CORS Error for endpoint "api/v1/apps"


Even though the origin domain is added in trusted origins, getting CORS error for endpoint “api/v1/apps” whereas the other endpoint “api/v1/users/me” just wokrs fine. Below is the code i have written. Please help me in understanding what might be the issue.

//url: “https://<>/api/v1/users/me”,
url: “https://<>/api/v1/apps”,
//url: “https://<>/api/v1/apps?“”&expand=user/”,
type: ‘GET’,
dataType: ‘json’,
contentType: ‘application/json’,
xhrFields: {
withCredentials: true
success: function (data) {
error: function(err){


Not all Okta api endpoints support CORS. It’s basically only the primary authentication endpoints (/api/v1/authn), session endpoints (/api/v1/users/me) and oidc/oauth authorization endpoints (/api/oauth2/v1/authorize) that support CORS. (This is not an exhaustive list - there are others). Generally speaking the management apis - or those apis that require an api token - do not support CORS.


Thanks for your reply :slight_smile: In such case, Could you please suggest an alternate approach to use that API endpoint? Basically i want to get all the apps for a particular user and build the dashboard dynamically listing all the apps assigned to current logged in user.