Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CORS support for Connect api

Former Member
Former Member over 11 years ago
Hi,

I would like to write a javascript service to access the to download and
show tracks on a high resolution orienteering maps.
The Connect API seems seems to fit the purpose.
To do that I would like that the http://connect.garmin.com/proxy/activity-service-1.3 emits
CORS headers so that the browser will accept the api call.

So please emit this html header :
Access-Control-Allow-Origin: *

In this way I hope I can allow the user to login in the browser under Garmin Control and
afterwards the script running in the same browser can access his connect activities.
Otherwise I would have to write code to include the password in the url from my web server
and that would increase security threats.

Best regards
Olav Kvittem
  • 0 over 11 years ago
    If they did that then any website could access all of their Garmin data, including making changes to their profile. Sounds like a bad idea to me.
  • 0 over 11 years ago
    Also, the username and password are sent as request data over an https connection. Should be secure, right? It seems the only thing you need to worry about would be retting and storing users passwords.

    I'm not really a web guy, but creating an HTML form to submit queries seems to work fine if the user has a valid authentication cookie. If that works, why wouldn't client side JavaScript work?
  • Former Member
    0 Former Member over 11 years ago
    I'm also interested in this feature.
    I want to have in Garmin Connect some 'serious' features from Golden Cheetah like HR Zone histogram and Performance Management Chart.
    Just because Garmin has no plans to introduce such features I would like to write own web application because I don't like to duplicate my activities in multiple places, services, desktop applications etc.

    I'm hoping that Garmin will officially share their API with public and made it CORS enabled.