Getting a list of apps for a user REST API gives CORS error

I’m calling from an SPA application the Okta API - ""; and get a Access to XMLHttpRequest at ’’; from origin ’ http://localhost:4200’; has been blocked by CORS policy:

  1. I’ve already added http://localhost:4200/ to my Security->API->Trusted Origins.
  2. I know the origin works because I am able to authenticate with implicit/callback and it didn’t work prior to me adding it.
  3. The API call from Postman works and it returns a list of apps.

Here’s my angular code:

const httpOptions = {

  headers: new HttpHeaders()

    .set('Accept', 'application/json')

    .set('Aauthorization', 'SSWS ' + this.apiToken)

    .set('Content-Type', 'application/json')


return this.httpClient.get(this.appsUri + '?[](' + username, httpOptions);

This seems like a very straightforward API call but I can’t get it to work. Can anyone shed some light? Many thanks in advance.

Hi @happyelegance

The endpoint /api/v1/apps is not CORS enabled. The best solution to achieve this use-case would be by doing the request to Okta through a back-end channel and return the response in the front-end in order to be used by the Angular application.

That was my plan B. I just wanted to make sure I’m not missing anything. Thanks for confirming.