Help

Help: API call remoteFetchAsync() returning "403 Forbidden" yet works in Postman

3341 4
cancel
Showing results for 
Search instead for 
Did you mean: 
Stephen_Orr
6 - Interface Innovator
6 - Interface Innovator

I’m having trouble calling an external API (frame.io) from an Airtable scripting app using remoteFetchAsync().

This is what I’ve tried:

// Change this name to use a different table
let table = base.getTable("🎬 Projects");

// Prompt the user to pick a record 
// If this script is run from a button field, this will use the button's record instead.
let record = await input.recordAsync('Select a record to use', table);

if (record) {
    // Customize this section to handle the selected record
    // You can use record.getCellValue("Field name") to access
    // cell values from the record
    output.text(`You selected this record: ${record.name}`);

const teamId = 'team_id_hidden_for_security';
const resp = await remoteFetchAsync(
  `https://api.staging.frame.io/v2/teams/${teamId}/projects`,
  {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      Authorization: 'Bearer token_hidden_for_security'
    },
    body: JSON.stringify({
      name: record.name,
      private: false,
      project_preferences: {
        collaborator_can_download: true,
        collaborator_can_invite: true,
        collaborator_can_share: true,
        notify_on_new_asset: true,
        notify_on_new_collaborator: true,
        notify_on_new_comment: true,
        notify_on_updated_label: true,
        notify_slack: true
      }
    })
  }
);

output.inspect(resp);

} else {
    output.text('No record was selected');
}

which results with

{type: "basic", url: "https://api.staging.frame.io/v2/teams/team_id_hidden_for_security/projects", status: 403, statusText: "Forbidden", ok: false…}
type: "basic"
url: "https://api.staging.frame.io/v2/teams/team_id_hidden_for_security/projects"
status: 403
statusText: "Forbidden"
ok: false
headers: Object
redirected: false

I am successful making this call from Postman so I’m wondering if this is CORS related… but I thought using remoteFetchAsync() might resolve that. Could this be related to the “redirect: follow” option mentioned in other posts? What am I doing wrong here?

I’ve hidden my actual team ID and bearer token in my code above for security reasons.

Thank you for your help.

4 Replies 4

Everything looks good on the surface. I haven’t used the frame.io API, so there might be some idiosyncrasy with it that requires a different approach. If they have a user community forum, you might consider posting there for input.

The only thing I can offer which may or may not help is this: with an API call that I make, I also include this in the headers section:

Accept: 'application/json'

Maybe try adding that and see if it cooperates. It’s a long shot, but worth a try.

Appreciate the suggestion! I added it and unfortunately still get the same 403 error result. Glad to know that it appears correct however. Thanks

@Justin_Barrett So I contacted Frame.io support and they requested the public IP address of the server making the call. I’m guessing they need to whitelist the server for incoming server-server traffic. Do you happen to know if this is typically accessible to Airtable users? Thanks!

@Stephen_Orr Sorry, but I’ve not encountered this IP whitelisting requirement before, so I don’t know how willing Airtable support will be about giving it out. I obviously don’t recommend posting it here if you do obtain it, but it would be good to know if it’s even available.