ShortLivedToken is undefined in req object from App action

I have setup the simple boilerplate in which we make change to one column and it change the other column to UpperCase or LowerCase.

When I make the change in one column it triggers and call the method on server side error was printed on the console.

Error: Should send ‘token’ as an option or call mondaySdk.setToken(TOKEN)

I had executed it earlier it was working but now it return this error in console. When I debug the request it says shortLivedToken is undefined in the request.

Further debugging I got to know that

req.headers.authorization returns token without shortLivedToken moreover req.query is empty object

Object after decoding that token

“accountId”: 12xx3776,
“userId”: 32xxx852,
“aud”: “”,
“exp”: 1659191960,
“iat”: 1659191660

I have the exact same problem for a couple of days now. The only thing I changed since it was working is removing localtunnel and hosting my app on a production server.

Did you resolve the problem?

Hello @umairisrar and welcome to the community!

I hope you like it here :muscle:

Which request is this? Is this a recipe in which you have a native trigger and a custom action, and the request to the run URL of your custom action is coming this way?

Looking forward to hearing from you :slightly_smiling_face:


I have some extra information when it does and doenst work.

When I use the NodeJS template to get started and try to run locally with the localtunnel package the program runs fine. I get the shortLivedToken back as well as the accountId and userId with the request like it should. But when I try to use the exact same NodeJS application without localtunnel on a production server I don’t get the shortLivedToken. I only get the same data back as @umairisrar said:

“accountId”: 12345,
“userId”: 12345,
“aud”: “”,
“exp”: 12345,
“iat”: 12345

As I’m typing this I release we both don’t use SSL. Now I’m 90% sure this is why we won’t get the token back. Will try to fix this, be right back!

Yes @Stan is right when I deployed it on demo server its working but not on local with localtunnel

Yes this was the solution. Be sure HTTPS is used otherwise won’t return sensitive data.

Maybe Monday could implement a warning for the “Base URL” in the picture below when a user uses a HTTP endpoint instead of HTTPS, Monday will limit the data that is send back to the endpoint on a request.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.