Skip to main content

Usage of sessionToken on the backend

  • November 22, 2020
  • 5 replies
  • 2467 views
GTG
  • GTG
  • Participating Frequently

Hello!

This is my first post here as I just started working on a Monday.com app.

My app is a board view. I was able to set up everything, and it works fine on the frontend.
I have encountered a problem on the backend of my app. I’m able to successfully verify user sessionToken(obtained in the browser via await monday.get("sessionToken"), sent to backend, verified on the backend with jwt.verify(sessionToken, '...')).

Now I would like to make use of monday.api on the backend, and no matter if I’m using monday.setToken or passing token in options to monday.api - I’m getting “Not Authenticated” error.

I assume I did not understand something, any help/suggestions are appreciated.

Thanks!!

This topic has been closed for replies.

5 replies

dsilva
Forum|alt.badge.img
  • dsilva
  • Participating Frequently
  • November 24, 2020

Hey @GTG - welcome to the community!

Could you let us know what query you’re trying to run, as well as what OAUTH permissions you’ve granted your app?

-Daniel

GTG
  • GTG
  • Author
  • Participating Frequently
  • November 24, 2020

Thanks for response @dsilva.

This is my query:

query {
      boards (ids: 873111956) {
        id,
        permissions,
        name
        views (ids: 13749058) {
          id,
          name
          type
        }
      }
    }

OAuth permissions:

image

The query works fine when I’m using it from my app view iframe.

The node.js implementation is very simple:

  const mondayApi = mondaySdk();
  mondayApi.setToken(sessionToken);
  const res = await mondayApi.api(
    `query {
      boards (ids: ${boardId}) {
        id,
        permissions,
        name
        views (ids: ${boardViewId}) {
          id,
          name
          type
        }
      }
    }`,
    { token: sessionToken }
  );

sessionToken is 100% valid, or at least it passes the jwt.verify check.

GTG
  • GTG
  • Author
  • Participating Frequently
  • November 28, 2020

Few days later I finally understood what was causing my problem 😃
sessionToken is useless for my case, I need api token, and it can be obtained through Oauth.
In my case I need to do that for every user who is accessing my board view. This is rather not great UX 🙂

I converted this observation into a feature request: App installed webhook

    PolishedGeek
    • PolishedGeek
    • monday.com Partner
    • November 29, 2020

    Hi @GTG - Good point. This also impacts trying to use license keys for apps. We originally planned to use WHMCS licensing and billing for our app, but had to build Stripe integration because it would just be too cumbersome to ask every user of our app to enter a license key on every board. Hopefully we will see things like this centralized to the Admin App area eventually.

    A
    • Anonymous
    • March 10, 2021

    This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

    Terms & ConditionsCookie settingsAccessibility statement