Getting CORS error at set password api


While trying to call set password api Users | Okta Developer
getting CORS error.

I also added my url in okta trusted origns in CORS/Redirect. But still getting CORS error.

Can someone please help to fix this issue?

Naga Vijay


Not all the management endpoints support CORS

/api/v1/users does not have it marked.

What are you passing for the Authorization header, a bearer token or API Token?

1 Like


In the Authorization header, i am passing API Token.


But getting cors error.

Thanks and Regards,
Naga Vijay.

Do not send your API token in a CORS request! This will expose your admin token to anyone sniffing network traffic!

As @erik mentioned, the /users endpoint is not marked as CORS enabled in our documentation. You should look to call this endpoint from a back-end/server instead of from the front end