Expiring Token with API call

Hello all, I am new to AppGyver and also not a seasoned (code) developer. I am trying to connect to a database API that has an expiring token using the POST call. I am having trouble on two fronts. 1. Retrieving the token and storing it somewhere temporarily (since it will need to be updated).

I do get the POST call response but assigning the value to a data variable is problematic often showing as “incompatible” or “unknown format” - unable to parse the returned response to a variable.

My next issue would be using that token for subsequent API calls and managing the expiration of the token. Worse case is I request a new token with each api request but that will mean two calls each time.

Any help would be appreciated.

What I do is:
I have an API resource called ‘Auth_token’. This does a GET to retrieve the token and the expiration.
After “page mounted” and “hide spinner” in logic, I made a “get record” with data resource ‘Auth_token’. After “get record”, I made a “set app variable” with the app variable ‘Token’, this “set app variable”, gets the token out of “get record” and puts it in the app variable called ‘Token’.
After the app variable ‘Token’ is set, you can use this app variable in the authorization of the data resources you need this token for.
If you need further explanation and/or screenshots, give me a holler. :grinning:

1 Like

Thanks very much for your response. So the API token access, in my case, requires me to use a POST request. Not sure how this changes things. BTW, suddenly my POST request stopped working with the API sending back : Error: JSON error response from server: {“messages”:[{“message”:“Unknown parameter(s): id”,“code”:“960”}],“response”:{}}.status: 400

I only have an Authorization and Content-Type header.

The headers passed are exactly what they were before and the same headers work without issue in Postman. Any thoughts on why this is happening?

Thanks again!

Here is the cURL that works fine but not in AppGyver with the same parameters:

curl --location --request POST {URL} \

–header ‘Content-Type: application/json’ \

–header ‘Authorization: Basic {Key}’ \

–data-raw ‘’

1 Like

I don’t know what is wrong. Please provide some screenshots it will help me try to understand it better.
All I can think of right now is remove all http headers, in composer pro, beside the authorization header and try it without all the other http headers.

I have removed all headers expect the Authorization. You can see in the images, the problem persists with unknown parameters.


1 Like

Ok, first I would suggest checking the complete error in the ‘Inspect Element’ of your browser. In chrome it can be found in the console. I don’t know how to do this on a mac.
Second, try putting the Authorization http header in the ‘POST’ request and not in the ‘BASE’. This caused a problem with my api’s, although the error was different with mine.

I overlooked something, your authorization header is ‘static’, this has to be dynamic. When testing the POST request or any request that requires this authorization header, set the authorizartion with a formula. Like these screenshots.


The token in screenshot is obviously not realistic, but you get the point. :grinning:

Thanks for your reply. I have moved the Authorization to the post call, changed it to non-static and entered the value as shown in your example. Problem persists. I did notice I have a “content object” attached to the call see image 1.Not sure if that’s causing any issues but I have changed it to mapping and doesn’t make a difference. So very strange because all this worked prior to a day ago. It’s a pretty simple call.

I have also attached the inspect element - hopefully the correct thing.

1 Like

When you input the authorization in the test of the POST request in appgyver. Instead of it being a text value, it has to be a formula like so:

Did exactly as you said. Problem still persists :frowning:

1 Like

Ok, i have no idea, probably something wrong with the json code of the apis

Tired this same call with same headers etc on other platforms and it works :frowning: I think the problem is the way AppGyver handles the call.

Hi @Andrew_A, the error seems to be that Content-Type: application/json, application/json is somehow being sent instead of Content-Type: application/json.

Is it possible that you have an extra Content-Type header configured somewhere in the configurator? If your content type is application/json you don’t have to configure it manually, the editor assumes that automatically. Have you tried deleting and reconfiguring the resource?

Hi Mari, I don’t have Content-Type isn’t set anywhere else in the configurator. I have also tried removing it to test. This did not work. I recently deleted the entire call and re-did it with a clean slate. Now I have this new message showing that did not before :confused: :confused:

"Error: TypeError: Load failedstatus: -1

Resource settings for Create record (POST)

Resource URL: https://[redacted]/data
Relative path: /v1/databases/[redacted]/sessions"

Hi, what is the error in Chrome dev tools’ Network tab (right-click + Inspect → Network)?

Hi Mari I did a test in Chrome - placed the headers in the base section (doesnt make a difference really) and got this error:

Error: TypeError: Failed to fetch. Does the server allow CORS?status: undefined
Resource settings for Create record (POST)

Resource URL: https://[redacted]data/v1
Relative path: /databases/[redacted]/sessions.

Also attaching the console info:

Hi, looks like the backend you are using has some restrictions for from what origins it accepts requests. You can learn more here:

HI @Mari
Do you have any idea of the source of the problem @Andrew_A reported.

I tested the API in the Test option and it works with "Bearer " + Token
But when I tried to do the same in the APP with a dinamic token it does not work.

I am trying to integrate to Bubble, and I have quite the same issue with the Authorization.

I used the following tutorial, but I think the persitedUser is not a System variable anymore

Your support would be appreciated,

Hi @Edwin_Bolanos, doesn’t sound like a CORS issue since you are getting a response from Bubble. I haven’t used Bubble myself but I searched for the error “Permission denied: cannot create this object” in Google and it seems to be related to the data table privacy rules. So either you’re not allowed to write in the table at all, or the authorization is invalid? You could also try searching for the exact error code you got in the response.

@Thanks for your help Mari.

1 Like