search

OneSignal / onesignal-ruby-api

Other
15 stars 11 forks source link

[question]: Identity Verification Public Key #35

Open bismark64 opened 1 month ago

bismark64 commented 1 month ago

How can we help?

I'm trying to use the fetch_user endpoint using an external ID. When performing the request I'm getting a 401 error code and the following error:

"The app is missing the Identity Verification public key. Please generate one in the dashboard"

I don't see any Identity Verification public key in the dashboard nor I see anything like that in the docs: https://documentation.onesignal.com/reference/view-user

Code of Conduct

NoahGrumman commented 1 month ago

Also seeing this

bismark64 commented 1 month ago

@NoahGrumman I got in contact with OneSignal support and apparently they've changed the auth header, this is what they replied back:

"I assume the request you're making here has an Authorization header using Bearer but this should be Basic so please try the same request using Authorization header with Basic.

Sorry for the confusion here, these endpoints will now require the Authorization: Basic header added into the requests in order to ensure there are no concerns with the ability of bad actors to make requests with potentially guessable values stored in external_id aliases.

Going forward : View User and Update User are going to require authentication unless the alias_label is onesignal_id. Delete User is going to always require authentication."