The Decision API supports CORS for Fetch requests. Github's documentation has a good overview of CORS.
If you make client-side requests to the Decision API and expect cookies in the response, you must pass the CORS headers described below.
The CORS preflight request looks like this:
curl -i https://e-23.adzerk.net/api/v2/ -H "Origin: https://example.com/page.html" -X OPTIONS
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept, origin, content-type, content-length
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin: http://example.com/page.html
Date: Fri, 09 Jun 2017 20:33:34 GMT
Server: nginx/1.1.19
X-Powered-By: Express
Content-Length: 0
Connection: keep-alive
You must pass credentials: "include" on the Fetchoptions in the request to enable cross-domain requests. See the Fetch example below:
<!DOCTYPE html>
<script>
fetch("https://e-23.adzerk.net/api/v2", {
method: "POST",
credentials: "include",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
placements: [
{
divName: "testDiv",
networkId: 23,
siteId: 667480,
adTypes: [5]
}
]
})
})
.then(response => {
if (!response.ok) {
throw new Error('Network response was not ok');
}
return response.json();
})
.then(data => {
document.getElementById("testDiv").innerHTML = data.decisions.testDiv.contents[0].body;
})
.catch(error => {
console.error('There was a problem with the fetch operation:', error);
});
</script>
<div id="testDiv">this text will be replaced by an ad</div>
The cookie returned in a response is the azk cookie with a user's User Key as its value. Refer to the User DB documentation for more info.
The cookie will originate from the domain used to make the request. If you use a white-labeled domain to call the Decision API, you should expect cookies from that domain.