Error accessing Stream REST Api using JWT

Question

I am trying to use JWT token to access a Stream feed but it is returning 404 everytime.

Token header:

{
  "alg": "HS256"
}

Token payload:

{
  "resource": "feed",
  "action": "read"
}

The token was generated using the jjwt library and signed using the secret provided in my account dashboard. I also validated it on jwt.io and it was a valid token

Url

GET: https://api.getstream.io/api/v1.0/feed/notification/666?api-key=...
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJyZXNvdXJjZSI6ImZlZWQiLCJhY3Rpb24iOiJyZWFkIn0.MUZHXQg0UD6jFpCZN5Mn1e7wwys_1qYuVtfBKtHL8QU

Response

{
    "exception": "GetStreamAPI404",
    "detail": "sorry you've hit a 404"
}

Am I missing something here? Can't figure out what the problem is.

Answer 1

In order to perform correct permission checking, you need to include the feed_id field in your token payload. The value of the field must be the same as the feed that you are trying to read and be in the form of ${feed_group}:${feed_id}.

For instance, the payload for the request in your question (https://api.getstream.io/api/v1.0/feed/notification/666?api-key=) should be:

{
  "resource": "feed",
  "action": "read",
  "feed_id": "notification:666"
}

Note: API URLs must end with a trailing slash (eg. /api/v1.0/feed/notification/666/?api_key=...)

Auth HTTP headers:

Authorization must only contain the JWT token

stream-auth-type must be sent with the value jwt