CORS / JSONP
JSONP is deprecated since years. You should no longer rely on this method to make cross-domain requests as JSONP incurs several security risks. Ipregistry supports Cross-Origin Resource Sharing (CORS), a modern alternative that is widely supported by browsers, saner and cleaner.
By default, the Ipregistry API allows all origins for CORS.
Filtering Origins by API key
You can filter origins, and control what API key is allowed to call the Ipregistry API, directly from the Ipregistry dashboard:
- Open your dashboard.
- Click on "API Keys" in the left menu.
- Click on "Edit" for the key you want to filter origins.
- In the "Origins" section, select "Filter by origins" for the dropdown option.
- Enter the URL prefix of the origins that are allowed (wildcard
*
is supported): - Save your changes.
CORS and origin filtering are designed to safeguard your API keys against unauthorized access. They should be activated when revealing your API key in public and when making requests to the Ipregistry API from the client-side, like in web applications. However, if you're making requests from the server-side, your API key remains confidential. Under these circumstances, you shouldn't enable origin filtering; otherwise, you'll encounter a Forbidden status in response to your requests.
The Ipregistry API also supports restricting usage of API keys by IP addresses. Follow the same as above in the "IP Addresses" section of the dashboard. Note that if you enable IP and origin filtering for a same key, then a disjunction is applied between both filters, meaning a matching IP address OR a matching origin is enough to have the filter pass and the response returned.
CORS support with IE8/IE9
Fetching data asynchronously with JavaScript from another domain in IE8 and 9 is only possible with XDomainRequest. You should also note that XDomainRequest will not let you make a request to our HTTPS API from a HTTP page: your origin page must use HTTPS.