Onboarding FAQs

How do I use Anon to automate actions via my backend app?

  • First, the end-user needs to link their account (in Web, this is via the Chrome extension triggered in the frontend app).

    That saves the user session in Anon, so your backend app can use it.

    The onboarding flow will walk you through an example of doing so above.

  • Connection flow: open dialog → confirm extension → login into IG → green checkmark in dialogue

    The end user’s session is now saved, and Anon could now access it via the end user’s user_app_id in your backend app.

Anon’s example credentials only provided one example user. How do I generate a new example_app_user_id and token?

  • UserPool acts as the public key, while app_user_id_token represents the data signed by the private key of a UserPool’s public key.

Could I create another UserPool or SdkClient?

  • Yes! You can have multiple UserPool and SdkClient within your Organization — each UserPool requires a JWKS, which could be the mock one provided by Anon or your own.

    Each SdkClient has one corresponding UserPool; follow this guide to create them.

    • Note apps reference the SDK_CLIENT_ID, so you’d need to re-set that value.

How do I use my own identity provider?

  • Follow this guide to create a new UserPool with your provider’s JWKS. Then, create a SdkClient corresponding to that new UserPool.

    Since apps reference a SDK_CLIENT_ID, be sure to change those as needed to your new SdkClient’s id.

What if I create JWTs without going through an OAuth provider?

  • You could host your own JWKS and use that to create a UserPool and SdkClient.
  • You could use an end user’s JWT as your id token as long as that JWT has the required claims or “sub” or “email” to uniquely identify the user. We also require the "kid" header (specifies the key signing the JWT).
    • For the JWKS url, you could use just one public key, as long as it’s available on a publicly reachable address. Typically, this is a url like https://yourcompany.ai/.well-known/jwks.json , but it can really be anything.

I’m done testing. How do I use Anon in prod environment?

General FAQs

  • You cannot link multiple end-users to the same integration account, even if they’re different organizations.
    • For example, if you have two end-users Alice and Bob, they (their app_user_id’s) can’t both be linked to Alice’s Instagram account.
    • For example, if you have Alice as an end-user in two separate apps, they can’t both be linked to Alice’s Instagram account.
  • Exceptions:
    • Different environments — for testing purposes, the same user may be linked in different environments (sandbox, staging, prod).

Integration Troubleshooting

Anon endpoints

Creating UserPool: Unauthorized or "error": "Upstream error"

  • Check that you’re using Authorization: Bearer <backend_api_key>

Creating UserPool: error decoding response body: expected value at line 1 column 1

  • Check that the JWKS url you created is public. Anon’s interaction with the url is that Anon’s servers download the key set and use it to verify signatures of your JWT ID tokens.

Frontend app

CORS issue

Access to fetch at 'https://svc.sandbox.anon.com/account/api/v1/appIntegration?id=instagram' from origin 'https://link.svc.sandbox.anon.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

  • Cause: end-user’s browser interprets an Unauthorized Error as a CORS error, because it’s from an Options HTTP request.
  • Check that the frontend app’s config has correct values.
  • For clientId, check that it’s the SdkClient corresponding to the UserPool which points to your desired JWKS.
    • If using the 1password file provided by Anon, check that you’re using webAppSdkClient.json, not serviceSdkClient.json which does not have a UserPool.
    • If you’re generating your own tokens, refer to this FAQ.
  • For appUserIdToken, check that the app user credentials come from the JWKS corresponding to the SdkClient.
    • If using the 1password file provided by Anon, it is example_app_user_id_token. You can generate additional example app users as follows.
    • If you’re generating your own tokens, check that they have "kid" header (specifies the key signing the JWT).
  • Check that you’re using the correct SdkClient, which should correspond to the UserPool you want to use.
  • If you’re switching to a new identity provider, create a new UserPool pointing to its JWKS and a corresponding SdkClient and verify you’re using the new SdkClient’s id.

Backend app

SyntaxError: Unexpected token 'export'

  • Add "type": "module" to your package.json file. This sets your project to use ECMAScript modules (ESM) instead of CommonJS, enabling the use of import and export statements.

Error translating external user id: 404 - Not Found

  • Check that the end-user had been linked. If using the examples, the appUserId on the backend app should correspond to an appUserIdToken you had linked on the frontend app.
  • Connect the user via your frontend app and Chrome extension, and try again.

Error translating external user id: 500 - Internal Server

  • Check that the end-user had been linked. If using the examples, the appUserId on the backend app should correspond to an appUserIdToken you had linked on the frontend app.
  • Connect the user via your frontend app and Chrome extension, and try again.

ERR_TUNNEL_CONNECTION_FAILED

  • Check that the end-user had been linked. If using the examples, the appUserId on the backend app should correspond to an appUserIdToken you had linked on the frontend app.
  • Connect the user via your frontend app and Chrome extension, and try again.

Error translating external user id: 429 - Too Many Requests

  • If you’re sending a large number of requests, you might be hitting Anon’s ory rate limit. Check that your app’s environment is configured as "prod" instead of "sandbox" or "staging", since that has better rate limits.