Im mucking around with an Angular 2 app that consumes parts of this API. Im able to do gets in postman without any issue, but when i try to do it from my app i get this error in the console
XMLHttpRequest cannot load https://api.transport.nsw.gov.au/v1/gtfs/schedule/buses/Major_Event. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500.
I’m fairly sure that the API does not support cross-domain/cross-origin requests. For security reasons, browsers do not allow requests XMLHttpRequests to be made between sites of different domain by default.
Your originating domain is localhost:4200 whereas the server you’re requesting is api.transport.nsw.gov.au. Since the domains aren’t matching, and your domain (localhost:4200) isn’t listed in TfNSW’s Access-Control-Allow-Origin header response, you’re presented with an error.
The reason why Postman works is that as a browser extension, you’ve granted the extension “permission” to make requests to other servers with non-matching domains.
I should also add that the GTFS-R data isn’t meant to be consumed directly by an end user client. Rather, it should be consumed by a server-side application, digested/processed, then fed to a front-end client (e.g. a web based client built in Angular).
You could build something on your server side which downloads the GTFS-R data from TfNSW’s servers, processes the protocol buffers and returns the data in a JSON format. That would easily be digestable by a modern browser and in your Angular application.
Hope that helps.
edit: I guess you could also make your Angular application a browser extension