Podio curl calls getting unauthorized error even with app token-CodePudding

I'm trying to get familiar with the Podio API by initially retrieving items from an existing app. Ultimately, my use-case is to read/write items for a team whose needs have scaled into the realm of automation.

Authenticating as an app, I've successfully obtained an auth token from https://api.podio.com/oauth/token with "scope": "space_3190207:all"

However, all my curl calls fail with a 401 "error_description": "invalid_request", "error": "unauthorized"

for example: curl --request POST \ --url 'https://api.podio.com/item/app/<APP_ID>/filter?Authorization=OAuth2 <TOKEN>'

I'm totally new to the Podio API, so I may have some core misunderstandings. I tried digging into the workings of the pypodio2 lib, but that's long outdated. Other info:

I'm pretty sure the URL path is right; there's a different error when it's not.

The "API Key Generator" required a full domain. I've never used an API that required this, and am not sure what it's for (callback URL?), so I just used my gitlab domain.

Thanks!

I've tried using the token returned from the "app" grant_type, as well as the global-scoped token from the "password" type.

I've tried several "get info" operations (not post or edit); all fail with the "unauthorized" error. I also tried the pypodio2 Python lib, but that won't even compile and hasn't been updated in 7 years.

I also tried fiddling with GET vs POST, adding content-type JSON header, and getting new tokens from the podio auth endpoint.

CodePudding user response：

If you've already returned the auth token, you need to use that within the header instead of the url:

curl https://api.podio.com/item/app/<APP_ID>/filter
     -X POST 
     -H Authorization: Basic <access_token>
     -d '{"filters" : {<field_id> : <search_string>}}'