Problem statement
I am trying to invoke Kore.ai public API from my web application (customized Web-SDK) but I am not able to get a response. CORS error is thrown.
Solution
Kore.ai public APIs, like many other public APIs of other products, do not have “Access-Control-Allow-Origin” in response headers. This is because the APIs are not designed for consumption from a Web application directly. The APIs are designed to facilitate CI/CD and other automation. So they can be consumed in server/client/middleware apps built with NodeJS, Python, etc. but one needs to ensure the user-agent is a part of the request header.
As mentioned above, it must be noted that the public APIs of Kore.ai are primarily designed for CI/CD or for downloading and pulling information into third-party systems. We advise against using Kore.ai public APIs for any scenario where it is used in a critical bot-user interaction. Although we take great care to ensure all our services are up and running all the time, any disruption specific to Kore.ai public API services may impact the bot-user interaction if they are used directly in critical bot-user interactions.
If there is any business reason for using a Kore.ai public API service from a web application, it must be used through a middleware, an adapter, or a proxy service. The Kore.ai public API response will not have Access-Control-Allow-Origin by design. The adapter service should make a call to the Kore.ai public APIs, add the required headers in the response received, and relay the response back.
