Help

Save the date! Join us on October 16 for our Product Ops launch event. Register here.

Re: API key resulting in issue on live server

2090 0
cancel
Showing results for 
Search instead for 
Did you mean: 
Shane_Jones
4 - Data Explorer
4 - Data Explorer

We’ve built a custom API call to push form data into Airtable, this works fine when working on my localhost environment but when deployed to our staging site we get the following error returned from the API

{"error":{"type":"AUTHENTICATION_REQUIRED","message":"Authentication required"}}

There is no difference between any of the code base, the tables it references or the API keys.

Is there some additional setup needed to allow these requests to be pushed up from a specific domain?

3 Replies 3

Hi Shane and welcome to the community!

This suggests – however implausible it may seem – that whatever authentication method you have built into your API, it is probably not relying on those credentials when testing locally. Instead, it is more likely that it works on your local system because a security context exists [already] and is masking the failure of your API’s authentication process.

Of course, this is is purely hypothetical because I cannot see your API code.

Shane_Jones
4 - Data Explorer
4 - Data Explorer

Hi Bill, This is the API code I’m using.

const airtableHeaders = new Headers()

airtableHeaders.append(‘Content-Type’, ‘application/json’)
airtableHeaders.append(
‘Authorization’,
Bearer ${process.env.AIRTABLE_API_KEY}
)

const fieldsPrep = JSON.parse(fieldsOuter)

const raw = JSON.stringify(fieldsPrep)

const requestOptions = {
method: ‘POST’,
headers: airtableHeaders,
body: raw,
redirect: ‘follow’,
}

fetch(
https://api.airtable.com/v0/app1234567890/${airtableFormId},
requestOptions
)
.then(response => response.text())
.then(result => {
const returnedData = JSON.parse(result)
if (returnedData.createdTime) {
setSubmitted(true)
}
})
.catch(error => handleError(error))

Have you set this variable with your api key on the server?

If you are pulling code from a repository, the code setting the api key probably wasn’t in the repository for security reasons.