Token error - from item view to backend

Platform discussions monday apps & integrations
,
1

Hi all,
while building a item view app and backend integration that stay on monday code.
when i using the session token from item view on backend to send query i got a :
{ errors: [ ‘Not Authenticated’ ] }

my flow is

  1. get sessionToken from itemView and send it to back in authorization header.
  2. verify the token with CLIENT_SECRET_KEY
  3. try using the session token for queries and here my error

the response of mondayApiResult

{ errors: [ ‘Not Authenticated’ ] }

the response of jwtData

{
dat: {
client_id: ‘myclientId’,
user_id: 565129,
account_id: 21579,
slug: ‘toorefo’,
app_id: 10139,
app_version_id: 10882,
install_id: -2,
is_admin: true,
is_view_only: false,
is_guest: false,
user_kind: ‘admin’
},
exp: 1712080413
}

i really appreciate any help :pray:

code in BE :

    let { authorization } = req.headers;
    if (!authorization && req.query) {
      authorization = req.query.token;

   const { sourceItemId } = req.body.payload.inputFields;
    console.log('jwtData', jwt.verify(
      authorization,
      getSecret(MONDAY_CLIENT_SECRET)
    ))


 const query = `query {
        items (ids: ${sourceItemId}) {
          name
          column_values {
            value
            type
            id
            column {
              id
              title
            }
          }
        }
      }`;


const monday = mondaySdk()

    monday.setToken(token)
    const mondayApiResult = await monday.api( query);
console.log('mondayApiResult', mondayApiResult)

    }```
2

still not found a solution, please if someone can help me :pray:

3

Hi!

As far as I know the session token provided to your item view is part of what is called seamless authentication. Since you’re verifying the token with your secret key, and you’re dealing with request bodies, I assume you’re trying to use the API from the server.

If you read the docs on seamless authentication you will see it is not suitable for use from the server. You can only use it from your front end running in the embedded item view.

You will have to perform OAuth authentication to obtain an access token you can use from the server.

I hope that clears things up!