Invalid API token generated

Haslien · March 6, 2020, 1:49pm

Following the steps in the Authentication section of the API documentation, it describes simply putting the snippet in your console while being logged in to your app, then using it in the Get Schema endpoint.

What happen?
API returns

401 Unauthorized
{"message":"jwt malformed"}

What was expected to happen?

Getting a full and valid JWT from the initial token generation command.
A response with the schema, as shown in the example.

Note
I suspect that the token generated returns only a part of it. It does not conform to the JWT format of [header].[payload].[verify].
Sample (invalidated): u72eaff3.874aced889f24a44881c2g6770de3h22e8f

Sergey_Truhtanov · March 6, 2020, 6:58pm

Hello. Could your please send XHR of the request that you execute and get “jwt malformed” as a response. Or just send body and headers of the request.

Haslien · March 6, 2020, 7:38pm

Hi,

As I performed the query again to show you everything in one screenshot, I moved where token is placed and got the expected response. Confused me how it would work now, so I tested previous setup.

Seems I presumed wrong prefix for Postman’s ‘Authorization’, so it sent Authorization: Bearer {token} instead of Authorization: Token {token}. My bad, I should have tested that. Sorry for wasting your time.

TL;DR it sent Bearer {token} when Token {Token} was required, and it responded with jwt malformed.

Sergey_Truhtanov · March 6, 2020, 7:53pm

Yep, that was the reason of the error. We do use jwt tokens internally, that’s why ‘Bearer’ schema (which is a part of jwt spec) is supported on our side. But our api tokens, that we allow users to generate, are not jwt tokens. At you’ve correctly spotted this in original question. That’s why we use ‘Token’ schema in Authorization header.

San · December 10, 2021, 6:29am

Where did you get the TOKEN? Or how to generate it?

Haslien · December 10, 2021, 8:51am

You can check the API documentation about it here

Copy this code

fetch(`https://${window.location.host}/api/tokens`, { method: 'GET' })
  .then(res => res.json())
  .then(apiKeys => console.log(apiKeys))

Navigate to your Fibery workspace that you wish to generate token for
Open developer tools, the shortcut for it is usually Ctrl+Shift+i
Navigate to the “Console” tab
Paste the code you copied. It should display the token in the console

Topic		Replies	Views
Need help managing tokens via API API & Programming	1	266	July 30, 2023
Fast and easy way to test the Fibery API using Postman API & Programming	5	766	May 26, 2021
Api calls keep getting An invalid response was received from the upstream server Bugs & Issues	6	1176	February 15, 2023
API Token changed API & Programming	3	446	April 11, 2022
Security of Auth Tokens in Script API & Programming	6	232	April 17, 2024

Invalid API token generated

Related topics