CORS Error When Accessing NPPES NPI Registry?

Having access to medical information is more important than ever. So it’s a great thing that the NPI Registry Public Search provides a free directory of all active National Provider Identifier (NPI) records. However, if you are trying to develop an application that relies on the NPPES NPI Registry, you have likely run into every web API consumer’s worst nightmare: CORS:

Without going into too much detail about CORS problems, here’s a quick overview: Browsers don’t like it when one server requests a resource from another server. If you are building a front-end application that makes a call to the NPI server, your browser will automatically suspect foul play. That is, unless the other server includes an Access-Control-Allow-Origin header with permission given for the front-end server.

If you happen to own the resource server, the fix is pretty easy: just include the header. But if you owned the server, you wouldn’t be reading this.

It might seem that you are out of luck, but there are a number of possible workarounds. The simplest thing to do is to create a proxy that makes the request on a client’s behalf and returns the requested content on the server’s behalf. That way the browser will be making requests to a server that you do control.

How do we do that? Well, it’s actually pretty simple.

I’ll be using the Flask framework, just because it is so easy to use. But as you’ll see, the basic idea is easy to implement in your medium of…