API authentication - session secret required in POST body

Not sure that this can be done in retool, but want to try.

We use an external API that has a tricky authentication requirement on POST transactions:
1- first we call a /auth endpoint with a POST
2- header is returned with a session secret. This is unfortunately retuned in kind of a strange format that requires a bit of regex to extract it
3- this secret must be included in the body of subsequent POST transactions

I’ve tried to figure this out, but got stuck.

I’m able to get the first part working (making the authorization API call) on the resource setup screen.

The problem is I can’t figure out how to save the returned headers so I can access/parse them in my app.

Is there a way to do that in retool?

(My backup plan is to send whatever data I need to POST to a webhook in Integromat and complete the transaction over there)

Hi @zp123 !

Unfortunately, it's not currently possible to use JavaScript on the resource setup page. This means that you won't be able to use Regex functionality to extract the value in the response from the API request. The rest of this flow is possible, by indexing into the response of the API request, defining a variable, and including it in future requests.

Examples of similar flows can be found in the Custom API Authentication docs. It is, however, possible to retrieve this session secret, parse the return, and then use the result all within the front end of a Retool app!