Any web service which can be reached by an user device can be seen as a customer service. Your ERP system (for example, the AIS server of JD Edwards, Oracle Fusion Rest API or Sqge X3 API) can be seen as a customer service. Also web services like cargo processing services, billing services and map services can be accessed by the Appshare PWA and can be seen as customer services. The Appshare PWA only requires access to these customer services. The Appshare Services do not need access to customer services.
An ERP system is the source of truth for many customers. Appshare prefers not to store or cache data on the device of a user and keep it in the customer services. Appshare customer apps might decide differently based on user experience or performance requirements. The Appshare platform can facilitate these wishes.
Appshare prefers not to install anything in a customer service or make structural modifications. It should work without any modifications and leverage what is already there. For JDE, it does not add or modify objects and uses the security model and business functionality from the JDE applications.
The Appshare PWA connects to the customer service through a browser provided functionality (XmlHTTPRequest or fetch). These calls are limited in what the browser security context allows. For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that the Appshare PWA using those APIs can only request resources from the same origin (domain, scheme and port) the Appshare PWA was loaded from unless the response from other origins includes the correct CORS (Cross-Origin Resource Sharing) HTTP headers. A customer service on a different origin (domain or port) must return the correct CORS HTTP headers to allow the Appshare PWA origin
The required CORS Response HTTP headers are
- Access-Control-Allow-Origin: *
- Access-Control-Allow-Methods: GET, POST, OPTIONS