Admin API localhost website CORS

Hello all,

We recently started developing an application with Couchbase. It will have Desktop, Web and Mobile applications (with sync replication).

We will also use a self-develop auth-server, to handle our authentication needs. A quick sketch:
Users can buy our software, then we will create a customer account for them (stored as document in the database), as well as a user account in the database (also as a document), and a sync_gateway user account (with admin rights to that customer’s channels).
This user account can be used to create other accounts (which do not have the same access rights as this account, they will only be able to access a subset of the data linked to that customer’s projects, this will be accomplished by channels and roles).

For the creation of the customer’s account, we will be using a hosted website which will only be accessible in house (since we are using the Admin API in a separate API (self develop as well, this API will handle creation all the correct links between the customer’s account, and his admin account etc…)).
We would like to get a list of all the current customers as well, so we can edit or disable them.

This website is created with Angular, but now my real question is:
Can we use the Admin API directly from the Angular website (using $http requests)? We are currently getting CORS issues, even though the website is hosted on localhost.
Another way to go would probably be calling the seperate API which will then pipe the results through to the web application (but would only like to use this solution when it’s not possible to use the Angular requests directly)

Hope somebody can help us :slight_smile:

Thank you

Are the CORS errors happening when accessing port 4984 too?

If so, you must explicitly enable CORS in the Sync Gateway config

Note that the Admin REST API is not accessible on other domains that localhost. To access it remotely, the recommended approach is to set up an App Server that proxies the desired requests or to use ssh tunnelling if the access is purely intended for admin purposes.

They don’t happen in port 4984, CORS is enabled in the config file.

The website will be hosted on localhost only, but I guess the best way would indeed be to proxy the requests on to the app server.