Skip to main content
NICE CXone Expert

Scheduled CxOne Expert Maintenance - Oct 26th 11:59 pm PT - Learn More

Expert Success Center

Use a Browser API Token With an Integration

Applies to:
All MindTouch Versions
Role required:
Admin
Instructions and examples to use your Browser API Token in order to gain web browser access to the Expert API.

How to Use Your Browser API Token

The token key is included in an API request by setting it as the X-Deki-Token HTTP header value.

Examples

Fetch API

const key = 'dacaffe7ce69dfd1071531e925f667905a1c981fb40d06c676880e84352cb3aa';
fetch('https://example.com/@api/deki/pages/home/info', {
    headers: {
        'X-Deki-Token': key
    }
}).then((response) => {
    
    // ...
});

jQuery

const key = 'dacaffe7ce69dfd1071531e925f667905a1c981fb40d06c676880e84352cb3aa';
$.ajax({
    url: 'https://example.com/@api/deki/pages/home/info',
    method: 'GET',
    headers: {
        'X-Deki-Token': key
    }
}).done((data) => {

    // ...
});

Upon receipt, Expert checks the Origin HTTP Header sent by the browser against the hostname patterns allowed when the Browser API Token was generated. If there is a match, the cross origin API request is allowed. If the origin hostname does not match any of the Browser API Token's allowed hostname patterns, the API request is denied and an error message is returned.

Testing with Codepen, JSFiddle, Postman

Popular tools for web development experimentation are hosted JavaScript, HTML, and CSS sandboxes such as CodePen or JSFiddle, or local API development clients such as Postman. When using hosted tools, confirm that the domain the tool uses for HTTPS communication with the Expert API was allowed when the Browser API Token was generated.

The primary use case of Browser API Tokens is safely managing access to the Expert API using Cross Origin Resource Sharing (CORS). API development clients, such as Postman, generally have trouble leveraging Browser API Tokens unless they can set an Origin HTTP Header. If testing with these tools is desired, consider using a Server API Token instead.

 

  • Was this article helpful?