I am starting to use the SDK to develop apps with dashboard features. I am just building some proof of concept simple apps at the moment, to test API queries.
I am able to upload an app as a dashboard feature, query data using the sdk and render it, which is great. I am taking advantage of seamless auth provided by the monday.api() method.
I now would like to start developing more efficiently, so i am trying to pass a token with the queries, so that i can debug in my local environment (rather than having to build and upload every time). I have tried using monday.setToken(âapi_token_provided_in_the_admin_section_of_monday.comâ)
and i have also tried passing the same within the options parameter of the monday.api method.
when running locally, the api returns the error saying i am not authenticated (as if i had passed an incorrect token or no token at all).
I triple checked the token i am passing. I am using the same in a raw query using Postman and that returns the data i expect.
Help would be most appreciated, let me know if you need more information on the issue.
hey @jaacquees â you also mentioned you want to develop your client-side apps more efficiently. I would recommend using ngrok for local development, because it streamlines the workflow. That way you donât have to rely on a build-upload process each time, but can still use seamless authentication and see your results in monday.com.
Essentially, you run ngrok http [port] and the tool will generate a URL that you can put in the âview setupâ testing section of your app feature.
You can install it globally or run it from inside our starter code (itâs bundled as a dev dependency).
Many thanks Dipro. I managed to create the tunnel and hook up the embedded app to my debugger (using webstorm right now). Breakpoints work, which is great.
Hey, I am facing the same problem.
I used my api key in monday.com and itâs working great.
But plugging it into my ngrok development and viewing it live in widget setup preview and using
monday.setToken(apikey)
or
monday.api(query/mutation, {token: apikey})âŠ
Neither work and I get the message: error: Not Authenticated
Leaving out the token info doesnât work either, but am I misunderstanding the documentation when it says âIf not set, will use the credentials of the current user (client only)â. Should it work anyway?
When I write a simple standalone app using the mondaySdk, use setStoken to give it my personal API token (which has full access to all boards), API calls via the Sdk work as expected - I can get data fine.
However, when I run an app from within a monday parent app, pass the API token via setToken, and query the api via the Sdk method, the response suggests that the API token I have given is « hidden » by whatever access token is present in the parent session: for instance, if the parent session has a viewer or a guest logged in, the Sdk call to the api will not return any data (even if the Sdk has received an all powerful access token via setToken).
The use case for me right now, is that I am trying to find a way to get data into a board view app even when a guest or a viewer is logged in.
Is this issue only occurring when you try to do with a guest or viewer account? I say this because I believe setToken can only be used server side, and all monday.api calls from the client side will use the logged in userâs token. This could be why this is occurring with guest/viewer accounts.
If you would like to use a single token for all API requests, youâll need to make the API calls from your backend (or make HTTP requests without the SDK).
As a workaround I am trying to expose an end point on my own API which calls monday API v2 to get the required data for my app.
It works fine when I call my API on localhost. But for some strange reason, when I deploy it to my remote server, that endpoint canât be reached by the app. I can reach it fine using postman, but the JavaScript app canât reach it. Itâs all very confusing.
If anyone has managed to make a board view or dashboard widget, which calls the API for data, without using the sessionâs token or the Monday.api Sdk method, please let me know !
Yes I am aware of seamless authentication which avoids using setToken. It is a great feature which I am using currently. The problem is that, when a guest/viewer is logged in, seamless authentication will pick up their session token and try to use it to access the Monday API, which will fail and produce an error.
I was trying to use setToken to âoverrideâ seamless authentication and give the app a token which will allow it to use the API. But that doesnât work. setToken is basically not made for a client-side context.
You are correct, setToken is not made for client-side. It is a server-side feature.
As Daniel pointed out, you donât really have any option here unless you make a request to your server.
So basically, instead of using the SDK to make a call, you will need to make a call to your server application and use a stored API token to make the request, then return the result back to your view.
It isnât an idle solution but it will get around your viewer/guest access token issue (as long as it is authorized by another user). This could also cause some security issues with viewers and guests seeing data that they are not meant to.
Thanks Mitchell. You summarised the issue quite well.
I have used the following workaround: use mondaySdk as normal (to listen for context and settings changes) except that I donât make API calls using monday.api, but using apollo.query, a common graphql library.
Indeed it is not ideal, because I am having to give the app a full memberâs token explicitly (the guest user token would not work).
The mitigation is that we are very very selective with our guests and viewers and are comfortable that there will not be any misuse or misappropriation of the token.
Having said that, it would be a lot better if there was a way for it to work natively, i.e. make board contents available as part of the apps context. That way it would only expose what each user is allowed to see, and tokens would be kept safe.
Again @monDevs I canât stress this enough. The Monday UX/UI is so vibrant and beautiful, it is a waste to not share it with clients and other partners. But to make their experience complete, these users must have a way to see custom developed views and widgets.
@jaacquees We hear you loud and clear, and we appreciate the kind words on the UI/UX. Iâll be sure to pass on both pieces of feedback internally to the team and hopefully itâs something we can tackle in the near future.