#REST API Datasource fails to persist Bearer Token

Hello,

I'm trying to set up a REST API Datasource with Bearer Token auth. However, when trying to use a query with this datasource, I receive an error message:

<Name of my Data Source> is not correctly configured. Please fix the following and then re-run: [Secret key is required when sending session is switched on, and should be at least 32 characters long., Secret key is required when sending session details is switched on, and should be at least 32 characters in length.]

I've tried setting a 32 character token in the Datasource, the key is saved successfully.

However after trying to use the source in a query, the error I mentioned above appears in the console.

I reopen the Data Source and the key is missing.

I believe there's some kind of validation missing from the edit Datasource view in AppSmith and it's rejecting my token.

Hey There,

We've registered your query, and our team will get back to you soon.

Regards,
Pranav

Hi @fluid sphinx

I reopen the Data Source and the key is missing.
This is the expected behavior for all encrypted fields. The credentials save to the Appsmith server (our cloud, or your self-hosted instance), and never get transmitted back to clients again- not even in the editor, for admins. When you edit a datasource, you have to re-enter all encrypted fields.

What API are you integrating with? Could you show a screenshot of the datasource configuration, without the key? Feel free to DM me if you prefer.

Thanks Joesph, I’m integrating with my own apps API. I’ll send a short screencast later showing the behavior. The feedback from the query console shared above is making me think that the bearer token secret is never saved.

@fluid sphinx Gentle reminder.

Here's a screen recording, and I actually found the issue while rubber ducking:

https://share.cleanshot.com/fl7x3nky

Long story short, the Data Source edit/create form doesn't validate the precence of the AppSmith Signature header if you have enabled that setting.

The error message in the console says "Secret key is missing" but I didn't realize that the Signature header was the secret key, I thought it was the Bearer token.

Thanks for the update! I'm glad you were unblocked here. Let us know if you need
anything else.

Thank you for your support and patience. We believe your issue has been
resolved.

Please take a moment to provide feedback on our service.
https://survey.frontapp.com/v2/09a400bf433bc9676d67/96e72801705d10718ee89752513f70db

@serene cloud just making sure you see this. I see bot interaction but no feedback that this is a UX bug.