That means you’re going to have to connect to Veeqo on the frontend which is what you’ve attempted already but you’ve received the error above. The only way as Phil mentioned previously is to create a separate app (using any programming language) on a server hosted by you to take the request via AJAX in BusinessCatalayst, send that request to Veeqo and then output the results. Also as part of this to avoid the error above you’ll need to expose the BusinessCatalyst URL in the Access-Control-Allow-Origin header. So you can pass for example this in the header from your custom app server:
This will allow BusinessCatalyst to access that resource on your server without such problems. Also this is much more secure and gives you more control because if you were making the request directly from the content area of BusinessCatalyst to Veeqo, you would need to expose your API in the request headers meaning that any visitor would be able to see them which you should absolutely never do.
In regards to your questions:
Do you think Veeqo devs will come to implement OAuth in the future?
We’re working on OAuth 2.0 authentication right now, it’s getting there and we’re just performing finishing touches. We’ll need to perform some tests on it first and begin by integrating it with internal apps first, then we’ll notify developers when it’s ready for public release.
Does it mean that Veeqo is currently vulnerable to hack attack?
Absolutely not. API keys aren’t too common these days due to how prone they are to being released accidentally (for example in version control, or in public API requests) so this is why we always recommend to keep them stored securely so that only you/your application has access to them on the sever side - nobody else should know it. This is why we’re introducing alternative authentication methods for API requests.
Hope this helps you!