Skip to main content

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Learning Resources
All of our best learning resources can be found here.

Featured Articles Show & Tell Zapier's products AI Hub Zapier Tools Hub

Share your knowledge
Give back to the Community by sharing your automation wins and helping to answer questions.

Share your success See unanswered questions User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

Hi, I am trying to setup Session Auth and am having some issues.

Everything seems to be working locally when it runs but when i deploy it and test authentication in a Zap i am getting a strange error.

 

Here is what i would expect to happen for session auth.

  1. Post request to get auth token from auth endpooint
  2. token is used in “Test” request to verify that it works

What i am seeing in logs is:

  1. Post request to get auth token from auth endpooint - Returns token
  2. token is used in “Test” request to verify that it works - Json is returned, I would think this means success and it ends here.
  3. Another post request to get auth token is performed and this time the auth token from first request  is added as a header so this fails.

I cannot figure out why this is happening. I have attached my log below that shows the three requests

 

 

 

 

Hi @adavis - I hope you’re not using your real API credentials because the access token and refresh token are exposed in plain text in the file you attached. Please remove them if possible.

Also, this doesn’t seem like it should be done in a Session Auth, rather, it should be OAuth2. (Since you have an access_token and a refresh_token).

Thanks @ikbelkirasan  ill remove the credentials, even though its just for my local test instance so no worries there.

I was thinking it was OAuth also but there isn't a site to send users to for the authentication and then callback to Zapier so i don’t think i can use that implementation method. i also dont think the api is setup to use refresh tokens even though it is returned from token server….

 

anyways i found the issue, i was replacing the headers in my calls with the Bearer access_token everytime even if it was an authorization call to the token server.

@adavis - Good catch! Glad you could get it sorted out!

You don’t have to worry about the credentials since they are not that sensitive.

Terms & Conditions