View Based Requests: API Key Required Or Not?

Hi Knack Community! I have been developing apps for my company for the past 6 months and have recently started using view based requests instead of object based ones as they seem to be more secure, or so I thought.

A few months ago my Ajax view based requests were happy with only these headers:

 var headers = { 
                'Authorization': Knack.getUserToken(), 
                'X-Knack-Application-Id': Knack.application_id, 
                'Content-Type': 'application/json'
            };

But recently (past two weeks or so) knack has started giving me “Error 400 - Invalid API Key”,
Adding The APi Key fixes this but only if i put the actual api key. It’s not happy with just ‘knack’ as the documentation says. It seems to be on select apps at the moment but it seems to be spreading to the once working apps requiring me to go back and add the key.

Am i the only one experiencing this? Is there something i am missing?

API keys obscured for security as these apps hold sensitive data.
here’s an example of a whole ajax request that seems to require the api key;

function getData(){ 
        return new Promise((resolve, reject) => {
            var headers = { 
                'Authorization': Knack.getUserToken(), 
                'X-Knack-Application-Id': Knack.application_id,
                'X-Knack-REST-API-KEY':'a0000000-0000-0000-0000-00000000000b',
                'Content-Type': 'application/json'
            };
            $.ajax({
                url:'https://api.knack.com/v1/pages/scene_3/views/view_4/records/',
                type: 'GET',
                headers: headers,
    
                success: function (response) {
                    resolve(response);
                } ,
                error: function (error) {
                    reject(error);
                },
            });
        });
    }

and this one seems to be happy without the API Key;

function getSchedType(id){ 
        return new Promise((resolve, reject) => {
            var headers = { 
                'Authorization': Knack.getUserToken(), 
                'X-Knack-Application-Id': Knack.application_id,
                'Content-Type': 'application/json'
            };
            $.ajax({
                url:'https://api.knack.com/v1/pages/scene_10/views/view_15/records/'+id,
                type: 'GET',
                headers: headers,
    
                success: function (response) {
                    console.log(response);
                    resolve(response);
                } ,
                error: function (error) {
                    reject(error);
                },
            });
        });
    }

Any help appriciated, Thanks in advanced,

Chris.

P.S: if there is a knack method like “Knack.application_id” for retriving the apps api key where could i find it and how many other knack methods are there?

Hey Chris,

To make authenticated view-based requests, you need to have both the X-Knack-REST-API-Key header set to knack and Authorization set to the user token.

Switching from ajax to async fetch would also help clean up your code quote a bit. This is how you would make an equivalent request using fetch:

async function getSchedType(id){
  var headers = { 
    'Authorization': Knack.getUserToken(),
    'X-Knack-REST-API-Key': 'knack',
    'X-Knack-Application-Id': Knack.application_id,
    'Content-Type': 'application/json'
  };
 
  return fetch ('https://api.knack.com/v1/pages/scene_10/views/view_15/records/'+id, {
    method: 'GET',
    headers,
  });
}

Hi Chris,

Adding to David’s comments, I have noticed this in one of my client’s old apps.

(At least some) authenticated view-based requests used to work with the following headers:

var headers: {
  'Authorization': Knack.getUserToken(),
  'X-Knack-Application-Id': Knack.application_id,
  'content-type': 'application/json',
}

Then sometime in the past year, we needed to set the additional header X-Knack-REST-API-Key with knack for things to continue working.

1 Like

Good morning David and Knack Pros,

I have tried your fetch call this morning David, I didn’t have much luck implementing it but I do like how much more concise that is so I will keep playing around until I get it to work. It seems as you both said:

Is true as putting this in has allowed even my code to work. This has sort of confused me more as I am pretty sure I already tried this with no success? Not sure what I did wrong but it seems to be working now.

Thank you both for your help, I’m sure I will post again someday!

Chris.

Glad that helped!

The fetch call wouldn’t have worked because I made a typo. I’ve updated my answer so it should work now!