Claude API
How do you handle CORS issues when calling the Claude API?
QUICK ANSWER
Do not call the Claude API directly from client-side browser scripts, as it will trigger CORS policy blocks and expose your API keys. Instead, implement a secure proxy backend endpoint to handle the requests.
Security and CORS Setup
Anthropic intentionally blocks CORS requests from client browsers to prevent api key exfiltration. Set up a simple Express.js proxy on your server to handle calls safely:
app.post("/api/chat", async (req, res) => {
const response = await fetch("https://api.anthropic.com/v1/messages", {
method: "POST",
headers: {
"x-api-key": process.env.ANTHROPIC_API_KEY,
"anthropic-version": "2023-06-01",
"content-type": "application/json"
},
body: JSON.stringify(req.body)
});
const data = await response.json();
res.json(data);
});
Verified against: Anthropic Security Best Practices