Authorization token in ajax request

Hi there,

I’m trying to trigger a virtual button from an ajax request.
I tried it with postman and it works.

Now, I want to use cookies (set when user logged in to something like my-page.onlosant.com) to make that request. How do I add authorization cookie to ajax request? This is what I have so far.

var token = (what should go here?);
$.ajax({
  url: "https://api.losant.com/applications/5cbf31a04c061e0009dc85b1/flows/5cfec6e21930a50008279dfa/virtualButton",
  type: "POST",
  headers: {
    "Content-Type": "application/json",
    "Accept": "application/json",
    "Authorization": "Bearer"+token
  },
  data: {
    "key": "5cfec6e21930a50008279dfa-lPWOBslkG7xNqZId_QGqK",
    "payload": {
      "some": "data"
    }
  },
  success: function(result){
    console.log(result);
    // GUI - notificacion
    $.notify("Acción realizada con éxito", { position: "bottom center", style: 'bootstrap', className: 'success' });
  },
  error: function(result){console.log(result);}
});

Regards,
Nahuel

Hey Nahuel,

Making requests directly against the Losant API cannot be made by an Experience User’s authentication token. The tokens provided by Experience Users (i.e. logged in via onlosant.com page) are used for identification and authentication when they make requests against Experience Endpoints.

The Losant API provides broad access to an application’s resources, and it not likely a level of access you want to expose to your Experience Users. This is why we introduced the Experience Endpoint system as a layer above the Losant API. Endpoints allow you to handle and validate requests based on your application’s own security requirements.

It is a perfectly acceptable use-case to allow an Experience User to trigger a Virtual Button, however you’ll have to move the button invocation into a Workflow triggered by an Experience Endpoint. So the ajax call will not directly request the Losant API, it will instead request an Experience Endpoint. The Workflow that’s triggered by that endpoint can then use the Losant API Node to do what you’re trying to do directly. This extra layer then gives you an opportunity to make sure the user attempting this action is allowed to do it.

Also, when making ajax calls to Endpoints, the user’s token is automatically provided since it’s put in a cookie by the Login workflow. So your code would look something like this:

$.ajax({
            url: "https://my-page.onlosant.com/my-custom-endpoint",
            type: "POST",
            headers: {
              "Content-Type": "application/json",
              "Accept": "application/json"
            },
            data: {
              "some": "data"
            },
            success: function(result){
              console.log(result);
              // GUI - notificacion
              $.notify("Acción realizada con éxito", { position: "bottom center", style: 'bootstrap', className: 'success' });
            },
            error: function(result){console.log(result);}
          });

And here’s an example workflow that shows how to use the Losant API Node to press the button:

Thanks, Brandon for your quick and detailed answer. Got it working :smile: