The Decision API supports CORS for AJAX requests. Github's documentation has a good overview of CORS.
If you make client-side requests to the Decision API and expect cookies in the response, you must pass the XHR headers described below.
The CORS preflight request looks like this:
curl -i https://e-23.adzerk.net/api/v2/ -H "Origin: https://example.com/page.html" -X OPTIONS
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept, origin, content-type, content-length
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin: http://example.com/page.html
Date: Fri, 09 Jun 2017 20:33:34 GMT
Server: nginx/1.1.19
X-Powered-By: Express
Content-Length: 0
Connection: keep-alive
You must pass withCredentials: true on xhrFields in the request to enable cross-domain requests. See the jQuery example below:
<!DOCTYPE html>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<script>
$.ajax({
data: JSON.stringify({
placements: [
{
divName: "testDiv",
networkId: 23,
siteId: 667480,
adTypes: [5]
}
]
}),
dataType: "json",
method: "POST",
url: "https://e-23.adzerk.net/api/v2",
xhrFields: {
withCredentials: true
},
success: function(data) {
$("#testDiv").html(data.decisions.testDiv.contents[0].body);
}
})
</script>
<div id="testDiv">this text will be replaced by an ad</div>
The cookie returned in a response is the azk cookie with a user's User Key as its value. Refer to the User DB documentation for more info.
The cookie will originate from the domain used to make the request. If you use a white-labeled domain to call the Decision API, you should expect cookies from that domain.