Client < --> Server Handshake
hey all — quick help?
goal: from a React (Vite + Chakra) app, call an Appwrite Node Function that creates/reads/updates DB docs as the logged-in user (no API key; function uses setJWT(userJwt) + per-doc perms).
tried: create session → account.createJWT() → functions.createExecution(FN_ID, body, false, "/", "POST", {"X-Appwrite-JWT": jwt}) (also tried REST POST /v1/functions/{id}/executions with X-Appwrite-JWT). Function checks authorization/x-appwrite-user-jwt, then account.get().
issue: executions keep returning 401 “Missing bearer token”; token doesn’t seem to reach the function. Execute access = Users, Web platform added, CORS handled, IDs match.
Anyone have a minimal working example or the canonical way to pass the user JWT to a function execution from the browser? 🙏
here is my client code: import { client, account, functions } from "../appwrite"
export async function createOrderViaSDK(input: { shipCountry: string; shipAddress: string; buyerName?: string }) { // mint a fresh user JWT const { jwt } = await account.createJWT()
// optional: also set on the SDK client (not strictly required) client.setJWT(jwt)
const fnId = import.meta.env.VITE_FN_CREATE_ORDER_ID! if (!fnId) throw new Error("Missing VITE_FN_CREATE_ORDER_ID in .env")
// IMPORTANT: use X-Appwrite-JWT (not Authorization) so Appwrite authenticates the execution const exec = await functions.createExecution( fnId, JSON.stringify(input), false, // sync "/", // path your function handles "POST", // method { "Content-Type": "application/json", "X-Appwrite-JWT": jwt, // ← the key line // no need to set X-Appwrite-Project; SDK adds it } )
let data: any try { data = JSON.parse(exec.response) } catch { data = { raw: exec.response } }
if (exec.statusCode !== 200 || data?.ok !== true) {
console.error("createExecution error:", exec)
throw new Error(data?.error || Function failed (${exec.statusCode}))
}
return data as { ok: true; orderId: string }
}
server code:
You shouldn't have to generate the jwt yourself, it should automatically be included in the headers when you use the createExecution method.
server code
In your function code you should get the token from this header x-appwrite-user-jwt
Here is a sample from the docs of how it's done. https://appwrite.io/docs/products/functions/develop#using-jwt
Not sure what that picture is showing, have you made the suggested code change?
im about to do it. hold
Even if you were to keep your existing system you are not using the header that you've set, so it makes sense that it doesn't work...
// src/lib/actions/createOrderViaSDK.ts import { functions } from "../appwrite"
export async function createOrderViaSDK(input: { shipCountry: string; shipAddress: string; buyerName?: string }) { const fnId = import.meta.env.VITE_FN_CREATE_ORDER_ID! // IMPORTANT: pass only the payload (string). No method/headers/path. const exec = await functions.createExecution(fnId, JSON.stringify(input))
let data: any try { data = JSON.parse(exec.response) } catch { data = { raw: exec.response } }
if (exec.statusCode !== 200 || data?.ok !== true) {
console.error("createExecution error:", exec)
throw new Error(data?.error || Function failed (${exec.statusCode}))
}
return data as { ok: true; orderId: string }
}
That looks fine, btw can you wrap your code in three ticks so it formats it? https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA
what about this. any improvements
add the missing code block i need to make this work. please
any modes needed for the server code?
Does it work?
I don't see any changes made to your server code.
I'll be honest, I'm not going to evaluate all your code, I've given you what you need to get it working. So try that, if it doesn't work provide me the error message and the code that is failing, not everything.
