Skip to main content

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Learning Resources
All of our best learning resources can be found here.

Featured Articles Show & Tell Zapier's products AI Hub Zapier Tools Hub

Share your knowledge
Give back to the Community by sharing your automation wins and helping to answer questions.

Share your success See unanswered questions User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

Here’s an interesting Authentication approach.  This App requires a combination of Basic Auth and Session Auth.  Per the documentation https://api2docs.rfms.online/#auth-info-e78eadda-8135-40e5-8fa3-e24bfc70c0f8, the following must occur:

  1. Call the "Begin session" method (below) using HTTP Basic Auth to generate a session token.
    REQUEST
    URL: https://api.rfms.online/v2/session/begin
    Method: POST
    Basic Auth:  username:password (in base64)

    RESPONSE

    {

        "storeId": "xxxxxx167b8",

        "authorized": true,

        "sessionToken": "rfmsapi-xxxxxxxf9a5d0590",

        "sessionExpires": "Fri, 05 Feb 2021 12:25:27 GMT"

    }

    The session token can be used for a limited time. It will expire automatically but is extended each time a method is called. 
     
  2. The session token is sent with all API requests as the password using HTTP Basic Auth. User name should be set using the same user name you used in the first step.
    REQUEST
    URL: https://api.rfms.online/v2/customers
    Method: GET
    Basic Auth:  sessionToken:password (in base64)

    RESPONSE
    JSON for customer Object

Here is my challenge.  I have set this up in Zapier Visual Builder (UI) as Session Auth. 

The “Configure a Token Exchange Request” works perfectly and returns the SessionToken as expected.

200 POST https://api.rfms.online/v2/session/begin


Unfortunately, I never get to the “Test Request & Connection Label” part.  After the Get session token, the following steps occur and fail:

  1. authentication.sessionConfig.perform

    INPUT
    {"authData": {"password": ":censored:32:125052e10d:", "username": ":censored:38:d0b0b19112:", "sessionToken": ""}, "inputData": {}, "meta": {"isLoadingSample": false, "isFillingDynamicDropdown": false, "isTestingAuth": false, "isPopulatingDedupe": false, "limit": -1, "page": 0, "zap": {"help": a"This data structure is provided for backwards compatibility,", "and should not be relied upon in a Zapier integration."], "id": 25548371, "link": "https://zapier.com/app/editor/25548371", "live": true, "name": "A Zap,…

    OUTPUT
    {}
     
  2. TEST StaleAuthentication No authentication fields returned when refreshing session.
  3. READ StaleAuthentication No authentication fields returned when refreshing session

Not knowing the flow of Session Auth, I am unclear on what is occurring or why.  Any help is appreciated.
 

That auth scheme is doable, but it’s a little outside the box. 

First thing to confirm: Are you dropping into code mode and constructing that auth token? You’ll need to build that base64 encoded session key:password yourself in code - and then pass that token you build into each request.  

This might be easier to manage in the CLI, where you can share code across the app, and leverage http middleware.  

Also, saw something in your message that might indicate another issue.  Should the session token be populated here?

 

@Zane Thanks for the response...I noticed the SessionToken as well.  That was the issue.  All fixed.

Terms & Conditions