The web page viewed by the user integrates cross-origin content [without
use of iframes]. API requests are made directly from the user's browser.
Because API response is coming from a different domain than the web page
content it is subject to a cross domain browser policy. The browser sets
"Origin" HTTP header on the API request. If the domain of the site is
authorized to use API content, the API server sets
"Access-Control-Allow-Origin" HTTP response header. If the "Origin" and
"Access-Control-Allow-Origin" response headers match then browser allows
content integration and interaction on the same page.
Client side rendering model is based on browser capability of applying
XSLT transformation to API response in application/xml format. As shown
API search examples
, content of the web page combines search form and search results as
being rendered by the browser based on API response and given
correspoding xslt file. Here is how this model can be applied for 3rd
Note: Please do not forget that in order to leverage CORS functionality you will need to provide authorized domains to be associated with you API key. By default we add your website URL to the CORS domain list associated with your API key. You can add additional domains or modify existing domains through the 'Modify API key settings' page.