Here are some common issues that our users run into:

Sandbox vs Production keys

If you receive an authentication error about your client_idandclient_secret, or if your webhooks don't seem to be firing correctly, try double checking to make sure that you are using the correct mode.

On your API Settings page, check which mode your client_id and/or webhook is created for, and adjust as necessary:

CORS Authentication issues

You may get an error that looks like this:

Access to fetch at 'https://app.usecanopy.com/api/v1.0.0/teams/<TEAM_ID>/pulls' from origin 
'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't 
pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. 
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with 
CORS disabled.

This usually occurs if you are trying to send the request to the Canopy Connect API in a client-side implementation. A client-side implementation may look like this:

Due to security concerns, we prevent people from sending requests which include your client_id and client_secret from the browser/client-side; instead, your client_id and client_secret must be securely kept on your server and the requests should come from the server-side of your application. This prevents bad actors from being able to steal your client_id and client_secret.

You can then send only the relevant information from the response to your client-side. It should look like this instead: