Generated API Key is not functional

[slavakurilyak]

Bug Description

When attempting to use the generated API Key for accessing resources, the key appears to be non-functional, as indicated by the API Key field turning RED. This issue can be observed when navigating to:

https://docs.twenty.com/rest-api/metadata#/

Example:
Upon visiting the specified URL, the expected behavior is for the API Key to function properly and allow access to the requested resources. However, the key turns red, and the console logs a CORS policy error indicating that the "Access-Control-Allow-Origin" header is missing from the requested resource. Here's a screenshot indicating the issue:

Expected behavior

The generated API Key should be functional, allowing access to the API without encountering CORS policy errors or any indication (such as the API Key field turning red) that suggests the key is non-functional.

Technical inputs

The issue stems from a CORS policy error, specifically:

metadata#/:1  Access to fetch at 'https://front-kqsk.onrender.com/open-api/metadata' from origin 'https://docs.twenty.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This suggests that the server at https://front-kqsk.onrender.com is not configured to include the necessary Access-Control-Allow-Origin header in its responses. Addressing this by ensuring the server sends the correct CORS headers should resolve the issue.

Disclaimer:

This CRM instance was deployed using Render

[FelixMalfait]

I think that's because you're querying the frontend. You should put the backend url instead :)

Next week we will release a new docker image that will avoid this kind of problem #4589 ; frontend will be served by the backend directly

[gardner]

This still happens. It's a CORS issue.