API Gateway
The API gateway is a tool to allow Temenos Explorer to make direct server to server API calls and handle associated authentication. By making all API calls direct server to server, we avoid encountering CORS issues often encountered when API requests originate from the client-side browser (see below for more info).
What is CORS?
Cross-Origin Resource Sharing (CORS) is a mechanism implemented by browsers that block websites from requesting data from other URLs. When a browser makes a request, it adds an origin header to the request message. If it goes to the server of the exact origin, it is allowed by the browser, and if it does not, the browser blocks it.
When testing your code in the browser you will want to be able to call out to external APIs. With most APIs you will encounter a CORS error as the API is configured to only allow requests from specific origins (which does not include your local webserver localhost) resulting in the browser blocking your request.
To get around this issue we need to introduce a proxy server which will act as a bridge between the browser and the APIs. So, instead of your code sending a request directly to the APIs, it sends the requests to the proxy. The proxy then forwards the request to the target APIs and returns the responses with the proper CORS headers so that they are accepted by the browser.
There are many CORS proxy solutions available but we recommend using the API gateway provided with Temenos Explorer.
Configuring the API Gateway
You can find out more about how to configure and run the API gateway in the API gateway user guide.