Solved

Need help using the secure API connector to change usernames from community custom page

Forum|Forum|24 days ago
February 18, 2026
9 replies
124 views

AndrewK
Contributor ⭐️⭐️⭐️

Hi All,

I am working on a custom page that will allow users to update their username using the community API and a custom connector. The API Customer Communities API Documentation passes the new username as a path parameter, and I wasn’t sure how to handle that. The connector has a place to add query parameters.

https://api2-eu-west-1.insided.com/user/{id}/{field}/{value}

So, this is what I tried.

My widget code

async function updateUserField() {
    // Hardcoded just for test
    const id = 22;
    const field = "username";           
    const rawValue = "UpdatedName";


    const value = encodeURIComponent(rawValue);


    const connectorExecuteUrl = "/widget-service/connectors/username-update/execute";

    const res = await fetch(connectorExecuteUrl, {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      // Here is how I passed the fields to be used in the URL parameters
      body: JSON.stringify({ id, field, value })
    });

    const text = await res.text();
    console.log(text)
  }

I get a 403 error. I based the widget code off a screenshot from the knowledge base article but also tried using the execute connector code from the connector page but get an error that says the window.WidgetServiceSDK is not a constructor.

So, to summarize, can anyone help with the following:

I need to pass path parameters, not query parameters. How would I do that?
In the screenshot the widget used fetch to call the connector is that ok or am I supposed to use the execute connector code?
Let me know if I’m missing anything else.

Thanks!!

Best answer by marekkoszlak

Hi! Secure API Connectors don’t support dynamic path parameters. That’s intentional, as letting the browser supply arbitrary paths can create security issues (path probing, hitting endpoints the connector wasn’t meant to expose). For security and maintainability reasons, we’re also discouraging using the Community Admin API directly from custom widgets.

That said, we recognize the gap these Connector setups are trying to solve, and we’re actively exploring a more robust pattern for safe extensions in that area.

Many thanks for bringing this up! These kinds of posts really help us understand the limitations we need to work on.

jvdc
Helper ⭐️⭐️⭐️
Forum|Forum|23 days ago
February 19, 2026

Ah interesting usecase!

I haven't used the secure API connectors because I couldn't think yet of a good use, but yours seems great.

I think @marekkoszlak will be able to help!

Mithila Jayalath
Helper ⭐️
Forum|Forum|23 days ago
February 19, 2026

@AndrewK not sure whether this will work. Can you try the below code?

const res = await fetch(connectorExecuteUrl, {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    method: "PUT",
    data: { id, field, value }
  })
});

AndrewK
Author
Contributor ⭐️⭐️⭐️
Forum|Forum|23 days ago
February 19, 2026

Thanks @Mithila Jayalath I gave it a try but no luck.

Andrew

Mithila Jayalath
Helper ⭐️
Forum|Forum|23 days ago
February 19, 2026

Still getting the 403 error?

AndrewK
Author
Contributor ⭐️⭐️⭐️
Forum|Forum|23 days ago
February 19, 2026

Yes I’m getting this

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: FIS4yXxjKNImhbyqU7ajsXfAbQarBZiMkA-gp1uZR1QlnW2BOHVGVg==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

Andrew

Mithila Jayalath
Helper ⭐️
Forum|Forum|23 days ago
February 19, 2026

Thank you for sharing the error message. Hope this will solve your issue.

const res = await fetch(connectorExecuteUrl, {
    method: "POST",
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      params: { id, field, value } // ← REQUIRED
    })
  });

AndrewK
Author
Contributor ⭐️⭐️⭐️
Forum|Forum|23 days ago
February 19, 2026

Thanks still the same error.

Andrew

marekkoszlak
Gainsight Employee ⭐️
Answer
Forum|Forum|18 days ago
February 24, 2026

That said, we recognize the gap these Connector setups are trying to solve, and we’re actively exploring a more robust pattern for safe extensions in that area.

Many thanks for bringing this up! These kinds of posts really help us understand the limitations we need to work on.

AndrewK
Author
Contributor ⭐️⭐️⭐️
Forum|Forum|18 days ago
February 24, 2026

Ok thanks.

That said, we recognize the gap these Connector setups are trying to solve, and we’re actively exploring a more robust pattern for safe extensions in that area.

Yeah, it would be really useful to have a secure way to access the community API from the community.

Andrew

Didn't find what you were looking for?

Sign up

Welcome to the Gainsight Community

Scanning file for viruses.

This file cannot be downloaded