I’m trying to find a way to use the API to search/create/update Records without incurring a CORS violation.
It seems like everyone is discussing this as if it isn’t an issue and yet I get intermittent CORS errors on any AJAX calls I make. This code is being run by any users logged into our application and has to be able to run client-side. I’d give examples but I’d rather not accidentally expose confidential information.
I have looked into this, however, I’m trying to make more specific uses of the data such as populating PDFs and updating multiple records with a custom form. I don’t think I can accomplish this with the built in view-based implementation. At least I don’t think so?
I understand you don’t want to share on the forum. It is very hard to understand what is going on without seeing what you are doing. If you’d like me to help you can send me a message and we can arrange a chat. I have had the CORS error message before and have setup multiple API calls throughout my app including inserting fields into the html.
Using the above code in the builder even behind a login would mean anyone with your URL could access any data in your app.
For all our API’s we use view-based API calls as this does not expose your API key. The only downside to this is that you need an existing view in your app. For a GET any view will do, for a POST you will need a form and a PUT a grid with inline edit turned on.
I have used the object-based API when I am connecting an external app to access the data i.e. Excel, Make/Integromat, Zapier.
What you are trying to do:
Create a form with inputs that correlate to different objects in Knack
Use code to PUT that data into their respective objects
I’m more so used to accessing a SQL database through PHP so I’m not used to these limitations.
If you have no use for a view as the data being accessed is simply being converted into another format such as PDF or a page for printing, how do you go about making a view-based call? What sort of view do you create and is it doing anything in this case (aside from allowing you to make a call without including the API key)? Sorry if these are dumb questions.
None of what you are asking is dumb, we found it very frustrating when we started. I completely agree about the limitations of Knack. When we first started, we could not believe that you could only update one object at a time with a form.
Having said that, the view-based requests are the way to go. We have quite a few views that are hidden and we have a whole login page where we store views that are only used for API calls, which we untick the box show in menu:
If you are updating existing records, then you will need tables that show each field you would like to update. With inline editing turned on. You will also need the Knack record ID of the record that connects all your objects. You can get this dynamically using code or from an API GET or even from the URL.
You can also use filters to zone in on specific records, so you don’t have to do as much cycling through records.
Here is an example of a function that will create some filters:
We have an API function that deals with all of our call and it got quite complex but it will do:
Parent > Child GET - used if you need data from the child record of the record ID you pass in this works slightly differently to other type of GET as you need to pass in the recordId and the slug of the scene where the view exists that you are trying to get the data the URL looks a bit like this: