Enketo API v2 Authentication Error in iframe - KoboToolbox Form Submission

I’m experiencing an authentication error when submitting an Enketo form (from KoboToolbox) embedded in an iframe using API v2. Here are the details:

Problem:
When submitting an Enketo form embedded in an iframe using API v2, I receive an authentication error from the Enketo server, despite including authentication in the header.

URL received from generating URL for iframe using api:

The iframe generates fine and populates the submission but when I click submit I get an authentication error: https://ee.xxxxxxxxx.org/submission/9UsEKDGp 401 (Unauthorized)
connection.js:147
The expectation was that the admin login sent to generate the url would remain in the session so that the submission would be authorized?

Environment:

  • API Version: v2
  • Implementation: Form embedded in iframe
  • Browser: MS Edge
  • Enketo/KoboToolbox Version: V2
    Error Message: [Include the exact error message you’re receiving]

What I’ve Tried:

  1. Verified the authentication header is correctly formatted.
  2. Tested API v2, which works fine on another instance. The only difference between the working instance and the non-working is that the non-working is running the upgraded version of kobotoolbox and possibly is not configured the same as the working version
  3. Checked for potential CORS issues.

Questions:

  1. Are there known issues with API v2 authentication in iframes?
  2. Are there specific configuration requirements for API v2 that differ from v1?
  3. Could this be related to CORS or iframe security restrictions?

Any insights or solutions would be greatly appreciated. Thank you!

Tags: enketo, kobotoolbox, iframe, api-authentication

@dsouchon, pinging @stephenoduor and @ks_1 for your support.

Hi Team,

Has there been no feedback regarding the above issue?