Cumulocity IoT Tips and tricks - Cannot access Cumulocity REST APIs, 'Origin ... is not allowed by Access-Control-Allow-Origin'

If you are developing JavaScript applications and get errors calling Cumulocity REST APIs, here's a likely reason:

"You are serving the JavaScript from an own web server (localhost) and access a different site from the XMLHttpRequest (cumulocity). The "same origin policy" does not permit this (

JavaScript development environments usually have a way to work around this. I recommend you to use our tooling based on NPM and grunt, see here: We also have JavaScript libraries that solve about all standard use cases in working with the APIs, which should save you some time: Both tooling and libraries can also be used for standalone apps, if you do not want to implement plugins to Cumulocity.

As last resort, you can also enable cross-site scripting in Cumulocity in the administration tool. I don't recommend this, though."