Authentication not working in a browser

I am not sure if I am doing something wrong or if the API is disallowing headers via CORS. I am working on my Raspberry Pi dashboard and have code like this:

function fetchYnab(path) {
  return $.ajax({
    type: "GET",
    url: "" + path,
    dataType: "jsonp",
    headers: {
      "Authorization": "Bearer " + YNAB_TOKEN,

function fetchYnabBudgets() {
  fetchYnab("/budgets").done(function(result) {
    console.log("budgets", result)

And just keep getting a 401. I know that the API is not meant to be used for anyone except the owner of the budget - so I can understand why the API might block browsers in this way. Any suggestions on this?

3replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Gold Commander We aren't adding CORS headers in the responses yet so this is why you are getting a 401.  It's on our list and will probably come once we offer more auth options other than access token based HTTP Basic Authentication.  In the meantime, you will need to hit the API from out of a browser context.

    Reply Like 1
      • Buck Ryan
      • Gold_Commander
      • 1 yr ago
      • Reported - view

      Brady at YNAB Makes sense - thanks for the response.

      Reply Like
  • Buck Ryan We now have CORS support!  Additionally, the JavaScript client has been updated to include a browser friendly build:

    Reply Like
Like Follow
  • Status Answered
  • 1 yr agoLast active
  • 3Replies
  • 537Views
  • 2 Following