CORS Error - Access-Control-Allow-Origin Header Missing

I hope this message finds you well. I am writing to seek assistance with a CORS (Cross-Origin Resource Sharing) error that I’m encountering while trying to access the Nuki API.

The specific error message I’m receiving is as follows: “Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”

This error suggests that the ‘Access-Control-Allow-Origin’ header is not included in the response from the Nuki API, thereby preventing cross-origin requests from my domain ‘’.

I have checked the API documentation, and it does not provide specific instructions or requirements regarding CORS. Therefore, I kindly request your assistance in resolving this issue. Could you please consider adding the necessary ‘Access-Control-Allow-Origin’ header to the API response or provide guidance on how to properly access the API from a different origin?

Thank you for your attention to this matter. I appreciate your support and look forward to hearing back from you.

Hi Sidonio,

We received your email and have requested for some clarifications in order to help you better. Will follow up on email further to resolve the issue.

Hi Poonam,
I have the same issue since last week. I have the API call with unlock functionality working for more than a year already. And now it suddenly does not word any more. I haven’t changed anything to my coding for months already. So that is not the issue.

I get the following error:
Access to XMLHttpRequest at ‘’ from origin ‘https://app.xxxxxxxxxx.xx’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Can you help me to resolve this issue.

Kind regards,


The CORS configurations were changed on our servers on 04.03. to comply with stricter security requirements. The access to API endpoints form localhost is no longer supported.

One way to resolve this issue is through Proxying the Request
If you don’t have control over the server’s CORS configuration, you can proxy the request through your own server. Your server can make the request to ‘’ on behalf of your web application. Since the request is coming from your server, CORS won’t be an issue.

1 Like