Testing my connection to the Menu API and getting a 401 error

Answered

Matthew Hay

February 10, 2022 21:22

Testing my connection to the Menu API and getting a 401 error. Following the documentation, I have successfully fired a GET request and connected properly. Now I'm trying to test on line. and getting the following error:

Access to fetch at 'https://<production hostname>.toasttab.com/menus/v2/menus' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

{"status":401,"code":10013,"message":"unauthorized","messageKey":"Full authentication is required to access this resource","fieldName":null,"link":"Full authentication is required to access this resource","requestId":"a4855ae4-6d0a-462e-ad50-688bd2dbf2f3","developerMessage":null,"errors":[]}

Here is my script (accesstoken omitted):

var myHeaders = new Headers();
	myHeaders.append("Authorization", "Bearer {{my token goes here}}");
	myHeaders.append("Toast-Restaurant-External-Id", "3338298f-546c-4f26-9d62-9d7a99a01688");
	var requestOptions = {
	method: 'GET',
	headers: myHeaders,
	redirect: 'follow'
	};
	fetch("https://<production hostname>.toasttab.com/menus/v2/menus", requestOptions)
	.then(response => response.text())
	.then(result => console.log(result))
	.catch(error => console.log('error', error));

0

• 

  Liz Jackson

  February 11, 2022 13:12

  Hi Matthew Hay,

  Thanks for including the full response in your post, that is so helpful! The request ID in your post allowed me to easily track down your API call.

  Our logs indicate there was no JWT/access token in your API call. Can you double-check that the authentication token you got in your API call is getting populated after the "Bearer " string in the construction of myHeaders? Otherwise your header setup looks good.

  Thanks!

  0
• 

  Matthew Hay

  February 11, 2022 14:32

  Hi Liz, this is the full code - please let me know what is missing. Thanks: 

  var myHeaders = new Headers();
  myHeaders.append("Authorization", "Bearer <token>");
  myHeaders.append("Toast-Restaurant-External-Id", "3338298f-546c-4f26-9d62-9d7a99a01688");

  var requestOptions = {
    method: 'GET',
    headers: myHeaders,
    redirect: 'follow'
  };

  fetch("https://<hostname>/menus/v2/menus", requestOptions)
    .then(response => response.text())
    .then(result => console.log(result))
    .catch(error => console.log('error', error));
          

  0
• 

  Liz Jackson

  February 11, 2022 14:45

  Thanks Matthew Hay. I've redacted the token from your post - please don't post full authentication tokens moving forward.

  The code snippet looks good. If you have tried this request again and it failed, can you send the response along with a request ID?

  0
• 

  Matthew Hay

  February 11, 2022 14:52

  Access to fetch at 'https://ws-api.toasttab.com/menus/v2/menus' from origin '{{myside.url}}' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

  GET https://ws-api.toasttab.com/menus/v2/menus net::ERR_FAILED
  (anonymous)    @    (index):181

  {"status":401,"code":10013,"message":"unauthorized","messageKey":"Full authentication is required to access this resource","fieldName":null,"link":"Full authentication is required to access this resource","requestId":"35766010-75fc-4e8f-ac82-88a40691d16b","developerMessage":null,"errors":[]}

  0
• 

  Liz Jackson

  February 11, 2022 15:30

  Matthew Hay thanks for the request details! That one has the same error message in our logs as last time: "Request does not contain a JWT".

  When you log your request the the console or elsewhere locally, do you see a token after the "Bearer " string? It appears to be getting stripped from the API call somewhere before it hits our endpoint.

  0
• 

  Matthew Hay

  February 11, 2022 16:41

  It's the same script as what I posted before (which you omitted the access token from) - so it's definitely added. I'm still getting this "has been blocked by CORS policy" error and "error TypeError: Failed to fetch: https://ws-api.toasttab.com/menus/v2/menus" 

  I'm at a loss here. I just need to initiate a GET request in order to retrieve the Menu data. Any help would be greatly appreciated. 

  0
• 

  Liz Jackson

  February 11, 2022 17:01 Edited

  I expect you may need to add a CORS authorization to the headers. I say this because of some searching and this article. Unfortunately we're getting outside of my own expertise, but for what it's worth, I have not heard of another group having this problem, so I think the error is occurring before the request ever gets to Toast. Are you able to check out whether there is any redirect happening on your end?

  Just to be sure, if you use Postman to do this same API call, are you able to get the menu?

  0
• 

  Matthew Hay

  February 11, 2022 17:10

  Thanks Liz - is there anyone else I could speak to on this? We are part of the BETA program, not sure if that makes a difference or a reason why we can't connect?

  0
• 

  Sharan Multani

  February 14, 2022 16:29

  Hey Matthew,

  It appears that the error is occurring before the request ever gets to Toast. As such, it's not a Toast API error that we can help you resolve.

  Additionally, this forum is the only support we offer at this time. 

  Best,

  Sharan

  0

Please sign in to leave a comment.