Cannot get the authorization token in Javascript, although the call works in nPostmen

Skip to first unread message

Jun 27, 2023, 6:35:23 PM6/27/23
to ORCID API Users

I am trying to get authorization token after I get the code from the /authorization call. Getting token works in postmen, but not in Javascript. It returns :
"Access to fetch at '' from origin 'https://vivli.local' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."

At the same time the POSTMAN call with all the same parameters works and returns the json with authorization call.

Here is my code:
var myHeaders = new Headers();
myHeaders.append("Accept", "application/json");
myHeaders.append("Content-Type", "application/x-www-form-urlencoded");

var urlencoded = new URLSearchParams();
urlencoded.append("client_id", "my id");
urlencoded.append("client_secret", "my secret");
urlencoded.append("grant_type", "authorization_code");
urlencoded.append("code", code);
urlencoded.append("scope", "/activities/update");

var requestOptions = {
method: 'POST',
headers: myHeaders,
body: urlencoded

fetch("", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));

Please help!

Thank you,


Fran Alsina

Sep 27, 2023, 5:27:49 AM9/27/23
to ORCID API Users
Hi Irene,

Thank you for the details.

These calls to our API cannot be made in a web browser, since those contain client-secrets and user information. They must be made by your server or a tool like Postman.

More details can be found here:

I hope that this helps.

Thank you and best regards,
Reply all
Reply to author
0 new messages