Forum Discussion

SteveWellauer1's avatar
SteveWellauer1
Qrew Trainee
2 years ago
Solved

Using the RESTful Quickbase API inside a code page without a Auth Token

I am building a code page that will be connected to a button that a user will click in an app. I am trying to get away from using the Quickbase client that uses the old XML API (var qdb = new QuickBaseClient();) and use the RESTful API instead. How do I get authenticated without storing a user token or having the user pass a user token in? Using the old method it seemed to just automatically authenticate based on whatever user was logged in. I never stored or passed in credentials or a user token to use the old client, but it seems like the restful API gives me a 401 authentication error unless I pass in a user token.

Can anyone shed any light on this issue?

------------------------------
Steve Wellauer
------------------------------
  • You do need to use a token, but the RESTful API has a mechanism for generating a token specific to the users login.   This allows you to have a single token that is used by all users on startup, and then generate a token specific to the user and table.  This has two advantages:
    1) Updates to the DB are assigned to the specific user
    2) The rate limits for API calls are based on the individual user.
    There is additional overhead for the code.  The generated token is for the individual table and the user, and it expires every 5 minutes.  So you have to refresh the tokens every 5 minutes.  
    The instructions are here:
    https://developer.quickbase.com/operation/getTempTokenDBID

    ------------------------------
    Neil Schneider
    ------------------------------

4 Replies

  • Hi. In the APIRestFull model you will always need to pass the token.

    Marcelo Benavides Torres


  • You do need to use a token, but the RESTful API has a mechanism for generating a token specific to the users login.   This allows you to have a single token that is used by all users on startup, and then generate a token specific to the user and table.  This has two advantages:
    1) Updates to the DB are assigned to the specific user
    2) The rate limits for API calls are based on the individual user.
    There is additional overhead for the code.  The generated token is for the individual table and the user, and it expires every 5 minutes.  So you have to refresh the tokens every 5 minutes.  
    The instructions are here:
    https://developer.quickbase.com/operation/getTempTokenDBID

    ------------------------------
    Neil Schneider
    ------------------------------
    • SteveWellauer1's avatar
      SteveWellauer1
      Qrew Trainee
      This sounds like exactly what I was looking for, I'll go ahead and try it out. Thanks for the reply!

      ------------------------------
      Steve Wellauer
      ------------------------------
    • SteveWellauer1's avatar
      SteveWellauer1
      Qrew Trainee
      To anyone else that may be having the same problem. I was able to successfully get a temporary token and use that token on a call without using any credentials or tokens. There are two things that had to be changed in my code in order to facilitate this. The first is I had to change the authorization token from user token to temp token.

        var quickBaseHeadersEverything = {
        'QB-Realm-Hostname': 'company.quickbase.com',
        'Authorization': 'QB-TEMP-TOKEN ' + data.temporaryAuthorization,
        'Content-Type': 'application/json'
        };
      ā€‹

      The second issue I had is I tried to get a temporary token for the app DBID and the temporary token call was successful but that temporary token still returned unauthorized for my query request. When I got a temporary token for the table that I was trying to do the query request on it was successful.



      ------------------------------
      Steve Wellauer
      ------------------------------