Jump to: navigation, search

Cross-Origin Resource Sharing

This is part of the API Basics section of the Web Services API.


Cross-Origin Resource Sharing (CORS) is a specification that enables open access across domain-boundaries.

Each contact center can define their own allow origin list through Web Services access control settings.

Web Services will filter an incoming request by merging global allowOrigins and contact center access control settings by using an Admin account.


The following operations are available for this group:

Operation Description Permissions
GET Retrieves an array of settings Contact Center Admin
POST Creates a new setting in this group. allowedOrigins is the only valid setting. Contact Center Admin
PUT Updates a setting. Contact Center Admin
DELETE Removes a setting. Contact Center Admin


Attribute name Description
allowedOrigins An array of valid "origins" for this contact center. The CORS filter will use this list to validate incoming requests.
Wildcards are allowed in the context of a domain name for allowedOrigins, but "*" by itself is not permitted.


Retrieve access control settings

GET /settings/access-control {
  “value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com"]

Add "genesys.com" to the list of domains

PUT /settings/access-control {
  “value”: ["https://cloud.genhtcc.com", "https://*.genhtcc.com", "https://*.genesys.com"]
When sending the above, the entire array must be sent
This page was last edited on March 25, 2016, at 18:22.
Comments or questions about this documentation? Contact us for support!