If you add an origin to the InfoSphere®
Streams trusted origin list, you can make cross-origin requests to the REST API from that
origin.
About this task
Web browsers typically restrict scripts from accessing data with a different origin than the page that contains the script. This restriction, which is known as the same-origin policy, prevents you from directly accessing the InfoSphere
Streams REST API from a script. Starting in Version 4.1, the REST API supports cross-origin resource sharing (CORS), which provides a mechanism for the browser and server to determine whether to allow cross-origin requests.
Procedure
- Verify that your browser supports CORS. Most modern browsers support CORS; however, you might need to upgrade to the latest browser version to get this support.
- Add the originator of script REST API calls to the list of trusted origins. You can do this by using the streamtool addtrustedorigin command or on the Management Dashboard of the Streams
Console.
The origin specifies the scheme, host, and port from which requests originate. It must be a case-sensitive match for the HTTP Origin header value that the browser adds on the cross-origin request, for example: http://myserver.com:8080
- Add the InfoSphere
Streams certificate to the web browser. Use your web browser's interface to trust the self-signed certificate that is provided by
InfoSphere
Streams.
- Determine the method to authenticate the InfoSphere
Streams user. If the domain is configured to use client authentication and the client certificate contains
an InfoSphere
Streams user name, no further configuration is necessary. The user is authenticated when the
certificate is verified.
Otherwise, HTTP basic authentication is used and you must set the
withCredentials attribute of the XMLHttpRequest object to true for
user credentials to be included on the cross-origin request. If your browser supports prompting for
credentials with CORS requests, you can supply credentials this way. Alternatively, you can supply
the credentials directly in the HTTP Authorization request header.
What to do next
You can now make REST API calls from a script that that runs from the trusted origin that you
configured.