I have a blocker using an external API

Hi, I’m trying to use Xendit for the payment process on my app. I’ve tried using custom JS and REST api request, both of which are to no avail. Whenever I use the REST api request, I always stumble upon a network error and when I try to make the request through a server, it returns an error 500.

As for the custom JS, I get blocked by the CORS policy.

Attached are some screenshots, JS code, and the api I’m trying to use:

let body = 
    'external_id': 'testFee',
    'amount': 1000,
    'description': 'TestInvoiceFee',
    'customer': {
      'given_names': 'John Waldo',
      'surname': 'Magalona',
      'email': 'waldo.magalona@ahglab.com'
    'customer_notification_preference': {
      'invoice_created': [
      'invoice_reminder': [
      'invoice_paid': [
      'invoice_expired': [
    'success_redirect_url': window.location.href,
    'failure_redirect_url': window.location.href,
    'currency': 'PHP'

fetch('https://api.xendit.co/v2/invoices', {
  method: 'POST',
  headers: {
    'Content-Type':  'application/json',
    Authorization: 'Basic eG5kX2RldmVsb3BtZW50X0ZnenRmdlkwWFJONXFrZDBGRVhxcXJZZ0tWblgyUmJrbWt5Vlh2bjhrUW8zYklzcFVSTWllMjFxbTZCTlg9PTo='
  body: JSON.stringify(body),
.then((response) => response.json())
.then((data) => {
  console.log('Success:', data);
.catch((error) => {
  console.error('Error:', error);


It looks like the API is meant to be used server side as they do not handle CORS.
The api request maybe is failing because is not getting the right data. Are you adding the data as fields or query string?
Also keep in mind that now we all know your auth password from the code you posted, and all the user of your app will know it as well. If this API is meant to be used server side you should consider to make this request on your backend.

1 Like

Thank you @dorilama. I guess I might do it on my backend. I’ve already deleted that auth password on my Xendit account before posting this :smiley:


Looking at your second screenshot, where you make a server-side request but still get a 500 error.

You unfolded the response. Can you also show what’s inside data of that response?

It might include more information about what is not working with the API call.

Hi @Joyce this is the content of data:

success: false

is it possible to install dependencies on our weweb app?

what about the data of the request? maybe it’s not the right data and the server does not handle the exception.