Using a Custom Tool for an API with Bearer Token returns 400 Bad Request

langgenius / dify

Dify is an open-source LLM app development platform. Dify's intuitive interface combines AI workflow, RAG pipeline, agent capabilities, model management, observability features and more, letting you quickly go from prototype to production.

Other

45.51k stars 6.39k forks source link

Self Checks

[X] This is only for bug report, if you would like to ask a question, please head to Discussions.
[X] I have searched for existing issues search for existing issues, including closed ones.
[X] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
[X] [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
[X] Please do not modify this template :) and fill in all the required fields.

Dify version

0.7.2

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

Create a custom tool for an API that uses a Bearer Token.
Create an API token for the other application
Press 'Test' for one of the endpoints and use the token as a bearer token

I have attached the OpenAPI spec for Home Assistant. But unless you have an installation of HA, it won't help much. ha.json I have successfully used other unprotected APIs on the same network.

✔️ Expected Behavior

I would expect the test to succeed. I have tried the endpoint with curl and the same token on the same machine and it works.

❌ Actual Behavior

I get the message Request failed with status code 400 and 400: Bad Request. The log file contains the line 2024-09-02 10:33:25 api-1 | 2024-09-02 08:33:25,743.743 INFO [Dummy-2] [_client.py:1026] - HTTP Request: GET http://192.168.1.115:8123/api/ "HTTP/1.1 400 Bad Request" I have tried to increase the log level, but your code doesn't seem to contain any Debug level log messages. I can only assume, that the HTTP request is malformed on your side.

I found a similar closed issue that might be relevant to your problem: Custom tool with API Key. The suggested solution was to change the endpoint to use HTTP instead of HTTPS due to a self-signed certificate issue.

For your specific issue with the Bearer Token returning a 400 Bad Request in Dify version 0.7.2, while the same token works with curl, it could be due to the specific structure and requirements of the API request as defined by Dify.

Here are the key points to check:

Headers:
- Content-Type should be application/json.
- Authorization should be in the format Bearer {api_key}.
Request Body:
- The body should be a JSON object containing a point and params.

Here is an example of how the request should be structured:

{
    "point": "app.external_data_tool.query",
    "params": {
        "app_id": "61248ab4-1125-45be-ae32-0ce91334d021",
        "tool_variable": "weather_retrieve",
        "inputs": {
            "location": "London"
        },
        "query": "How's the weather today?"
    }
}

Ensure that your custom tool sends the request in this format and includes the correct headers. This should resolve the 400 Bad Request error ^[1]^[2].

To continue talking to Dosu, mention @dosu.

langgenius / dify