Can't generate signed embed URL

I'm having an issue where I can't seem to generate the signed embed URL through the API.

When I issue a query that looks like:

POST our_custom_domain/api/embed-url/external-user
    {:Authorization=>"Bearer retool_OUR_NEW_EMBED_SCOPE_TOKEN", :"Content-type"=>"application/json"},

we always get back 401 with the message "Invalid external identifier provided"

I've tried changing the externalIdentifier to be null, an email address, and a unique identifier from our auth system and we always get back the same response. I've tried to create a new token also and same thing.

Any help would be appreciated

Is there any way we can get support with this? We upgraded to the business plan because of the availability of the embed functionality but we obviously would not want to continue if this is not supported

Hi @skarip, welcome to the forum! :wave:

It looks like the issue is related to the "externalIdentifier" key. The externalIdentifier is required and needs to be a string or an integer. Our API throws that error if the request doesn’t have an external identifier or if the data type doesn’t match. Is the value for ":externalIdentifier=>UID_FROM_PARENT_APP" assigned dynamically (with a variable) or are we typing it directly there? If it is assigned dynamically, the variable may be evaluating to "null" or an unexpected value/data type.

If we are creating a new key, double check that under "Scope", we are marking the "Embed" checkbox.

Note: Due to the increased volume of questions on the forum, it takes us about a week (in average) to get to new topics. We are doing our best to get back to all of our users as fast as possible. Thank you for your patience and understanding. :slightly_smiling_face:

Hello! Unfortunately I have the same issue here. We also upgraded to business to be able to leverage this feature.

When creating a new key I have ticked the 'embed' scope box.

For context:
I am using Google sign-in to log into Retool. Could this be related? Howevern, I also created a user that doesn't use Google login and there the externalIdentifier is also null.

Hi @nicoes88, welcome to the forum! :wave:
Thank you for reporting it. Did you use a variable for the value of "externalIdentifier" or the string directly?

Our actual issue was with the authorization headers not being provided properly -- even though the error was about the external identifier it was actually completely unrelated.

Thanks, happy to be on the forum!

Now that I am retrying it does work. Could the issue have been that the processing of API token / permission groups / custom domain configuration takes some time? In a way that the prerequisites for the embedded apps were not completed yet?

Thanks for reporting, that was a misleading error indeed.

The "Permission Groups" update should be immediate. It is likely the issue was related to the new custom domain configuration. I'm happy to hear that now we are able to embed our applications.

Happy building! :hammer_and_pick:

1 Like