OAuth 2.0 Access Token in query request body

Queries and Resources
1

I'm trying to authenticate with the Bing Ads API. I believe I've gotten the OAuth 2.0 flow working correctly, but I'm trying to make my first request following this documentation to their SOAP API. Here's the PowerShell code I'm referencing from those docs:

$accessToken = "AccessTokenGoesHere";
$developerToken = "DeveloperTokenGoesHere";

[xml]$getUserRequest = 
'<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v13="https://bingads.microsoft.com/Customer/v13">
<soapenv:Header>
   <v13:DeveloperToken>{0}</v13:DeveloperToken>
   <v13:AuthenticationToken>{1}</v13:AuthenticationToken>
</soapenv:Header>
<soapenv:Body>
   <v13:GetUserRequest>
      <v13:UserId xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
   </v13:GetUserRequest>
</soapenv:Body>
</soapenv:Envelope>' -f $developerToken, $accessToken

$headers = @{"SOAPAction" = "GetUser"}

$uri = "https://clientcenter.api.bingads.microsoft.com/Api/CustomerManagement/v13/CustomerManagementService.svc"
$response = Invoke-WebRequest $uri -Method post -ContentType 'text/xml' -Body $getUserRequest -Headers $headers
Write-Output $response.Content

As you can see, they require that you pass the access token into the request body. I know that retool has OAUTH2_TOKEN magic strings, but can they be used in the body of the request (I've tested doing this but might be missing something)? If so how would I do that, and if not, what would you suggest?

2

Any ideas on this? One thought I had if this wasn't supported is possibly making an artificial request with the magic string in the URL and parsing the token from that. Not sure if that's possible either with Retool.

3

Hello @johncosch!

Good news, you can send the Ouath token in the body of your request!

Once the resource is authorized via OAuth 2.0, you can add this in using the variable OAUTH2_TOKEN.

For example I put this into the Body with raw selected as shown below and was able to send/receive the token using POST to a Pipedream endpoint I was using for testing.

CleanShot 2024-06-18 at 15.34.39@2x
CleanShot 2024-06-18 at 15.34.39@2x1026×1574 80.9 KB

Which came out successfully in the body looking like this

CleanShot 2024-06-18 at 15.35.47@2x
CleanShot 2024-06-18 at 15.35.47@2x776×1322 67.4 KB

This should be a better work around than having an artificial request and to grab the token. Hope this helps!