New API user, help with view-based POST



  • Avatar
    Ethan Jarrell

    I've been dealing with the same issue over the past couple of days.  It seems like there's probably something simple I'm missing, but can't seem to figure out what it is.  And yes, the object based request works fine.  Also, the view based request also works, if I remove the login requirement from the page, and remove the Knack.getUserToken() from the header.  Both of those submit the data and work great.  But on the view based request, as soon as I add the login, and the Authorization token, I also get a 403 response:

    {"readyState":4,"responseText":"Invalid token provided. Please reauthenticate.","status":403,"statusText":"Forbidden"}

    I'm using an AJAX request, which looks similar to yours, and I've also removed and tested other variables, and it must be related somehow to the user token, but no solutions yet.

  • Avatar
    Ethan Jarrell

    It also seems a little confusing on the developer docs which explain the view based request, as the required headers are different than the headers included in the curl command directly below it.  

  • Avatar
    Camille Campbell (Edited )

    I did finally get this to work. The only thing I changed was to pass the header args directly, rather than as the var headers. Maybe it was something to do with scope and the asynchronous AJAX call. Who knows, but it works now so I'm good with it.

    headers: { "X-Knack-Application-ID":, 
    "Authorization": Knack.getUserToken(),
  • Avatar

    @Camiille    Maybe.. it also might be a bug that has been frustrating me ever since the last security update.

    I've found that there can often be a discrepancy between the permissions which are evident in the browser and those in the API responses. ie sometimes it says you're logged in with a valid token and have access to a view but the api will return forbidden.

    Normally, logging out and back in to refresh to token will get it working again. It's incredibly frustrating.

    I've taken to adding an error handler to each call with an alert that prompts the user to log out / back in if the response code  is 403. I'm thinking of expanding that to redirect to a log out view & click log out and boot them out of the system so they have to refresh their token.

Please sign in to leave a comment.