 

loading REST API returns 200 OK, but no data is returned

Hi,
I am new to SF REST API. I am trying to create an angular app and retrieve data from salesforce rest api with SF OAuth authentication. I get the bearer access token after authentication and have set it in the header for the api request. However, everytime I made a $http.get from angular, I get no data. The dev tool console shows this error:
XMLHttpRequest cannot load https://na34.salesforce.com/services/data. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.

However, when I look at the network tab in chrome dev tool, I see the status was 200 OK. I tested the request from fiddler and postman and I am able to get the data without problem. I also added my localhost:8080 to whitelist in CORS from the SF. Any idea what I am missing? Thanks!
Best Answer chosen by Eric Delgado
PeterNPeterN
Unfortunately you won't really be able to do so without a publicly available IP address and server. Generally you can mock REST services to simulate the responses as given to you from Salesforce but that's limited and slightly time consuming to set up. 

I would suggest that if you guys were in it for the long haul and intend to develop as agile as possible then you can throw your content up on any server quickly. This will save you months of pain if you can retrieve content from and fully validate your requests. Amazon AWS can can set up in a relatively short time that you can host your code from (free for a year?). 

If the content is short and sweet and you only have one call to ever make (say for a small retrievable of newest Opp for example) then I would suggest you can eyeball it... but again best practices will get you further than malpractices.

The only other way is to possibly have a service that retrieves that data for you (may already be built) and then you retrieve that from there. Again, this violates a lot of the principles behind CORS and you really should just get a server :)

All Answers

R Z KhanR Z Khan
Salesforce doesnt allow cross site scripting. You would need to set up CORS
https://developer.salesforce.com/docs/atlas.en-us.chatterapi.meta/chatterapi/extend_code_cors.htm
It also could be caused by a browser. Are you using Chrome?
Eric DelgadoEric Delgado
Hi Khan,
Thanks for your reply. I already added my localhost to CORS whitelist. I tested it on Chrome and IE, and both giving me similar errors. I also tested out with https protocol on localhost, but no luck. Any idea what I am missing? Thanks!
R Z KhanR Z Khan
I would recommend doing REST calls from apex rather then client side. You won't have this issue if oyu move your call to your controlelr and call the apex method instead form angular
Eric DelgadoEric Delgado
I need it as a stand alone application for the business requirement. Is there any work around for this? Or I must do it with apex? Thanks.
R Z KhanR Z Khan
Did u try making a connection using https, not http. I know salesforce doesnt like insecure connections Other work around would be to make your rest spi publicly accessible using force.com site. But not sure if u wonna go that route _____________________________
Eric DelgadoEric Delgado
I tried http in the beginning, but I must enter a https url when setup CORS and add it to whitelist. So, I did it with https. I setup the https protocol on my localhost. What else should I check? Thanks.
PeterNPeterN
It sounds like you're trying to add "localhost" as a supported IP address to your Salesforce CORS list. Though my experience doesn't extend to salesforce completely, if I'm accurate it means you're telling Salesforce to:

Accept all incoming requests from the origin: https://localhost:8080
This translates to
Accept all incoming requests from yourself coming from the port 8080

What you really want is for your website that accesses this REST api to retrieve it via a publicly available server ip or dns that can access. Remember, you're telling Salesforce what IPs are applicable, if you say localhost or 127.0.0.1 then you're saying accept all requests from the Salesforce home server. If don't have a publicly available server you may need to look into that seperately.

Hope that helps!
Eric DelgadoEric Delgado
Hi Peter,
Eventually this will be hosted on a web server, but for development we need to be able to work on it locally. Do you have any suggestion for a better approach we can do? Thanks!
R Z KhanR Z Khan
Hi Eric,

read this article below. Maybe suggestions there would help oyu

https://developer.salesforce.com/blogs/developer-relations/2015/01/spring-15-preview-cors-force-com-rest-api.html.

try hosting oyur app on heorku to test it
 
PeterNPeterN
Unfortunately you won't really be able to do so without a publicly available IP address and server. Generally you can mock REST services to simulate the responses as given to you from Salesforce but that's limited and slightly time consuming to set up. 

I would suggest that if you guys were in it for the long haul and intend to develop as agile as possible then you can throw your content up on any server quickly. This will save you months of pain if you can retrieve content from and fully validate your requests. Amazon AWS can can set up in a relatively short time that you can host your code from (free for a year?). 

If the content is short and sweet and you only have one call to ever make (say for a small retrievable of newest Opp for example) then I would suggest you can eyeball it... but again best practices will get you further than malpractices.

The only other way is to possibly have a service that retrieves that data for you (may already be built) and then you retrieve that from there. Again, this violates a lot of the principles behind CORS and you really should just get a server :)
This was selected as the best answer
Eric DelgadoEric Delgado
Thanks for the responses. I think we will solve it with a middle tier service to connect with SF rest api.
R Z KhanR Z Khan
Your welcome Eric. Please mark the question as resolved.