"Error: refresh jwt should not be empty" when using "dgraph-js"

I Want to Do

I am trying to use dgraph-js or dgraph-js-http from my NextJS/React app to connect to my Slash account to query/update data.

What I Did

My code for dgraph-js connection looks like this:

const slashGraphQLEndpoint = process.env.NEXT_SLASH_GRAPHQL_ENDPOINT;
const slashApiKey = process.env.NEXT_SLASH_CLIENT_API_KEY;
const dgraphKey = process.env.NEXT_SLASH_DGRAPH_API_KEY;

const clientStub = new dgraph.clientStubFromSlashGraphQLEndpoint(

export const dqlClient = new dgraph.DgraphClient(clientStub);

And my dgraph-js-http connection looks like this:

const dgraph = require("dgraph-js-http");

const dgraphEndpoint = process.env.NEXT_SLASH_DGRAPH_ENDPOINT;
const dgraphApiKey = process.env.NEXT_SLASH_DGRAPH_API_KEY;

const clientStub = new dgraph.DgraphClientStub(dgraphEndpoint, false);

export const dgraphClient = new dgraph.DgraphClient(clientStub);

It was working for a bit and suddenly:
dgraph-js-http started throwing HTTPError: Invalid status code = 401 and
dgraph-js started throwing Error: refresh jwt should not be empty

Also, I am bit confused about which URLs/API Keys to use when connecting JS clients to Slash account:

a. The Ratel UI started from the Slash Dashboard has a Dgraph Server URL and Slash API Key and
b. The Slash Dashboard has a GraphQL Endpoint and the Settings > Security tab allows one to create Admin or Client Keys

Which URL / API key should I use when
a. connecting with dgraph-js gRPC client vs
b. connecting with dgraph-js-http HTTP client

Dgraph Metadata

dgraph version

v20.11.0-15-gfd3dfabc - per Slash DQL Ratel

Thanks in advance

Hi Sivarm,
Welcome to Dgraph, sorry for the delay.

Are you intending to use DQL or GraphQL? If the second, you shouldn’t be using dgraph-js or any DQL client. You can choose any GraphQL client package to connect to Slash. For example, Apollo GraphQL.

putting @gja in the loop.

Thanks for the reply @MichelDiz, I am trying to use DQL at the moment, but it would be useful to know the right way to connect JS clients to Slash or Cloud Dgraph.


For clarification, I wanted to use the DQL JS clients to upsert records without making multiple calls.

And as you said, I was able to use Apollo GraphQL + X-Auth-Token header to interact with the Slash CRUD actions on the backend.

I see, I’m looking for someone who has used Slash with DQL clients. I never used it, so I can’t help there. Let’s wait.


I can take a stab at it. I have a JavaScript environment and can do a quick run through with the dgraph-js-http client this evening.

I should be able to answer the questions above after some hands, I will see if I can reproduce the 401 error code.

When you are using the grpc client you need to use the clientStubFromSlashGraphQLEndpoint method as described on the following topic, just copy and paste the GraphQL endpoint from your Slash Overview page.

Connect using your GraphQL endpoint URL without the /graphql on the end.

As far as which token to use… For the clients use the client token. The admin token I believe is used for scripts that can add and delete Slash backends, not for dealing with the backend itself.

Now back to the OP:

I was not able to replicate this. I have a few more questions that might help diagnose:

  1. How long was it between when it was working and when it suddenly started throwing an error?
  2. Is this a script that is long running any possibly had been over 6 hours since the last setSlashApiKey? I am thinking that maybe this set slash API key is similar to the login requirements and should be run every < 6 hours.
  3. In your application, is this portion of your script running server side or client side?
  4. Have you tried yet to enable the debugging mode with either the dgraph-js or dgraph-js-http clients?

UPDATE: I was able to somewhat reproduce the 401 error with the dgraph-js-http client if I commented out my line where I setSlashApiKey. Are you sure you are using a current API key that you generated from Slash > Settings > Security tab?

If you are just using this Slash API Key, it might be likely that these keys get rotated and are not permanent keys.

Thanks for the detailed analysis/response @verneleem, I will spend some time this weekend to try the different approaches you have recommended and report back.

A quick note: I am not running any long running processes, just one-off queries from the NextJS/React client.

It is possible the 401 was caused by using Ratel Slash API Key which got rotated or refreshed, when I was trying different combinations/clients/keys to get my head around the right approach.

Again, thanks for the help.

1 Like

Just a quick update: I was able to get further along with @verneleem’s suggestions over the weekend.

The main flow that works:

  • Create a backend in Slash
  • Create a Client API key in Slash under Settings > Security
  • For GraphQL access, use the https://xxyyzz/graphql endpoint
  • For Dgraph/DQL access (dgraph-js or dgraph-js-http libs), use the https://xxyyzz endpoint (without the /graphql part)


1 Like