Cumulocity IoT Tips and tricks - Cannot access Cumulocity REST APIs, 'Origin ... is not allowed by Access-Control-Allow-Origin'

If you are developing JavaScript applications and get errors calling Cumulocity REST APIs, here's a likely reason:

"You are serving the JavaScript from an own web server (localhost) and access a different site from the XMLHttpRequest (cumulocity). The "same origin policy" does not permit this (http://en.wikipedia.org/wiki/Same-origin_policy).

JavaScript development environments usually have a way to work around this. I recommend you to use our tooling based on NPM and grunt, see here: http://cumulocity.com/guides/web/introduction/. We also have JavaScript libraries that solve about all standard use cases in working with the APIs, which should save you some time: http://resources.cumulocity.com/documentation/jssdk/latest/#/core Both tooling and libraries can also be used for standalone apps, if you do not want to implement plugins to Cumulocity.

As last resort, you can also enable cross-site scripting in Cumulocity in the administration tool. I don't recommend this, though."