Skip to main content

Troubleshooting

This guide covers common issues when setting up Halosight authentication and how to resolve them.

401 Unauthorized

Cause:

Invalid API key.
API key sent from the client instead of the server.

Solution:

Verify your server is using the correct API key from Halosight.
Ensure the API key is never exposed in client-side code.

CORS Errors

Cause:

Frontend is calling the Halosight API directly.
Missing server proxy to exchange tokens.

Solution:

Your frontend should only call your backend endpoint.
Ensure your backend server allows CORS for your frontend’s domain.

Token Not Returned to Frontend

Cause:

Backend modifies or strips the Halosight response.

Solution:

Return the response body exactly as received from Halosight.
```
return response.data; // Do not alter keys or structure
```

API Key Leaked or Exposed

Cause:

Key stored in client-side code, GitHub, or logs.

Solution:

Immediately revoke the compromised key by contacting Halosight.
Rotate to a new API key.
Store keys only in secure server-side environment variables.

Still Having Issues?

If you’re still running into problems:

Review your setup against the Getting an Access Token guide to ensure each step is implemented correctly.
Contact Halosight Support and include any relevant error messages or request IDs to speed up troubleshooting.

401 Unauthorized
CORS Errors
Token Not Returned to Frontend
API Key Leaked or Exposed
Still Having Issues?