CORS error with API using PAT

We have a very simple custom form on a website that we want to have submit via POST to our Keap account. Lead fills out a simple form, they then get placed into our Keap account as a Customer.

The API docs look pretty straightforward, making the connection to the API seems to be where things fall apart. At this time, we’re using a simple Personal Access Token, instead of building a complete backend and making the many API calls through authentication, then tokenization, then to /contacts. We’re starting here and may switch to building out a full back-end.

This is our fetch with a method of POST when the form is submitted:

/’, {
method: ‘POST’,
headers: {
‘Content-Type’: ‘application/x-www-form-urlencoded’,
‘X-Keap-API-Key’: process.env.PAT,
body: {
email_addresses: [
email: ‘’,

What we get is: CORS error
Request URL:
Referrer Policy: strict-origin-when-cross-origin

1 Like

Hello Matt,

This is probably due to the fact you are trying to run the request from your browser. Browser is enforcing the CORS (same origin) policy and won’t allow you to send requests to Keap API. Please use Postman or curl or any other way to send the request to test your requests.

This authentication method (using the access token) is meant to be used between your API and Keap API so that your token is not visible on the client side. Otherwise anyone would be able to get your access token and send post requests on your behalf.

Hope this helps!

Cheers, Vlad