Access token endpoint and CORS


I’m trying to exchange an auth code for an auth token. It looks like doesn’t support CORS but I can’t find any documentation around it. Has anyone else run into this, or does anyone have any insight?

Thanks in advance,


I don’t believe any of the Nest API endpoints support CORS. Why would you need it when requesting an access token?


Thanks for the reply

When I try to request the token I’m getting this message
17 PM which leads me to believe the issue is related to CORS. If I make the request with { mode: ‘no-cors’ }, I have trouble reading the response.

When I make the request from a server, it works fine. I haven’t found any docs on this site that say you have to make that request from a server/non-client environment. Trying to sort out what’s going on…


If the request works from a server, then this is probably due to your setup (using ngrok to tunnel to a localhost?) rather than anything to do with the Nest API endpoint. It may be sending headers that the endpoint is not expecting.

If there’s a way to see what the Body of the 400 response is, that might help too. There are a few different things that could cause it:

Also, this Stack Overflow Q&A on the same error you’re getting might be helpful: