Authentication not working in a browser

I am not sure if I am doing something wrong or if the API is disallowing headers via CORS. I am working on my Raspberry Pi dashboard and have code like this:

function fetchYnab(path) {
  return $.ajax({
    type: "GET",
    url: "" + path,
    dataType: "jsonp",
    headers: {
      "Authorization": "Bearer " + YNAB_TOKEN,

function fetchYnabBudgets() {
  fetchYnab("/budgets").done(function(result) {
    console.log("budgets", result)

And just keep getting a 401. I know that the API is not meant to be used for anyone except the owner of the budget - so I can understand why the API might block browsers in this way. Any suggestions on this?

3replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Gold Commander We aren't adding CORS headers in the responses yet so this is why you are getting a 401.  It's on our list and will probably come once we offer more auth options other than access token based HTTP Basic Authentication.  In the meantime, you will need to hit the API from out of a browser context.

    Like 1
      • Buck Ryan
      • Gold_Commander
      • 2 yrs ago
      • Reported - view

      Brady at YNAB Makes sense - thanks for the response.

  • Buck Ryan We now have CORS support!  Additionally, the JavaScript client has been updated to include a browser friendly build:

Like Follow
  • Status Answered
  • 2 yrs agoLast active
  • 3Replies
  • 550Views
  • 2 Following