Riddle me this batman… how do you integrate data from a Private System into a third-party application without an API?
Duct tape of course! Ok, not really duct tape… XHR/CORS.
With CORS, we can bolt integrations on to an existing codebase client-side without the need to write any new API or server code.
How does it work?
- Users authenticate to the Private System normally
- After, they log into Third-party system
- Third-party app makes request via XHR/CORS with credentials to the Private System, which handles the request normally
- This allows the third-party app to access the HTML pages directly and scrape the content to get the necessary info
There’s a gist explaining it below.
The Real World
In this particular situation, the third-party app was a Zendesk App (plugin) and the Private System was an ecommerce Admin with zero ability to communicate with the outside world.
Instead of spending weeks building and testing an API, this method allows us to get up in running in hours with almost no additional server-side code. (Just a couple new headers.)