API request fails with "The signature is invalid. Verify and try again."

I have an API which uses Oauth 1.0, and Oauth2 is not an option. Any request to it that does not require a body, GET or DELETE for example, work fine. When I send a request that needs a body, PUT or POST for example, the request fails with response in the body "The signature is invalid. Verify and try again."

I've tried both raw body with Content-Type header and using the JSON input, both receive the same response. When debugging, the body of the request appears to be identical in both of these scenarios.

Testing in Postman with identical credentials and body is successful. So I'm not sure whether I'm doing something wrong or if there's some bug in Retool, but this is something I would really like to get working.

Hey @derekchisholm!

It looks like this may be because of an issue on our end :pensive: At the moment all body types are being included in the signature of OAuth 1.0 requests meaning only application/x-www-form-urlencoded will be processed correctly for POST or PUT requests to certain endpoints. I can let you know here when that has been resolved!

Thats unfortunate, thanks for confirming my hunch. I'll watch for follow up on this!

Perhaps you can help me with an alternative solution then.

I'm able to use custom authentication to retrieve a bearer token and successfully call POST and PUT endpoints using that method. However, I have to repeatedly reauthenticate manually to maintain valid credentials. That's despite having the refresh auth workflow configured with a lifetime that is shorter than the token life, and regardless if I'm in edit or preview mode.

Maybe my understanding of this functionality is wrong?

It looks like the refresh auth workflow is referencing the token from the main auth flow which will be expired until you manually re-auth. If you add another API call in the refresh flow itself and then reference the response from that in your "Define a variable" step, does that work?