Oauth and GET vs POST?

Hi there.

I’ve been using Make for a while now and have gotten fairly proficient at the basics…and am trying to teach myself more. This community is a fantastic resource for that, so thanks for any help in advance!

I am trying to connect to the Warehouse Management System our company uses. They have a basic API available that does what I want it to do (create new sales orders, and get current inventory levels). They also have a Zapier app integration…but I’d prefer to keep everything in Make if possible

I’ve been able to connect to their API via Postman and get successful results… so I know that the credentials etc are accurate… but when I try to use the HTTP OAuth module in Make, I run into a brick wall.

I’ve followed the Make documentation: (HTTP) as well as the API documentation (CartonCloud API Reference) as best I can… but without success.

I can’t seem to make a new connection from Make.

At first I was just getting a ‘bad client credentials’ message returned. But I’ve found that if I put the client_id and client_secret as a authorization parameters (and not just in the id and secret fields in the Make module) that I can get past that step.

but what I’m seeing now instead is “Request method ‘GET’ not supported”. The API documentation does say that the token is retrieved through a ‘post’…

I’ve tried passing various other parameters per the documentation…but can’t seem to get around this issue.

Any thoughts? Am I missing something basic here?

When I try to create a connection, this is what I see

Where is your grant_type = “client’s credentials” being entered?

Refresh token parameters

though have tried it in multiple places (authorize parameters etc)

Hmm, remove them all and try this in your authorize URI section

https://api.cartoncloud.com/uaa/oauth/token?grant_type=client_credentials

If it is indeed the GET issue in the Oauth2 call, then maybe raise a ticket to support and see if there is a way we can get to choose the request type.

Alternatively just use a regular HTTP call, but you will need another scenario to refresh the token each time. The token won’t be encrypted as well, so if you are fine with those shortfalls it can be useful to try this method.

hmmm… appreciate the idea, and I was hoping it would work… but still get: {“error”:“method_not_allowed”,“error_description”:“Request method ‘GET’ not supported”}

have tried reaching out to Make support… will see
any resources you can point me to to try a regular http call? I capture the token just as a passed variable?

OK… so Make support got back to me, but weren’t very helpful. They noted simply that the OAuth module allows you to send POST or GET… but they missed the question that I have, which is that the initial connection setup in the module (to get the auth token) seems to only be sent as a GET (which the API I’m trying to access doesn’t accept)

So…

I’ve brute-forced an approach. not pretty…and I’m sure that someone that knows what they’re doing could do this much more elegantly. But leaving a note here in case it’s helpful for someone else.

Basically, since I could get things to work in Postman… I just copied all of the elements/parameters that Postman showed in the Console after each request, and replicated that in the basic ‘http request’ module in Make. I selected the ‘parse results’ option, and then could use the output in subsequent http request modules to make API requests.

the only tricky part was i had to take what was passed back in the initial auth request as “access_token” and pass that back as a header parameter “Authorization”

and then pre-pend the string acquired from the initial auth step with "Bearer "

I also had to add “Accept-Version” with value “1”…but not sure if thats a particularity of the API I’m accessing or not

…so…

not claiming this is the ‘right’ way to do this. I’m just reverse-engineering things, and I’m sure there’s a better way… but this worked for me…

3 Likes

Thanks Noah, your solution worked for me. It seems like Make need to add the client_credentials flow option for Oauth2 and support the POST method as part of that.