Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.

First time visiting? Here are some places to start:
  1. Looking for a certain topic? Check out the categories filter or use Search (upper right).
  2. Need support? Ask a question to our Community Support category.
  3. Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
  4. Be respectful, on topic and if you see a problem, Flag it.

If you would like to contact our Community Manager personally, feel free to send a private message or an email.


Onshape REST API using JavaScript

We are using the Onshape REST Api to extract data from Onshape.  We have this working using C# as well as Node.js, but I would like to do the same from client-side javascript.  Everything is in place using Ajax and I've verified all authorization headers are correct.  My problem is currently with the  "Date" header throwing the error: Refused to set unsafe header "Date".

Is this even possible or has anyone accomplished this?

Thanks for any help...


  • Options
    jakeramsleyjakeramsley Member, Moderator, Onshape Employees, Developers Posts: 657
    Can you give a little context why you want to use a Date header for a client request call?
    Jake Ramsley

    Director of Quality Engineering & Release Manager              onshape.com
  • Options
    awkawk Member, Onshape Employees, Developers Posts: 78
    The browser prevents javascript from setting a number of headers as a mechanism to stop forms of Cross Site Scripting and/or replay attacks from a compromised client. There is no work-around to avoid the browser if you're trying to set some header values from javascript in the browser.

    I'd echo Jake's point too - why do you need to set the Dates header on a REST API call? I can't think of any of our APIs that are particularly specific to the Date header. Furthermore we expect the REST API calls to be made from a server context and not directly from a browser.
    Director of API, Appstore, and App Partner Technical Support
  • Options
    gary_clough057gary_clough057 Member Posts: 7
    Thank you for your replies... Based on the sample code from GitHub demonstrating the usage of the API Key ( https://github.com/onshape-public/apikey ) I was under the impression it was required.  I tried removing it from the Node.js example and I got a 401 unathorized.  Here are the Headers that are working with the Node.js and C# implementations:
        headers['On-Nonce'] = onNonce;
        headers['Date'] = authDate;
        headers['Authorization'] = asign;
        headers['Accept'] = 'application/vnd.onshape.v1+json';

    Thanks again for the help.
Sign In or Register to comment.