-
Goal: App viewers to see data which is fetched from an authenticated API
-
Steps: Setting the api key in various ways for the resource, and queries. Publishing the app.
-
Details: Data is visible to editors who are able to access the Edit page and click the 'Re-auth' button. Viewers don't get any data and the network console shows the queries are receiving 401 responses.
In the Retool Audit Log, I can see the same query being run for my editor account, and for my viewer account and one received a 200 and the other receives the 401
hey @Michael_Stone are you using Retool user attributes for the API key? or how are you assigning them to editor accounts?
Hey @Michael_Stone!
Just another question - did you authenticate the API using OAuth?
hey @trz-justin-dev, we're setting the API key with a header attribute on the API Resource
and do the users/user-groups have permission to use the API resource?
Settings > Permissions > External Users > Resources > check "Use"
Hey @Michael_Stone! I agree with @trz-justin-dev - it sounds like there might be something wonky with the permissions settings for that specific resource. I'd start by looking there!
Hey everyone, thanks very much for the suggestions. Super embarrassingly this ended up being a auth issue with our API.