JSONP / CORS
JSONP is deprecated since years. You should no longer rely on this method to make cross-domain requests as JSONP incurs several security risks. Ipregistry supports Cross-Origin Resource Sharing (CORS), a modern alternative that is widely supported by browsers, saner and cleaner.
By default, the Ipregistry API allows all origins for CORS.
Filtering Origins by API key
You can filter origins, and control what API key is allowed to call the Ipregistry API, directly from the Ipregistry dashboard:
- Open your dashboard.
- Click on "API Keys" in the left menu.
- Click on "Edit" for the key you want to filter origins.
- In the "Origins" section, select "Filter by origins" for the dropdown option.
- Enter the URL prefix of the origins that are allowed (wildcard
*
is supported): - Save your changes.
CORS and origin filtering is made to protect your API keys from undesired usages. It should be used when you expose your API key publicly and perform requests to the Ipregistry API from the client-side (e.g. a Web app). If you make requests from the server-side, then your API key is secret. In that case, origin filtering must NOT be enabled or requests will fail with a Forbidden status.
The Ipregistry API also supports restricting usage of API keys by IP addresses. Follow the same as above in the "IP Addresses" section of the dashboard. Note that if you enable IP and origin filtering for a same key, then a disjunction is applied between both filters, meaning a matching IP address OR a matching origin is enough to have the filter pass and the response returned.
CORS support with IE8/IE9
Fetching data asynchronously with JavaScript from another domain in IE8 and 9 is only possible with XDomainRequest. You should also note that XDomainRequest will not let you make a request to our HTTPS API from a HTTP page: your origin page must use HTTPS.