OAuth2 Issues Authorising to Trustpilot

Hello,

I am trying to integrate to Trustpilot private API using OAuth2 in snaplogic but cannot get this to work. I have followed the instruction sets below (using grant type authorization_code)

https://developers.trustpilot.com/authentication
https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/858915683/REST+OAuth2+Account

I get as far as entering my credential into TP but it then hangs with no error. Below are screenshots of the config i am trying…

I wonder if anyone in the community has had success integrating with Trustpilot and could help?

1 Like

@Tommy Did it hang on the TP site or after redirected back to SnapLogic? The value of code may cause the problem here because it will override the actual value returned from the endpoint. Could you remove all of the parameters in Token and Auth endpoint config and try again? Those standard parameters are provided automatically.

Thanks for the reply. I get redirected to the TP login page, it hangs there when i try to log in, so i am assuming it cannot redirect back.

As you have suggested, i have removed all of the parameters, I can see the URL it calls still looks to contain the parameters as you say…

https://authenticate.trustpilot.com/?state=hostname%3Dhttps%3A%2F%2Felastic.snaplogic.com%2Cinstance_id%3D784b54a6-8626-42cc-8a10-2586ef9a4301&redirect_uri=https%3A%2F%2Felastic.snaplogic.com%2Fapi%2F1%2Frest%2Fadmin%2Foauth2callback%2Frest&response_type=code&client_id=xxxxxxxx

A couple of observations from the TP documentation. I am not sure how Snap is passing the headers. TP requires this…

Header:

Authorization: Basic [BASE64_ENCODED(API_KEY:API_SECRET)]

The API key and secret can be passed either in Authorization header, using HTTP Basic authentication, or in payload, using the client_id and client_secret parameters. Using HTTP Basic authentication is the recommended approach.

I have ticked the “Header authenticated” box so i would assume this caters for that?

Secondly, the URL is being called with a parameter “state” containing hostname. the TP documentation does not ask for that. Could this be part of the issue?

Currently, we do not support sending basic authorization header to get an access token, but we are working on that.

However, I think the problem you’re facing now is not related to that because it isn’t required at the first step of the authorization process. You could also try to remove the “state” parameter from the URL manually. Can you also check your browser console to see if there is any error on the TP page?

Hi there,

Trying to do exactly the same integration with Trust Pilot and hitting the same issues as Tommy. Any further help would be appreciated.

Thanks

Nick

Great news i have managed to get the token to work. I managed to get hold of the developers at trust pilot and log a call. Their response:

I’ve had confirmation from our dev team that our applications can’t accept sub or pathing domains but only root domains.
I’ve created a new set of keys for the business account called “TP - Test” with snaplogic.com as the specified redirect URI which allows me to run the authenticate call without the browser login step hanging:

Here is my TP config now (just specify snaplogic as the redirect URL).

This is the oAuth2 account setting i used in snap.

It now returns a valid token into the account

2 Likes

Excellent. Thanks for working it out Tommy! Works for us now too.

1 Like