About Zapier Community
New to our Community? Get to know more about our space and how to make the most of your time here.

Code of Conduct Community FAQ's Zapier Common Questions What to Expect

Get Started With Zapier
New to Zapier? We have got you covered with our Zapier 101 Resources.

Zapier Essentials

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Zapier Products
Learn more about Zapier's new products.

Zapier Tables Zapier Interfaces

Zapier Reading
All of our best learning resources can be found here.

Featured Articles Show & Tell AI Hub Zapier Tools Hub

Learning Groups
Excited to meet other builders? Check out our interest areas full of doers, dreamers, and in-betweeners.

User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

Best answer

Bearer Token not included in header for test API connection

  • 21 July 2023
  • 6 replies
  • 1120 views
Prestonsteele

I am trying to test authentication of an app that uses a bearer Token for auth. When I input this as headers, they are not passed through to the request. See the error below. What am I doing wrong here?

 

Error:

authentication failed: The app returned "You are not permitted to perform this request". What happened (You are seeing this because you are an admin): Stack trace: ResponseError: {"status":403,"headers":{"content-type":"application/json","retry-after":null},"content":"{\"error\":{\"type\":\"request_error\",\"code\":\"forbidden\",\"detail\":\"You are not permitted to perform this request\",\"documentation_url\":\"https://developer.paddle.com/v1/errors/shared/forbidden\"},\"meta\":{\"request_id\":\"34ce0e94-4612-482c-b4fc-5dabf12f21de\"}}","request":{"url":"https://api.paddle.com/event-types"}} at _throwForStatus (/var/task/node_modules/zapier-platform-core/src/http-middlewares/after/prepare-response.js:13:11) at outResp.throwForStatus (/var/task/node_modules/zapier-platform-core/src/http-middlewares/after/prepare-response.js:68:5) at throwForStatusMiddleware (/var/task/node_modules/zapier-platform-core/src/http-middlewares/after/throw-for-status.js:5:14) at Object.<anonymous> (/var/task/node_modules/zapier-platform-core/src/middleware.js:80:37) From previous event: at /var/task/node_modules/zapier-platform-core/src/middleware.js:77:26 at Array.reduce (<anonymous>) at afterMiddleware (/var/task/node_modules/zapier-platform-core/src/middleware.js:76:21) at Object.<anonymous> (/var/task/node_modules/zapier-platform-core/src/middleware.js:94:18) From previous event: at Object.<anonymous> (/var/task/node_modules/zapier-platform-core/src/middleware.js:92:10) From previous event: at /var/task/node_modules/zapier-platform-core/src/middleware.js:89:45 at /var/task/node_modules/zapier-platform-core/src/tools/create-lambda-handler.js:212:18 at bound (node:domain:433:15) at runBound (node:domain:444:12) at process.processImmediate (node:internal/timers:476:21) at process.topLevelDomainCallback (node:domain:161:15) at process.callbackTrampoline (node:internal/async_hooks:128:24) From previous event: at Domain.<anonymous> (/var/task/node_modules/zapier-platform-core/src/tools/create-lambda-handler.js:196:10) at Domain.run (node:domain:389:15) at Runtime.handler (/var/task/node_modules/zapier-platform-core/src/tools/create-lambda-handler.js:192:19) at Runtime.handleOnceNonStreaming (file:///var/runtime/index.mjs:1083:29)

icon

Best answer by Prestonsteele 25 July 2023, 20:23

View original
This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

6 replies

C
Userlevel 3
Badge +6

Hi @Prestonsteele , 

So sorry to hear about this error, and thank you for sharing those super helpful details. 

Your screenshot certainly shows the headers formatted as I’d expect as well. 

My apologies if I’m missing this in the stack trace, but where are you seeing that the token is not being included in the headers? Are those requests appearing in Monitoring?

I ask because 403s can sometimes be related to specific account permissions or restrictions on endpoints. That said, I had some trouble finding documentation on that endpoint.

I was unable to access this, personally, but I see a link included in the response. Are you able to view this?

https://developer.paddle.com/v1/errors/shared/forbidden

Prestonsteele

Hi, I am accessing the API with same bearer token for the same resource in Postman and it returns perfectly. As you can see in the error code the header is as follows. This error occurs when I get to the test API section and attempt to use my auth token for logging in.

"status":403,"headers":{"content-type":"application/json","retry-after":null}

The header does not have the Authorization:  Bearer xxxxxxxxxxxxxx header that should be there.

Screenshot of working call in Postman:
 

 


 

C
Userlevel 3
Badge +6

Hi @Prestonsteele ,

Thanks for sharing those screenshots!

That is indeed interesting that the request works in Postman but not Zapier. 

This might not be a factor, but one thing I noticed:

  • In the Zapier screenshot, the endpoint is /event-types while in the Postman screenshot it appears to be /events

Otherwise, I’m curious if {"content-type":"application/json","retry-after":null} might be the headers of the response. For example, Zapier sends user-agent: Zapier in every request, which I also don’t see reflected there. 

After testing, have you tried clicking over to the HTTP tab and refreshing (you may need to wait a few seconds and/or try refreshing a few times for the logs to appear)? That tab should give a clearer picture of the request to confirm what is and isn’t making it into the headers:

 

Alternatively, logs are also surfaced in the Monitoring page, which should also show the full request, including headers (although the token would be censored for security).

Prestonsteele

 

Unfortunately I can’t get to that screen because it fails on the authentication screen before actually getting to testing.

Prestonsteele

 

Prestonsteele

Disregard, I figured out the problem. I was hitting the improper API URL. Thank you for your help.

Terms & Conditions