Start a new topic

Custom Endpoint Authorization


I'm trying to call a custom endpoint from an external server.

I see this example of how to do it, and I know what everything is, however I'm not sure what to put for "[credentials]"?

POST /rpc/:appKey/custom/:endpoint HTTP/1.1


Content-Type: application/json

Authorization: [credentials]

Content-Type: application/json

Hi Again,

I guess I figured out how to authenticate and call my endpoint.

I'm getting this back:

{"buf":"This is a test.",




But I'm not receiving any pushes.

This is my endpoint code:

function onRequest(request, response, modules){

var push = modules.push;

if (request.body.sendMessageToAll){

push.broadcastMessage('App Test');



Hi Gary, the problem is most likely that your devices are not registered. You can follow the steps outlined in our REST Push Guide ( to register a device to a user.

Regarding authentication, let me clarify-- [credentials] in our guides refer to using either app, master or user credentials to authenticate your request. For more information, take a look here
I think I wasn't clear.

The device can receive pushes when they are sent from the web console. (/addons/push/send)

Wouldn't that mean the device is registered? How can I verify if the device is registered?

Just not when they are sent from the above end-point code.
This is what I'm using for credentials:

IdHTTP.Request.CustomHeaders.AddValue('Authorization','Basic c3JjaGlycDphbGJlcnQ=');

Where c3JjaGlycDphbGJlcnQ is the user-name:password of the user I created as part of the setup tutorial prepared by Embarcadero.
Is this an iOS or Android device? If you look at the specific user record in the console, what is the _push attribute set to?
It's an Android device.

Push has this in it. I never saw that before.

`{ "GCM": { "ids": [ "APA91bGHJZm0QFxm2OqT8mSBAVVwgvhzLguWCoMFVgRMYDIlvsRd-OwjSsx-sbemf_ReR53CKQY18oehYiqvYkOsZcaPmyDrCfwihtbzbCAIOHkysZ-0hsgKg8txcphrYYzwyzwXpWe9PDLLUO-0nnXMYwv3kd28Svlmcg1UbVvptxbvb8Sw5DY",


"APA91bGR6CB-sDRPmaSmsx6OXJFWiglL8mMrSYCjNOHlIFYjaQen2CLvhyOxyXcxp6VA-vRHQeOxgny3jpgdDfwFpmHyb-BcVgj2wlF3UED0CW7h_cad-uV_nmAb47ZaiuTlHgS6WRq6V3N1fU9m8SclSsrTOpPpSSbO8xtTWSIpkkHSu-nVEnE" ] } }`
Couple of things:

What is your request body when calling the endpoint?

Also, response.continue() is invalid in custom endpoints, so you should use response.complete();
I think I see the problem.

I copied that code from your documentation. I wasn't using a request body. I should have taken the IF out.

Basically I'm currently just proving that things flow through right now.
That didn't help.



Authorization: (master secret)

X-Kinvey-API-Version: 3


"buf": "test"



HTTP/1.1 201

Content-Type: application/json


X-Kinvey-API-Version: 3

X-Kinvey-Request-Id: 1cfa713761934722927b983bd9a9d647

X-Powered-By: Express


"bug": "test",

"_acl": {

"creator": "kid_TT9jfdGrNO"


"_kmd": {

"lmt": "2014-05-12T20:52:31.694Z",

"ect": "2014-05-12T20:52:31.694Z"


"_id": "5371348f41214b2f7505b4b2"


My Code:

function onRequest(request, response, modules){

var push = modules.push;

push.broadcastMessage('Chirp Test');



Shouldn't this send the same thing to all phones?
Hi Gary,

A couple of things:

First, you should **never** post your credentials (i.e. the ones in the Authorization header) in a public forum such as this, as this gives anyone who looks at the message access to your app. I have edited your post to remove these credentials, but to be safe, you should regenerate your master secret. You can do this by logging into the Console, going to your App Settings, and clicking the regenerate button next to the Master Secret field.

Second, you are not actually calling the custom endpoint, but rather posting a new entity to a collection called SRChirpTest. As described in our business logic guide (, custom endpoints are accessed through:

``` /rpc/:appKey/custom/:endpoint```

In your case, this would be:

Ok, That works through the app console. Now I just have to figure out why it doesn't work from my server.

Login or Signup to post a comment