About Zapier Community
New to our Community? Get to know more about our space and how to make the most of your time here.

Code of Conduct Community FAQ's Zapier Common Questions What to Expect

Get Started With Zapier
New to Zapier? We have got you covered with our Zapier 101 Resources.

Zapier Essentials

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Zapier Reading
All of our best learning resources can be found here.

Featured Articles Show & Tell AI Hub Zapier Tools Hub

Learning Groups
Excited to meet other builders? Check out our interest areas full of doers, dreamers, and in-betweeners.

User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

Problem in polling/ reaching a protected "trigger" API endpoint, while using session-auth as authentication system.

D

I have developed a simple Zapier integration (dredditz 1.0.0) currently having authentication module build with session-auth system and a protected endpoint API trigger. The trigger is looking for new posts while this endpoint expects the request’s  Auth Header to have valid JWT. Which I am doing via building the request JavaScript object with url, and headers properties.
My integration is working fine locally passing all the tests viz. (following are the 4 tests I am doing in application.test.js)
1)  calling the getAuthenticationToken() method from authentication.js, authenticating the user with username, password, returning a AuthResponse object consisting of authentication token and refresh token, which I am catching in bundle.authData.xxx computed fields for later on usage / susequent API calls for refreshing token or polling trigger.
2)  subsequently if I again call the getAuthenticationToken() method from authentication.js module, it is correctly refreshing the old authToken using the refreshToken (given to zapier in the first step). I checked it via z.console.log messages.
3) passing the “test” API call which can be reached only if user is authenticated.
4) successfully doing the trigger test locally, fetching new posts on a protected endpoint.

Even app is working on the Zapier platform (tested it via creating a Zap) to start with, polling the trigger API correctly, but same is getting 403 “Access Denied” after 15 minutes. And it is happening because Zapier by itself is not refreshing the authenticationToken. And passing the invalid JWT in the header, my back-end invalidates the Authtokens every 15 mins and expects same to be refreshed using refreshToken provided when you passed username and password.

I somehow need to call getAuthenticationToken method which is in the authentication.js module from the trigger post.js. I tried few ways but I am getting z.authData is undefined and runtime can’t read the property say refreshToken of undefined. In generic words, is it possible to call a method from authentication.js module while being in trigger post.js module. I mean it would be required in all the cases where the app have to make sure to have valid JWT in the header before polling a protected endpoint.
p.s. I am using session-auth as that is what is fitting best with my backend and can’t use o-auth2, as backend is currently not supporting o-auth2.
 

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

2 replies

D

Thanks, @Zane for a quick reply on this, you are right my back-end is emitting 403 even when it should ideally 401. I will take care of this in the future, for time being, I fixed this issue via having the API call to /refreshToken endpoint just before making a polling call to the protected API endpoint in the trigger module. 

As mentioned in the documentation link you provided I do not need to keep adding this refreshToken API call in all the further triggers, I am planning. Throwing refreshAuthError in the right way is a better and safer approach. It will save me from having to repeatedly call refresh token endpoint before actually polling the trigger API. 

Z
Userlevel 7
Badge +9

Are you catching that error and throwing a refreshAuthError? Zapier will look for a 401 and trigger refresh - anything else needs to be explicitly handled.  https://zapier.github.io/zapier-platform/#stale-authentication-credentials

Something to think about is determining what’s an expired token error vs. what is an actual invalid access attempt if both cases return the same error code.  Something like checking in getSessionKey if you have neither a refresh key nor user provided credentials that work - you’ll know something is wrong and can handle that accordingly.

Terms & Conditions