Custom pack action button requires sign-in when used on a published doc

Continuing the discussion from Custom Authentication in Packs Now Requires Approval?:

Hi folks! I have created a very simple pack for POST requests via my internal pack, which is just a fork of HTTP Kit with my custom API domain. It works fine, but not on published docs. Do you know if there is any way to configure a pack action so it does not require sign in from anonymous clients?

I have tried several approaches. Now, my code is this:

import * as coda from "@codahq/packs-sdk";

export const pack = coda.newPack();

pack.addNetworkDomain('webhook.example.com');

pack.addFormula({
  name: "POST",
  description: "Send a POST request to api.qda.one with a JSON payload.",
  isAction: true,
  connectionRequirement: coda.ConnectionRequirement.None, // No sign-in needed
  parameters: [
    coda.makeParameter({
      type: coda.ParameterType.String,
      name: "payload",
      description: "Payload created with Object().",
    }),
  ],
  resultType: coda.ValueType.String,
  execute: async function ([payload], context) {
    const url = `https://webhook.example.com/path`;
    const response = await context.fetcher.fetch({
      url: url,
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: payload,
    });
    return response.status >= 200 && response.status < 300 
      ? response.body 
      : `Error: ${response.status}`;
  },
});

Here is screenshot of what happens when I try to use the button (api.qda.one is just a name of the pack):

Hi @Yegor_Karimov - I believe we prevent this on purpose, to avoid cases where some human or bot ends up spamming some action that has side effects. Can you provide some more context about what you are trying to accomplish? Coda was designed as a collaboration tool, and so works best for use cases where everyone is signed in with their Coda account.

@Eric_Koleda, thanks for your response! What I am trying to achieve is a simple reservation form for non-coda users who visit my published doc for events. If I had the possibility to create direct POST requests with a payload from my published doc, I could send some data for more complex validation before it gets to the table. E.g: if the provided email is matching with any of membership accounts and the code of the membership is correct, then reservation would happen automatically. If not, then a client will be provided with instructions to proceed with a purchase. I have managed to create a form with custom controls already and the button works in play-mode which is enough for my use case, but requests did not go through.

Screenshot:

Thanks for the context @Yegor_Karimov. While Coda blurs the lines between a doc and an app, I think for a use case like this you would be better served building an app using some sort of app builder tool (Bubble, Glide, etc). When the other users of your interface should have essentially equal rights and access, that’s collaboration and best served with a doc. But when the other users should have much fewer rights and access, that’s more of an app paradigm.

If switching is not an option then I think your best bet would be to use a Coda form, with its limited validation options, and use some automations to validate the information after it’s been submitted and send out alerts if something is incorrect.