-
Goal: App viewers to see data which is fetched from an authenticated API
-
Steps: Setting the api key in various ways for the resource, and queries. Publishing the app.
-
Details: Data is visible to editors who are able to access the Edit page and click the 'Re-auth' button. Viewers don't get any data and the network console shows the queries are receiving 401 responses.
In the Retool Audit Log, I can see the same query being run for my editor account, and for my viewer account and one received a 200 and the other receives the 401
hey @Michael_Stone are you using Retool user attributes for the API key? or how are you assigning them to editor accounts?
Hey @Michael_Stone!
Just another question - did you authenticate the API using OAuth?
hey @trz-justin-dev, we're setting the API key with a header attribute on the API Resource
and do the users/user-groups have permission to use the API resource?
Settings > Permissions > External Users > Resources > check "Use"
Hey @Michael_Stone! I agree with @trz-justin-dev - it sounds like there might be something wonky with the permissions settings for that specific resource. I'd start by looking there!