I'm testing feasibility of the Retool to transfer data between Vincere and Webflow APIs. Both will be publishing changes with webhooks (so I'll be mostly using Retool Workflows) and those changes need to be propagated to the other side.
For the Vincere API, I need to use REST API resource authenticating against OAuth2 authorisation server. And this is where I'm getting issues:
Then I click on the "Connect with OAuth" and I get successfully through the user authentication screens and retool exchanges the authorisation code for the access token. This is visible in the debug panel as below:
Interesting bug, we tried looking into the API docs but it requires signing up for a demo. If you could share some of the docs, we could have a bit more context on what exactly is going on. It could be an issue with how one of the responses from the server is shaped, from looking at the response you are getting in the console, all of those keys are looking good. But as multiple request/response cycles are made in order to make OAuth work (setting up tokens in the process), one of the responses from the server may not be standardized to what Retool is expecting to be able grab the tokens. Otherwise, this should be working with your current settings.
Here is out troubleshoot guide you may have explored already. If so, it may be worth it to give it a shot at setting up Custom Auth. This way, we can have granular control of setting up the required variables fir the creation of this tokens.
It does look like the signup for a demo is needed for the docs access. But the docs are publicly available - https://api.vincere.io/#overview
I did spend quite a lot time on it, and my issue with retool (great too, btw!) was the feedback it was giving about acquiring the token. The debug panel suggests the authorizaiton_code flow gets tokens properly, but they are not stored and there's just a little info missing on why that happens.
Anyhow, I realised the normal OAuth2 authorization would not work in my case anyway - Vincere requires using id_token (instead of access_token) when making API and just on the weekend, I tried using Custom Auth (thanks for pointing that out, too). This works like a charm! In fact, as I was trying to get that OAuth2 working, I tried few other low-code providers too, and it looks like only Retool give such auth flexibility.
For anyone using Vincere, here's the configuration that works for me:
In the credentials view:
make sure you use the domain assigned to your account
you'll be provided by Vincere with api_key to use in the X-Api-Key header
they require requests to contain short-lived Id-Token, which we'll need to be refreshing from time to time
we enforce refresh flow to be kicked off every 50 minutes (3000 secs), as the lifetime of the tokens expire in 60 minutes
we use REFRESH_TOKEN exported in the auth workflow to be set to the refresh_token URL parameter
this workflow will retrieve a new id_token which we overwrite ID_TOKEN environment variable with, so that following API requests are using that new value
Love to hear you got it working. I looked everywhere for other customers' experience with the Vincere API and I could not find anyone. You may be the first one connecting it to Retool.
Thank you for sharing your settings with us!
