The B2C Checkout endpoint has the option to use modern browsers' Cross-Origin Resource Sharing (CORS) support to allow a checkout call from a safelisted domain using a publishable key.
Typically, an online ticketing integration follows a flow similar to this:
The following configuration items must be completed in order to enable CORS checkout.
Tip: When creating a user for an integration, we recommend using a 1:1 user to integration relationship. Ex. online_ticketing_api_user, crm_integration_user, etc. This will help you troubleshoot integrations should you ever have an issue.
To get started, please refer to Requesting an API Key.
Note: The Safelisting process can take up to two weeks to complete.
The CORS checkout endpointuses the same format and payload as the normal B2C checkout. Refer to B2C Checkout for more information.
The following headers are required for a CORS checkout:
Refer to Working with ACME's APIs for more information about headers and examples
WARNING: You should never send your normal API key () or a session key ( ) in a call directly from your frontend to ACME’s backend as this is like publishing your ACME username and password. Any integrations found to be using exposed API keys will be deactivated by ACME.