JSONP
APPLIES TO: All API Management tiers
The jsonp policy adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients. JSONP is a method used in JavaScript programs to request data from a server in a different domain. JSONP bypasses the limitation enforced by most web browsers where access to web pages must be in the same domain.
Note
Set the policy's elements and child elements in the order provided in the policy statement. Learn more about how to set or edit API Management policies.
Policy statement
<jsonp callback-parameter-name="callback function name" />
Attributes
| Name | Description | Required | Default |
|---|---|---|---|
| callback-parameter-name | The cross-domain JavaScript function call prefixed with the fully qualified domain name where the function resides. Policy expressions are allowed. | Yes | N/A |
Usage
- Policy sections: outbound
- Policy scopes: global, workspace, product, API, operation
- Gateways: classic, v2, consumption, self-hosted, workspace
Usage notes
- This policy can only be used once in a policy section.
Example
<jsonp callback-parameter-name="cb" />
If you call the method without the callback parameter ?cb=XXX, it will return plain JSON (without a function call wrapper).
If you add the callback parameter ?cb=XXX, it will return a JSONP result, wrapping the original JSON results around the callback function like XYZ('<json result goes here>');
Related policies
Related content
For more information about working with policies, see:
- Tutorial: Transform and protect your API
- Policy reference for a full list of policy statements and their settings
- Policy expressions
- Set or edit policies
- Reuse policy configurations
- Policy snippets repo
- Author policies using Microsoft Copilot in Azure