How to use multiple bearer tokens

Hello, I am creating a dev kit react application for the client, this uses a public token to load the configuration, also, I am trying to use the snapshot API to place some configurations and get the Image needed. in this case, this endpoint needs a private bearer token, I am returned with CORS Error policy, how do I solve this?


Hey Carlos, make sure you have a private and public token populated in your environment file. A public token is used to initialize the player while private tokens are used to interact with server-side APIs.

If you are using the dev-kit you can use also the built-in snapshot feature:

If these do not help - can you elaborate on when you are getting the CORs error?

Hey Will,
The scenario is the following one:

  1. one private token to use the endpoint.
  2. one public token to use the application.
  3. Restrictions on using window.threekit.player.snapshotAsync() because this returns a base64 encoded image (Gmail doesn’t support base64 img)

Hence, the react application loads with the public token, when the user click an specific button it prepares the configurator to take the snapshot (i.e reset camera, change scene, change defaults, etc…) then it calls API, this contains specific headers such ("authorization : Bearer XXX ") this one is private.
As a result I get CORS policy from server, and I am trying to solve this from client side, if it’s not possible I will have to run a node server in another site resolving it by server side.
Any suggestions?

If you would like to solve from the front-end I believe you can use your public token to use server-side endpoints. I have used a public token on apps for server-side APIs however, I do believe you may still receive CORS errors if your app is hosted on localhost.

A utility like ngrok may be useful to test this works for you.

Can you let me know?

The dev kit should also handle this - I can ask a developer for more details on why this might be happening if that’s preferrable.

I am trying at local host and I did try at the client hosting it’s a Wordpress site but I had the same CORS return, I would like to go into a 10 minutes call to try to solve it if you have the time to go into a call. or maybe a developer for further details.

Thanks for your time Carlos, I have opened a case for you since we have not been able to resolve this on our own.

Thank you very much, I appreciate your time.