ZipCodeAPI CORS Issues

Many users start with ZipCodeAPI and want to test against their local server and immediately hit a snag. They send us questions similar to the following:

What is CORS and the Solution

CORS is cross-origin resource sharing and helps control what sources are allowed to access resources in an application. CORS requires that you add domains to an allow list. This is done to protect you so that other websites do not steal your API and consume your API request quota. Here are the steps to resolve to get everything working:

  1. Go to App Management, login if needed, and select the app to manage.
  2. Click the Client Side Access Setup link.
  3. Enter the domains allowed. For example, use localhost for local testing or your website address for public websites (do NOT include https://).
  4. Save the page.
  5. When making API calls in JavaScript from one of those domains, use the client key (starts with js-) in the API request URL.