There appears to be a conflict between the validation of the request and the requirements of the request. The API call requires that the scope be set to 'app'. It also requires a userId. However, when the two are combined you get the below messages indicating you cannot combine the two.
API https://docs.smooch.io/rest/#pre-create-app-user
REQUEST
{ host: 'api.smooch.io',
path: '/v1/appusers',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${token}`
}
Example body.
{
scope: 'app',
userId: 'some_userId',
credentialRequired: true,
email: '[email protected]',
properties: { picture: 'https://s.gravatar.com/avatar/.....' }
}
RESPONSE BODY
{"error":{"code":"bad_request","description":"Invalid JWT body. Cannot use userId param with app scope"}}
RESPONSE HEADERS
{ connection: 'close',
server: 'nginx',
date: 'Tue, 21 Feb 2017 14:47:50 GMT',
'content-type': 'application/json; charset=utf-8',
'content-length': '105',
'x-powered-by': 'Express',
vary: 'X-HTTP-Method-Override',
etag: 'W/"69-huba/v8EazhrDAoySthrKw"',
via: '1.1 vegur' },
statusCode: 400,
statusMessage: 'Bad Request' }
I think you might be confusing two separate concepts - the JWT payload vs the HTTP request body.
scope is defined in the payload of your JWT credential (Bearer ${token} in your code sample). More information about JWTs and scopes can be found here.
userId should be specified in the HTTP request body.
I'm not sure what language you're using, but here's an example in Node.js:
var jwt = require('jsonwebtoken');
var token = jwt.sign({ scope: 'app' }, SECRET, { headers : { kid: KEY_ID } });
var request = require('request');
request.post({
url: 'https://api.smooch.io/v1/appusers',
headers: {
'Authorization': `Bearer ${token}`
},
json: {
userId: 'some_userId',
credentialRequired: true,
email: '[email protected]',
properties: { picture: 'https://s.gravatar.com/avatar/.....' }
}
});