Usage of sessionToken on the backend

Hello!

This is my first post here as I just started working on a Monday.com app.

My app is a board view. I was able to set up everything, and it works fine on the frontend.
I have encountered a problem on the backend of my app. I’m able to successfully verify user sessionToken(obtained in the browser via await monday.get("sessionToken"), sent to backend, verified on the backend with jwt.verify(sessionToken, '...')).

Now I would like to make use of monday.api on the backend, and no matter if I’m using monday.setToken or passing token in options to monday.api - I’m getting “Not Authenticated” error.

I assume I did not understand something, any help/suggestions are appreciated.

Thanks!!

Hey @GTG - welcome to the community!

Could you let us know what query you’re trying to run, as well as what OAUTH permissions you’ve granted your app?

-Daniel

Thanks for response @dsilva.

This is my query:

query {
      boards (ids: 873111956) {
        id,
        permissions,
        name
        views (ids: 13749058) {
          id,
          name
          type
        }
      }
    }

OAuth permissions:

The query works fine when I’m using it from my app view iframe.

The node.js implementation is very simple:

  const mondayApi = mondaySdk();
  mondayApi.setToken(sessionToken);
  const res = await mondayApi.api(
    `query {
      boards (ids: ${boardId}) {
        id,
        permissions,
        name
        views (ids: ${boardViewId}) {
          id,
          name
          type
        }
      }
    }`,
    { token: sessionToken }
  );

sessionToken is 100% valid, or at least it passes the jwt.verify check.

Few days later I finally understood what was causing my problem :smiley:
sessionToken is useless for my case, I need api token, and it can be obtained through Oauth.
In my case I need to do that for every user who is accessing my board view. This is rather not great UX :slight_smile:

I converted this observation into a feature request: App installed webhook

Hi @GTG - Good point. This also impacts trying to use license keys for apps. We originally planned to use WHMCS licensing and billing for our app, but had to build Stripe integration because it would just be too cumbersome to ask every user of our app to enter a license key on every board. Hopefully we will see things like this centralized to the Admin App area eventually.