Authentication Token retrieval and re-use made easy

Hey everyone!

We just pushed an update that makes testing your API endpoints requiring authentication so much easier.

First, on any endpoint requiring authentication, you can retrieve an authToken directly from those endpoints in the debugger! Simply hit the icon next to the header where you’d normally paste in the authToken:

All you need next is a user’s email or primary ID to authenticate against:

After you enter in a user’s email or primary ID, the authToken will be retrieved and automatically inserted into the header!

Even better news! During your session in your Xano workspace, each of your API endpoints requiring authentication will retain the authToken. So you don’t have to retrieve it over and over again or paste it in over and over again.

4 Likes

Thank you for this. Saves a lot of time.

1 Like

I’m hoping to start limited testing soon, so I finally enabled authentication on all my endpoints and am seeing this auth token requirement for the first time.

Is it actually necessary? I really appreciate this shortcut for populating it, but could you just remove it entirely?

Also, I’m hitting an issue with this.

When I click on a user,

It tells me I need a scalar value:

In order to have an API endpoint require authentication, it must accept a valid authentication token. The shortcut we put in Xano makes it very simple to retrieve the auth token by just writing in the primary id or email. Then this authentication token is remembered during your session to make testing your endpoints that require authentication even easier… You could choose not to require authentication on your endpoints to remove the required authentication token. Could you clarify why you would even want this removed? Is it because you prefer to run and debug without the authentication token?

That error seems to be a bug. We’ll get that fixed.

Yeah, I just want to be able to run my tests without the extra step of setting an auth token. Your shortcut should make it easier…but it seems like the even better solution is to not require it at all if I’m already “inside” the API (since I’m logged into my Xano account).

Of course, depending on your architecture, maybe that has to be a long-term goal rather than a quick fix.

Keep in mind once you retrieve an authentication token once, with this shortcut, you don’t have to keep retrieving - it will automatically be on your other endpoints for testing. The auth token is necessary for Run and Debug because you need the unique auth token to tell the API which user it is. (An auth token is unique to a user). Since the user ID is passed in the auth token you would set up any database functions to accept the auth ID if you want to perform operations/show data/etc. only allowed for that user.

The problem is that when I make a change to a function, I want to make sure it works for different users with their wide variety of data. So after I’ve built a query, I run it off of user 215, then user 216, then user 1, then user 242, etc. That’s super easy to do right now–I just type in the user id and hit “run” again. Having to get the auth token is an extra step, though I do appreciate how easy you made it with the shortcut.

Now that I’ve had a chance to use the shortcut you guys built in, it’s not nearly as onerous as I was expecting. I take back all my comments :slight_smile:

1 Like