Using APIs from a different origin/domain

New Member
2 0 0

Any method I've attempted to request information from a Shopify store from a different domain results in the familiar CORS error:


"Access to fetch at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."


I'm trying to create a customer-facing site which is very simple and is just for managing (creating and logging in) customer accounts, and doing specific things with those accounts like setting tags and sending emails to store staff to update details on those accounts once they're created. Using GraphQL or the REST API, is there a way to get the Shopify store to allow API requests from my separate domain without triggering the CORS error? Any way at all to add the appropriate "Access-Control-Allow-Origin" header in the response from the API endpoint?


(The security implications are not my concern here, as I believe API credentials can be obfuscated using backend middleware on the site doing the requests)


Or am I going about it the wrong way and there's another recommended way to do this besides those two APIs?


Or is what I'm trying to do only possible on the same domain as the store, by design, no exceptions?



Shopify Staff
Shopify Staff
1357 52 200

If you want to make an API request to the admin API, you have to do it from a back end. Front end requests, as you observed, will be blocked by the CORS policy on our end. What you can do is from your front end, delegate to your backend to make the request, and return the response data from that request to your front end.