Making bubble API calls within session not working

notorioustech · February 25, 2020, 7:00am

in the documentation it states there multiple ways to authenticate for bubble API calls. One that i am counting on is:

Session cookie. If the call is done from the browser and there is a session cookies present, the user represented by the cookie will be the call will be run in the context of this user.

As a test i created a plugin, added to my authenticated bubble app page and tried to make the call:
$.getJSON(“https://HOSTNAME/version-test/api/1.1/obj/tablename”), function( data ) { console.log(data); } Where HOSTName is the same as my app so not having any CORS issues.

I am getting {“statusCode”:400,“message”:“Unrecognized authorization type”} as the response.

My purpose for this call is a chrome extension that authenticates and shows a bubble page but also queries table directly once authenticated.

Any ideas?

simon7 · February 25, 2020, 7:15am

I still think you need a header with your token to be able to make a get request this way, as is seen you get a authentication error.

The header should be
Key: Authorization
Value: Bearer YOUR TOKEN

You can have a look at the screenshot from this post: Help with an API call

notorioustech · February 25, 2020, 7:21am

According to the docs, it isn’t required if authenticated.
I have a 200k line app making extensive calls through the APIs serverside, I just need to make some from within the browser. In order to use the token i would need to either expose a security risk or do OAuth workflow too, but that shouldn’t be needed.

simon7 · February 25, 2020, 7:24am

Could it be a privacy issue with the data type?

notorioustech · February 25, 2020, 7:24am

no. even tried opening up to everyone.

notorioustech · February 25, 2020, 7:29am

I also tried creating a backend workflow and calling like:
$.post(“https://server/version-test/api/1.1/wf/endpoint”), function( data ) { console.log(data); }

and getting the same error.
I even tried with this:

notorioustech · February 25, 2020, 7:29am

going to file a bug

simon7 · February 25, 2020, 9:44am

Have you tried hardcoding a token?
In this [example] they include an api_token param, so dont think you can get around that. I would try the broadest approach first, then narrow down.

  params = {'cursor': cursor, 'api_token': API_KEY}
    url = base_url + '?' + urllib.parse.urlencode(params)
    response = session.get(url)

notorioustech · February 26, 2020, 1:35pm

The problem was my version-test environment was user-name and password protected (in settings). If i turn that off it works.
They are treating as a bug still, but at least i can work around it now in dev and it will work in prod.
No token required!

simon7 · February 26, 2020, 6:42pm

Great to know, and glad you figured it out.

notorioustech · February 27, 2020, 3:19am

Eve and crew pushed out a fix already. Fastest bug fix ever!!