ThingWorx Flow > Making a REST Call from an External Website to ThingWorx Flow
  
Making a REST Call from an External Website to ThingWorx Flow
If a website tries to make a REST call to the ThingWorx Flow server, the server blocks the request, as it is a Cross-Origin request. To allow this, the ThingWorx Flow server must be configured to allow Cross-Origin requests from websites. Add a CORS (Cross-Origin Resource Sharing) filter to the ThingWorx Flow server to enable Cross-Origin requests. This allows other websites deployed on a different server to access data from the ThingWorx Flow server.
Complete the following steps to enable a website to make a REST call to ThingWorx Flow:
1. Shut down any running Nginx instances.
2. Open the vhost-flow.conf file at the following location under your Nginx installation.
Windows: C:/Program Files/nginx-<version>/conf/conf.d
Linux: /etc/nginx/conf/conf.d
3. In the vhost-flow.conf file, under the location /Thingworx section, locate the proxy_set_header X-Content-Type-Options nosniff; line, and add the following lines:
set $cors '';
# Right side of condition can be regular expression:
# if ($http_origin ~ '^https?://(localhost|www\.yourdomain\.com|www\.yourotherdomain\.com)')
if ($http_origin = '<Origin_that_calls_ThingWorx_Flow>') {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
}
# OPTIONS indicates a CORS pre-flight request
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '$http_origin';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
4. Replace <Origin_that_calls_ThingWorx_Flow> with the URL of the website that is trying to access ThingWorx Flow.
5. Restart the Nginx service.