Multi Request API



So thanks to the help of super below and a bit more of digging I was able to sort out the missing bit. Also credit goes to AsianCaptainKirk who had done some digging prior to this and has a post and shortcut up on Reddit on how to do this. I will attach a screenshot to clarify but the missing piece from supers suggestion was a second header named Content-Type that had a value of application/x-www-form-urlencoded.

I assume it’s similar to doing a x-callback but adding the extra encoding to the url/header that was needed along with the encoding of the client ID and secret.

Hi all,

My apologies if this has been covered elsewhere but as I am very much new to this (Scriptable and JavaScript) so I don’t know how to phrase this to do a proper search and may have missed it.

I will use Reddit as an example and because it’s a popular site that takes this approach. I was curious about how to use API or regular login fields to login to sites via shortcuts or JS. I have figured out how to do this in a limited way by using get url contents in shortcuts to do GET, POST and others and the same in JS by using multipart loads on a POST request.

In the case of a site like Reddit it seems to do this in basically two stages. I am limited to doing it as a grant type of password as I do not have my own server to complete a authenticate request via API. In the grant password option they list this script as a example

reddit@reddit-VirtualBox:~$ curl -X POST -d ‘grant_type=password&username=reddit_bot&password=snoo’ --user ‘p-jcoLKBynTLew:gko_LXELoV07ZBNUXrvWZfzE3aI’

I know to drop out anything before curl or cURL and I see it listed as a post. When I try to replicate that via shortcuts get url I get an error message saying unauthorized. I am not exactly clear how to translate that to JS in Scriptable either.

My understanding is that the API wants to do this in two parts. The first is a request to the base url to cover the grant type and username and password and a second to use the app id and secret id to authenticate and generate the token.

If anyone has any suggestions how to do this in JS via Scriptable or Shortcuts or has some ideas where I can read up to answer my own question I would love to hear it. I was wandering if some kind of x-callback could work in shortcuts? I don’t know totally lost here lol


Here’s how you could get an access_token using Shortcuts. I’ve not tested but this should be close enough.

The access_token you get is valid for 1 hour. You don’t need to call it again within that period.

For calls to the authenticated endpoints, this that begin with, use Authorization: Bearer your-access-token. User-Agent is also required in the header like shown here.

btw, I’m posting an article here soon on how to use response_type=code as well as setting up your own redirect_uri for free which you can use for both Shortcuts & Scriptable. This will come soon after Scriptable 1.3 gets released.


Absolutely clutch as always.

I was heading in the right direction over all I just was not sure how to combine the two so thank you for the clarification and screen shots.

The code I read up on all made it seem like it was two request appended to each other and done at once so I started trying to use header/body of the URL like you did but wasn’t sure what to put where.

The other thing that stumped me was the -p part in their example. I know curl is old so there are newer ways to do it but I wasn’t sure if it was a run JS or not but those only work on share sheet. I had been toying around with using 64 encode but was having limited luck.

Thanks again for your input and also your work on Scriptible and SO many other projects I and who knows how many use.


I gave the setup you screen shotted a try but no luck. To be more precise I get a timeout on the request.

I tried adding user agent into the mix, swapping basic for password (maybe grant should go their instead?) and a few other things. I tried bogus information to try and generate a login error or something but I just kept getting timeouts.

When I switch to a GET all I got was error 401 unauthorized message. The only thing I can say to maybe get more light on this is that when I ran some early versions of my script using the authentication method over password it would take me to the authorize screen but it would say bad request after I logged in (I assume due to a non working uri).

I am including some screen shots of another shortcut I found that tried to do a login method too but it’s missing a lot of data so don’t know if it will be helpful.