Getting unauthorized error when trying to create workspace
I’m working on a WPF app using .NET Core 6.0 in Visual Studio 2022. I need to generate a new workspace through C# code using the Miro REST API. I already have my app credentials (AppID and AppSecret) set up for OAuth.
I’m using RestSharp library for HTTP requests. The authentication part seems to work fine, but when I try to make a POST request to create the workspace, I keep getting an “Unauthorized” response.
Here’s my current implementation:
public string MiroSettingsPage = "https://miro.com/app/settings/user-profile/apps";
public string AppID = "myappid";
public string AppSecret = "myappsecret";
internal async void GenerateNewWorkspace()
{
try
{
var authClient = new RestClient("https://miro.com/app-install/?response_type=code&client_id=" + AppID);
var authRequest = new RestRequest();
authRequest.Method = Method.Post;
authRequest.AddHeader("Authorization", "Bearer " + AppSecret);
var authResponse = authClient.ExecuteAsync(authRequest);
var authResult = authResponse.Result;
var workspaceClient = new RestClient("https://api.miro.com/v1/boards");
var workspaceRequest = new RestRequest();
workspaceRequest.Method = Method.Post;
workspaceRequest.AddHeader("Accept", "application/json");
workspaceRequest.AddHeader("Content-Type", "application/json");
workspaceRequest.AddParameter("application/json", "{\"name\":\"New Board\",\"sharingPolicy\":{\"access\":\"private\",\"teamAccess\":\"private\"}}", ParameterType.RequestBody);
var workspaceResponse = workspaceClient.ExecuteAsync(workspaceRequest);
var workspaceResult = workspaceResponse.Result;
}
catch(Exception ex)
{
var errorMsg = ex.Message;
}
}
What am I missing in the authorization flow? How should I properly authenticate to create boards using the API?
Your auth flow is completely wrong. That app-install URL is for browser redirects, not API calls. You need proper OAuth - get an authorization code from users first, then exchange it for an access token at the token endpoint. But here’s another problem - you’re trying to create a board, not a workspace. Miro’s API doesn’t let you create workspaces programmatically, only boards within existing workspaces. Use /v1/boards to create boards, and you’ll need a valid Bearer token in the Authorization header. I’ve been working with Miro’s API for months and got confused by this same stuff early on. Get OAuth working first with proper token exchange, then make sure you understand the difference between workspaces and boards in Miro’s setup.
You’re mixing up OAuth authorization with direct API calls. You can’t just use your AppSecret as a Bearer token - that’s not how OAuth works at all. Here’s what you need to do: implement proper OAuth 2.0 authorization code flow. Redirect users to the authorization URL first to get an authorization code. Then exchange that code for an access token by POSTing to https://api.miro.com/v1/oauth/token with your client credentials and the auth code. Once you’ve got the real access token, use that in your API calls to create boards. Also, you’re missing the Authorization header in your workspace creation request - add the Bearer token there too. I hit the same issues when I started with Miro’s API. The OAuth flow’s tricky, especially in desktop apps where you’ve got to handle the callback URL properly.
You’re missing the complete OAuth flow. Don’t make a direct API call to the app-install URL - it should redirect users to a browser where they grant permissions. After they consent, Miro sends an authorization code to your redirect URI. Grab that code and exchange it for a token at https://api.miro.com/v1/oauth/token using grant_type=authorization_code, your client credentials, and the code. That’s how you get a valid access token. I had this exact problem building my integration. Set up a local HTTP server to catch the OAuth callback and parse the authorization code from the response. Once you’ve got the real access token, board creation works fine.
Had the same problem integrating Miro’s API into my desktop app last year. You’re treating OAuth like a simple API key - that’s why it’s not working. Desktop apps need to launch a browser window for the OAuth redirect. Here’s what happens: user authorizes your app, Miro redirects to your callback URL with an authorization code, then you capture that code and exchange it for an access token via POST request to the token endpoint. I set up a local HTTP listener to catch the callback and extract the authorization code from the query parameters. Once you’ve got the actual access token, include it in the Authorization header for your board creation requests. The token exchange is key - your AppSecret alone won’t cut it for API authentication.
you’re missing the authorization header in your workspace request! even with a valid access token, the api call won’t work without Authorization: Bearer {token} in the header. also, you can’t create workspaces through the API - just boards inside existing workspaces. get your oauth flow working first, then add the auth header to your board creation request.