(edited by RobbyT.1925)
Forum for new developers
We worked this out over gitter, but for anyone else following along, the issue was that
var url = “https://api.guildwars2.com?access-token=<” +key +">/v2/account";
should have been
var url = “https://api.guildwars2.com/v2/account?access_token=” + key;
Also lawton, wouldnt the requestheader call-
}
//request.setRequestHeader("Authorization", "Bearer<<snipped because OP probably doesnt want it shared>>");
request.send();
}
be slightly redundant, as that’s in effect what you’re doing when you append the apikey to the end of the url?
Yeah, it would.
Our backend doesn’t support OPTIONS requests which means we can’t preflight CORS requests — so code running in the browser can’t actually set an authentication header — so for most use-cases the key has to go in the URL. Which is a bit unfortunate, but it is what it is.