Omit Authorization header when sending multiple requests

Hi all,

I am building an App to manage files within Teamleader Focus, currently I am buildig a module to download files (API docs: Teamleader API Documentation)

The documentation describes that a download link (a temporary url) must be requested, from where the file can be downloaded (no issue with this). This means that there are two requests, 1) to request the download url and 2) to download the file from the temporary location. I wanted to manage this by multiple requests in one module, see below.

[
	{
	"url": "/files.download",
	"method": "POST",
	"body": {
		"{{...}}": "{{parameters}}"
	},
	"response": {
		"temp": {
			"downloadLocation": "{{body.data.location}}"
		}
	}
},
{
	"url": "{{temp.downloadLocation}}",
	"method": "GET",
	"headers": {
		"{{...}}": "{{omit(headers, 'Authorization')}}", // I tried this first
		"Authorization": null // I also tried '"{{emptystring}}"', Authorzation in uppercase and lowercase start, etc..
	},
	"response": {
		"output": "{{body}}"
	}
}
]

The Authorization header is managed in the base, therefore all headers that are used for the initial "/files.download" request, are also sent to the temporary location url, which is Amazon S3. This results in the following error:

{
    "Error": {
        "Code": [
            "InvalidArgument"
        ],
        "Message": [
            "Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified"
        ],
        "ArgumentName": [
            "Authorization"
        ],
        "ArgumentValue": [
            "null"
        ],
        "RequestId": [
            "ZRN1P8ANSQ5KWJ40"
        ],
        "HostId": [
            "B9mMyMbtu7pw+q6zkPDnxx2nOZyZJbJIxZlNy2rD2PNhWHSAf8XGI7Rm8jFNDkizDfUimStHPJc="
        ]
    }
}

This is an example of a download URL that is generated (but they expire fast):

https://teamleader.s3.eu-west-1.amazonaws.com/TL_uploaded_files/222100/sale/26452468/210481704_423747_1720439226_1TheX?response-content-disposition=attachment%3B%20filename%3D%22teamleader_files.png%22%3B%20filename%2A%3DUTF-8%27%27teamleader_files.png&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEE0aCWV1LXdlc3QtMSJHMEUCIDWZgoucd2WvUWIewQiiMrcIQakF4kBDNe%2F%2FyShOWBAXAiEAxo8b%2FpXUEJ%2FKd2Ay%2FlV3W0TKPoKA3EK%2F8pf7axWscr8q9QQIFhAAGgwzOTMyNzk5NDY3ODkiDD5%2FRTZAZcb4v4x1QyrSBMtsHG0IbHQi6tL35YAvFt%2Fy2JusMJ8Oa4UK0EDbju8zQqbXrtuVY02A6H3CDtK%2FaEkSnCHlS68jheSPv3GDR2E2LjrFnDi2McIuDELlH6Hz8eocpYJT24YEuWjdKEy6Gj2IK8xHKmqs9AfpedtRnQdhz3Oe%2F111KXV1CgpAu9Imj0KYX8Jgl0FdSg%2FmF%2FCFH8WqIw8eh4pwCZ0TuBtk8wHYMwDHVi2OIv8c5wsSjy4Zs9iY%2BjeoDnm%2BhuTcPaMyDvWn2qNwz8T0R4rlifl9CnHB9shCltJNYtXHr4WuvtIBYmp6HujGB78nuBU%2BezzZ9L%2FYhe6ykc7hc%2Bo1lMwUwgmQibR%2FvVmDIdcbac9AqhDVC%2B1HX7uMxmd1%2BzT1Hn8KawTD0ayHFHz7ZakUHZY5UK2hICYOGV6PV3kWu0i6fomVbOpir2g4TkoYKAtphjsk8i5P8M8UKc6uqIKBa9vcJg7ZIiQ9PUdZhGmKs4MhB03F9krsTHqdMNdoDsEv0o9Xf8x167LU8z%2Fmgj0X4MgS10uJbWxPyCgtng24A%2Fn%2BfrSKIOtGFUrWHGyGWWafrythplja0poL6or23DJ%2B98GKCnoWQtMxYoPh%2FJzti3Y4oGtBKVobzbHxUW0sV%2BgjViJNbjnzLcl%2Bf5GRPf8pH7DaUPp31qJkMSC%2FxbtOre5WPYMbSfc9CZDK%2BtBXkGIkgf2T40%2BEsfmTosU0Ikkynf2EBd3xLAy9YqOemNGsVaQJaRI4FJNPR1Zj8Zvm%2FQqud4G6OjA8y4LkuChTUaK1lFulseInVDC9u6%2B0BjqaAf1DHhm6sajL0CuhN5TZop%2Fy6cRQ7YTfRyymHltpOfBjTROlKely7hwCXJMZn91RpdQe4B%2Bs2rnNUzL44n4LrbXVUGAM%2FvnyRxGD8SK37rbqjBN1YYFiZrPocUI3kxpgsoFzJnc%2BDyFaUlHXXANy%2B2%2BLYudke1jRNian7Lfq8N0HB61l8bH8dPITGR%2F087HvFE%2FRbQUmTMa7t64%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAVXEKPYASWZLTW5NU%2F20240708%2Feu-west-1%2Fs3%2Faws4_request&X-Amz-Date=20240708T123952Z&X-Amz-SignedHeaders=host&X-Amz-Expires=60&X-Amz-Signature=6239d961bdb27075b7d4446c3349dfc40c3ba986b0f25e475c99c029586b3200

As you can see in the Communication example, I tried a few things to remove the Authorization header from the second request. I also tried to remove the Authorization header from the base, there is no error message from Amazon in that case, but it is far from an ideal solution.

Is there a way to escape, override or omit headers that are set in the base?

Cheers,
Henk

1 Like

Hey,

may be not ideal, but what if you don’t set the Auth header in Base, but only in the modules you build? If you don’t plan too many modules, it could be a simple workaround…

Benjamin

Hi @Benjamin_from_Make,

Thank you for your response. Yes that is definitely ‘a’ solution, but as I’ve said it is far from ideal. I hoped that I could omit headers in specific modules, but everything points to it not being possible…

Will do it with the workaround then, thanks! :slight_smile:

Cheers,
Henk

2 Likes

@Henk-Operative I asked our internal team, and I have the solution:

Try this in your second call: "Authorization": "{{undefined}}" in your headers section.

Benjamin

4 Likes

Hi @Benjamin_from_Make,

I adjusted all the modules already, but I did a test… And using "{{undefined}}" works like a charm!

Thank you very much, I will happily adjust all the modules back now… :grin:

Cheers,
Henk

4 Likes

Great it works!

And yes, sorry I should have asked before answering :sweat_smile:

Kind regards,

Benjamin

2 Likes