Hello, I am trying to get the X-Cybozu-Authorization token on javascript so I can send it to my server and get records based on the permissions that has this token (user).
How can I do this? I imagine something like kintone.getUserToken()
I also check the cookies that Kintone saves, but it seems that it manages sessions, it doesnt store this token.
Thank you
X-Cybozu-Authorization is placed in the request header with a BASE64-encoded login name and password to perform password authentication.
Under "Authentication" at Kintone REST API Overview
Kintone REST API Overview - Kintone Developer Program
There is no getUserToken() method in Kintone, so we need to ask you to input a base64 encoded value of "Log_in_name:password" using such the following site instead.
Hello Junko, thank you for your response, I understand that. The thing is that I am on kintone javascript frontend, where the user is already logged in on kintone. Now I need from the “create record” page, a token of the user logged in so I send it to my server and make http requests to kintone api from my server with user token.
Hope it makes sense
Hi Mauri,
Thank you for the additional information.
If you have already logged into Kintone and want to run the REST API with the JavaScript files, session authentication (not X-Cybozu-Authorization) is used based on the logged-in user's permissions.
In Kintone, there is no API to obtain session information.
And there is no way to use the session information held on the browser side to run the API from an external server.
User API Overview - Kintone Developer Program
As you are aware, when you run the Kintone REST API from an external server, you will need one of the following authentications:
Password authentication (X-Cybozu-Authorization)
Required information: BASE64 encoded value for "Login Name: Password"
API token authentication
Required information: API token generated by the app
Kintone does not provide an API to obtain the information required for each authentication,
so it is necessary to include the information in the source code.
I hope this helps.
One more thing,
regarding the website I referred to in the previous post,
because there is a risk of leaving the username and password to a third party, I think it would be better to encode it with the btoa() method in the browser console.
var usernamepassword = "chocolate:pudding";
var encodedData = btoa(usernamepassword);
console.log(encodedData);
Thank you.
Junko