I am trying to connect my INVESTIMENT app to an external API developed by a 3rd party partner, which requires an initial step to acquire a bearer token. (It’s a logged area). But I am getting an error 500 message…
They provided me an URL, and a token (as a key, which I don’t know where to use) .
Then, in order to access their API, I need to provide 4 information:
company_id (my company ID).
login_type “Investor”
username (I have it)
password (I have it)
The company I am using the API, said all info is being shared under the POST method.
The questions:
where should I use the Token they gave me?
the company_id, login_type, username and password should all be “headers”?
After obtaining the bearer token do I create another External API to retrieve the information I need from their API?
use custom action to get the bearer token (use company_id, etc. there)
store bearer token in some property in Users collection (to be able to access it via Logged-In User)
for other custom actions, pass this property’s value as parameter and use it in Authorization headers
for external collections, use this property directly when setting up the Authorization.
This solution raises some questions from the security perspective, but I believe it’s the best you can achieve on Adalo alone.
If the security is critical, I’d set up a separate backend service for all API interactions and it could provide limited nb of endpoints to Adalo app. However, this task could be complicated.
Hi @Victor thank you for the suggestion.
I was only able to create the Custom Action to get the bearer token and store it on my User’s collection.
Now, I still need to be able to access the API to be able to read all the data, and ideally updating that in an External Collection. But I am only getting Error messages (401 and 404)…
This is the tutorial I got from the 3rd party partner:
I am not sure though how to break down the JSON in Adalo’s forms…
Does it require a Header, inculding Content-Type: application/json ?
Does it require a Header, inculding Authorization: Bearer token-key… ?
401 means “Unauthenticated” - so apparently you’re not passing bearer token to the query.
404 means “Not found” - it means you’re using incorrect address.
Without having an access to documentation, it is quite difficult to imagine the query syntax.
I can clearly see that your first URL doesn’t exist, the second one exists but GET method isn’t supported. Also usually API require Authorization header for the auth purposes, and specifying content-type is recommended.
In custom actions the JSON reply is recognised automatically by Adalo. You can pass JSON body in the custom action payload and you can pass the values to it via magic text.