How to send bearer token authorization header to query REST API

What is the correct method to configure bearer token authorization header to query my REST API?
I entered the token in Appgyver under HTTP Header section of config screen.

In postman the bearer token is working fine.
See my postman screen here with bearer token working.

See my settings in appgyver here:

And see the response I get in Appgyver when I test it

I am getting the following error message:
Error: TypeError: Failed to fetch. Does the server allow CORS?status: undefined

Hi, maybe it has to do with the key being “token” and not Authorization?

You’re sending a header token: <token> instead of Authorization: Bearer <token>

Like this?

Yeah, that should be correct! You can see the request you are sending in the web preview by opening the Chrome web tools (right-click + Inspect → Network tab). There you’ll see more information on possible errors too. :slight_smile:

Just tried that

Didnt work unfortunately

See below the network output from web tools

Console output

Hi, try adding "Bearer " in front of your token if you’re using bearer authentication.

Some possible causes for “Redirect is not allowed for a preflight request” here:

Yes, I tried adding "Bearer " in front of the token. Same issues persists.

To try and get around the CORS issue, I created a cors-anywhere proxy on Heroku, and appended the address to the start of my query.

Now I am getting this error:
“Missing required request header. Must specify one of: origin,x-requested-with”

I’m all out of ideas trying to get this to work.

Hi, I unfortunately haven’t used cors-anywhere, you can probably find people who’ve faced a similar issue by googling the error.

I was able to solve the issue by installing Laravel CORS on my Server.

1 Like

@Mari,
I am using Bubble as backend, and I have the same problem
I included Authorization, and "Bearer " but it did not work when I am using it inside the APP. But if I do the test exactly with the same values it worked.

Do you have any idea of how to solve it?

Try Daniel Rjeili’s response. It helped me out to stop dealing with the CORS issue, but I still don’t know how to pass the access_token from a GET (different URL from the POST) to a POST (different URL from the GET, in AppGyver), any idea?

1 Like

Hi all. I have a related question using Backendless rest API. In Backendless documentation, the header for any API call to provide session-specific authorization is “user-token” with the value being the user-token associated with the login session. I cant seem to get this working. Does anyone have experience with Appgyver / Backendless? Thanks in advance.

Hi I figured this out- posting for anyone else with this question.

Pretty intuitive really- when setting up any RESTApi data resource, under “base”, add an HTTP header with name and label “user-token” and make it not static, not optional (if that is what you want)(in addition to Content-Type, application/json)

Any CRUD call will then automatically require the value of the user-token- you can test this on the data configurator.

Then anytime you retrieve a data variable from that resource in your app, you will have to enter the “user-token” value. I created an app variable with this token when the user logs in and linked the value of “user-token” to the app variable.

I suspect this is similar for other BaaS databases with login capabilities. I’m sure this is in AppGyver’s documentation- I just couldnt find it.

Cheers