Mongo Data API and CORS

Andrea_Bertoldo · December 4, 2021, 1:16pm

Hello, I’m trying to query my Mongo DB on Atlas through the Data API, from the browser (with an Angular app) but I’m blocked by CORS.
I guess it’s by design and the Data API is supposed to be consumed from server apps, not client apps, as the UI in the admin dashboard doesn’t show anything that makes me think I can configure CORS, but just in case there’s a way around this I’d be glad to hear it.

Sumedha_Mehta1 · December 7, 2021, 3:09pm

Hey Andrea - you’re correct, currently it’s blocked by CORS because we don’t yet offer additional authentication and authorization options. Feel free to request it on Atlas: Top (1026 ideas) – MongoDB Feedback Engine and choose the ‘Data API’ category so we can gauge interest.

Other ways to get around this is to wrap it in a backend or another managed service like Lambda or put an API gateway in front of it.

Stennie_X · March 30, 2022, 2:03pm

Hi folks,

For anyone who has a similar use case where CORS or a browser-only application environment currently prevents using the Data API (Preview), please watch/upvote the feature request to Support CORS from the Data API (MongoDB Feedback Engine).

This feature request is currently under review, so any additional context on desired use case support would be helpful – start a new forum discussion using the data-api tag.

In the interim, some alternative approaches to consider include:

Putting an API gateway or serverless function in front of the Data API calls (as mentioned earlier in this topic).
Using the MongoDB Realm GraphQL API:
Javascipt Web XMLHttpRequest Blocked by corspolicy
If you need an API from MongoDB Atlas right now that is not blocked by CORS, I suggest using the GraphQL API that is offered by MongoDB Realm. The Steps to generate this API involve -
1. Generating your JSON Schema
2. Configuring Authentication
Using the Realm Web SDK.

Regards,
Stennie

Kaylee_Won · May 24, 2023, 6:53pm

Hi –

Just wanted to hop on here to update this thread and announce that we now support client side access for the Data API using Bearer Authentication. This will allow you to get around CORS errors and call the Data API from any platform that supports HTTPS, which includes web browsers. Check out our docs page that goes over how to authenticate Data API requests for web browser access.

If you would like to share any additional context on your use case or general feedback regarding this feature, please feel free to email me at kaylee.won@mongodb.com.