Making API calls from JQuery

I've got a question regarding using jquery to make calls to the api.

I have my webapp working great with the api. It authenticates, I can call the api and get all the data. Now I need to do a little javascript work, so I am calling the geni api from jquery and appending ?access_token=.... to the end of the url.

ex. https://www.geni.com/api/profile/immediate-family?access_token=DtM3.....

When jquery makes the call, everything seems to be ok, the headers look good and the response has a 200 code, but the response body is empty. If I take the exact url (including the access token) and put it in a web browser window, everything loads correctly.

Any ideas on why the response is empty on an ajax call?

I guess you webapp doesn't live on the geni.com domain, so when you try to make an ajax call to their api from your own domain, you run into the cross domain issue. Ajax requests to third party websites are normally not possible because of security restrictions. Your ideal solution would be JSONP, but not sure geni's api supports is. For tips & ideas: http://www.google.com/search?q=jquery+cross+domain

Geni supports JSON. Just look up the documentation. :)

Actually, here's what you do. Just change your url:
https://www.geni.com/api/profile/immediate-family.json?access_token...

If you add .json to any call voila, JSON. :)

I hadn't thought about cross-site issues. Well, no worries. Since I can run the api through my webapp, I can just make an ajax call to my webapp and let it do the api call for me.

We don't currently support JSONP due to a potential privacy violation(*). Passing the AJAX call through your servers first is the best approach for now. We're currently investigating whether we can support JSONP with sufficient privacy protection, or maybe support CORS instead.

* The issue is the browser's cookies. If you've logged into Geni and then visit a malicious site, that site could pass your browser JavaScript that makes the JSONP call for private data (which we would allow because the request will come with your login cookie). The malicious JavaScript could then receive this private data and upload it to its own servers.