Can someone here please point out whatever stupid mistake I am making when trying to connect to PayPal APIs?
Setting up my resource:
Using Resource to make API call
I get this error:
"error_description": "Token signature verification failed"
Things I have checked:
- I reference Bearer OAUTH2_TOKEN in the header
- Verified client ID and secret are accurate for the environment I am using
- Verified I am connecting to the PayPal sandbox environments
I hope I am just missing something very basic, can anyone please help? Thank you!
@Jessica_D Have you checked to see what is being sent in the request? If you
Preview the query in the app and then click on the
API Request tab next to
Response you should see the raw Authorization header value.
Thanks for pointing out I could see the un-sanitized header by using the Preview function. I was going crazy that I couldn't see it when actually running the request!
As suspected, the magic keyword of OAUTH2_TOKEN is not being replaced:
"Authorization": "Bearer OAUTH2_TOKEN"
@Retool team, is this a bug?
"User-Agent": "Retool/2.0 (+https://docs.tryretool.com/docs/apis)",
"Authorization": "Bearer OAUTH2_TOKEN",
When that 'magic string' isn't replaced, it generally means that the stirng wasn't populated with a meaningful value during the auth process ie: the auth failed. I have resources where that's being replaced now, so it doesn't immediately jump out as a bug, but checking on some specifically using
client credentials to make sure.
@Jessica_D Do you have access to the authentication flow on the PayPal side? As noted above, if the auth fails we don't have a value to replace the magic string with. Can you see auth attempts and failures on that side of things? Another couple of values to check would be the
Scope fields. These are required for successful auth in some cases and this may be failing because they are not populated.
Thanks for looking into this.
I just tried adding a scope, and still had the same issue. I know that authentication in general works because I can use PayPal token endpoint directly to get a token, store as a variable and use that in any subsequent API calls, but I am not able to do this more elegantly the 'right way'
@Jessica_D Yeah, confirmed this is an issue with the Retool <> PayPal interaction. The authentication fails which is why the
magic string is not replaced. We have an internal ticket tracking this now and will update this thread when there is any additional information to share on how to get this done natively.