Custom Header / Authentication Issues

API
1

Today I tried Custom ChatGPT with the API’s from Toggle Track and Notion.so. I chose a single get Endpoint and wanted to retrieve Data.

Let’s go at first through the toggle track try:

The following API Schema and the correct API Token ends in an error code 403.

{
  "openapi": "3.1.0",
  "info": {
    "title": "Toggl Track API",
    "version": "1.0.0",
    "description": "API for accessing Toggl Track time entry data. This API requires Basic Authentication for all endpoints."
  },
  "servers": [
    {
      "url": "https://api.track.toggl.com/api/v9/me"
    }
  ],
  "paths": {
    "/time_entries": {
      "get": {
        "summary": "Get Time Entries",
        "description": "Retrieve a list of time entries. This endpoint requires Basic Authentication.\nProvide a valid username and password in the request header.\n",
        "operationId": "getTimeEntries",
        "parameters": [
          {
            "name": "start_date",
            "in": "query",
            "required": false,
            "schema": {
              "type": "string",
              "format": "date-time"
            }
          },
          {
            "name": "end_date",
            "in": "query",
            "required": false,
            "schema": {
              "type": "string",
              "format": "date-time"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "A list of time entries",
            "content": {
              "application/json": {
                "schema": {
                  "type": "array",
                  "items": {
                    "$ref": "#/components/schemas/TimeEntry"
                  }
                }
              }
            }
          },
          "401": {
            "description": "Unauthorized - Invalid Basic Authentication credentials."
          },
          "500": {
            "description": "Internal server error"
          }
        },
        "security": [
          {
            "basicAuth": []
          }
        ]
      }
    }
  },
  "components": {
    "schemas": {
      "TimeEntry": {
        "type": "object",
        "properties": {
          "id": {
            "type": "integer",
            "format": "int64"
          },
          "description": {
            "type": "string"
          },
          "start": {
            "type": "string",
            "format": "date-time"
          },
          "end": {
            "type": "string",
            "format": "date-time"
          },
          "duration": {
            "type": "integer"
          },
          "project_id": {
            "type": "integer"
          },
          "task_id": {
            "type": "integer"
          },
          "billable": {
            "type": "boolean"
          }
        }
      }
    },
    "securitySchemes": {
      "basicAuth": {
        "type": "http",
        "scheme": "basic",
        "description": "Basic Authentication is used for this API. Provide the username and password encoded in Base64 in the Authorization header.\n"
      }
    }
  }
}

Let’s go through the second try with Notion:

Notion requires a custom Header about Notion-Version for retrieving information. The Custom GPT Console gave this warning:

In path /pages/{pageId}, method get, operationId getPageById, parameter Notion-Version has location header; ignoring

For the following openapi schema:

openapi: 3.1.0
info:
  title: Notion API
  version: 1.0.0
  description: API for accessing Notion pages and data
servers:
  - url: https://api.notion.com/v1

paths:
  /pages/{pageId}:
    get:
      summary: Get a Page
      description: Retrieve a specific page from Notion by its ID.
      operationId: getPageById
      parameters:
        - name: pageId
          in: path
          required: true
          description: Unique identifier for the page
          schema:
            type: string
        - name: Notion-Version
          in: header
          required: true
          description: The version of the Notion API being used for all requests
          schema:
            type: string
            default: '2022-06-28'
      responses:
        '200':
          description: Details of the Notion page
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Page'
        '401':
          description: Unauthorized - Invalid or missing API key.
        '404':
          description: Not Found - The page with the given ID was not found.
        '500':
          description: Internal server error
      security:
        - ApiKeyAuth: []

components:
  schemas:
    Page:
      type: object
      properties:
        id:
          type: string
        title:
          type: string
        created_at:
          type: string
          format: date-time
        updated_at:
          type: string
          format: date-time
        content:
          type: string
          description: The content of the page in a specific format, e.g., Markdown or HTML.
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization

So it was not possible to retrieve any data.

Has somebody a solution for this to usecases or faces the same problems ?

Best Regards :slightly_smiling_face:

2

WOuld be keen to know this as well.

Did you found solution?

3

I encounter the same issue. I tested my OpenAPI spec for Notion in SwaggerHub. There I could retrieve my data. Unfortunately I also could not find a workaround. For the time being I switched to Airtable to get access to a database API. It serves my purpose well. Hopefully the OpenAI team will address this issue soon.

1 Like
4

A half year later i give it a second try for toggle track. Result is the same I always get a 403 for every request which is done:

That is the following OPEN API SPEC i have tested:

openapi: 3.1.0
info:
  title: Toggl Track API
  description: API documentation for Toggl Track with personal API token authentication.
  version: 1.0.0
servers:
  - url: https://api.track.toggl.com/api/v9
    description: Toggl Track API v9 server

paths:
  /me/time_entries:
    get:
      description: Lists latest time entries.
      operationId: getTimeEntries
      parameters:
        - name: since
          in: query
          description: Get entries modified since this date using UNIX timestamp, including deleted ones.
          schema:
            type: integer
        - name: before
          in: query
          description: Get entries with start time before the given date (YYYY-MM-DD) or with time in RFC3339 format.
          schema:
            type: string
        - name: start_date
          in: query
          description: Get entries with start time from start_date (YYYY-MM-DD) or with time in RFC3339 format. To be used with end_date.
          schema:
            type: string
        - name: end_date
          in: query
          description: Get entries with start time until end_date (YYYY-MM-DD) or with time in RFC3339 format. To be used with start_date.
          schema:
            type: string
        - name: meta
          in: query
          description: Should the response contain data for meta entities.
          schema:
            type: boolean
        - name: include_sharing
          in: query
          description: Include sharing details in the response.
          schema:
            type: boolean
      responses:
        '200':
          description: Successful operation.
          content:
            application/json:
              schema:
                type: array
                items:
                  type: object
                  properties:
                    id:
                      type: integer
                    description:
                      type: string
                    start:
                      type: string
                      format: date-time
                    end:
                      type: string
                      format: date-time
                    duration:
                      type: integer
                    billable:
                      type: boolean
                    tags:
                      type: array
                      items:
                        type: string
        '403':
          description: User does not have access to this resource.
          content:
            application/json:
              schema:
                type: string
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                type: string

components:
  securitySchemes:
    ApiTokenAuth:
      type: http
      scheme: basic
      description: >
        Authentication with a personal API token. Use the API token as the username 
        and `api_token` as the password. The token can be found in your Toggl Track 
        profile settings.
  schemas: {}

security:
  - ApiTokenAuth: []

I used the basic type API KEY and the authentication type BASIC. The API Key i get from my personal settings in toggle track. When i do the request from terminal, everything works as expected

Are there any solutions out there ? Do i have a made failure oder forget something ?

Please help

Best regards

Max

5

Six months later, and the documentation for ChatGPT GPT actions still says “custom headers not supported”.

You will need to make queries to an intermediate server of your own. That is also much better practice than giving API keys to OpenAI, who doesn’t guarantee they can keep a secret.

1 Like