diff --git a/.DS_Store b/.DS_Store
index 0dfd56565a..363dbb1c4c 100644
Binary files a/.DS_Store and b/.DS_Store differ
diff --git a/packages/builder/src/builderStore/api.js b/packages/builder/src/builderStore/api.js
index c132b01fc0..3fcd35ce28 100644
--- a/packages/builder/src/builderStore/api.js
+++ b/packages/builder/src/builderStore/api.js
@@ -3,7 +3,7 @@ const apiCall = method => async (url, body) => {
     method: method,
     headers: {
       "Content-Type": "application/json",
-      "User-Agent": "Budibase Builder",
+      "x-user-agent": "Budibase Builder",
     },
     body: body && JSON.stringify(body),
   })
diff --git a/packages/builder/src/builderStore/loadComponentLibraries.js b/packages/builder/src/builderStore/loadComponentLibraries.js
index ada00134f4..9d534f86fe 100644
--- a/packages/builder/src/builderStore/loadComponentLibraries.js
+++ b/packages/builder/src/builderStore/loadComponentLibraries.js
@@ -1,3 +1,5 @@
+import { get } from "builderStore/api"
+
 /**
  * Fetches the definitions for component library components. This includes
  * their props and other metadata from components.json.
@@ -6,7 +8,7 @@
 export const fetchComponentLibDefinitions = async appId => {
   const LIB_DEFINITION_URL = `/${appId}/components/definitions`
   try {
-    const libDefinitionResponse = await fetch(LIB_DEFINITION_URL)
+    const libDefinitionResponse = await get(LIB_DEFINITION_URL)
     return await libDefinitionResponse.json()
   } catch (err) {
     console.error(`Error fetching component definitions for ${appId}`, err)
diff --git a/packages/builder/src/components/userInterface/SettingsView.svelte b/packages/builder/src/components/userInterface/SettingsView.svelte
index cb6f73aae0..7e79883a2b 100644
--- a/packages/builder/src/components/userInterface/SettingsView.svelte
+++ b/packages/builder/src/components/userInterface/SettingsView.svelte
@@ -19,7 +19,7 @@
   }
 </script>
 
-{#if panelDefinition.length > 0}
+{#if panelDefinition && panelDefinition.length > 0}
   {#each panelDefinition as definition}
     {#if propExistsOnComponentDef(definition.key)}
       <PropertyControl
diff --git a/packages/builder/src/components/userInterface/temporaryPanelStructure.js b/packages/builder/src/components/userInterface/temporaryPanelStructure.js
index 210e7f7aa0..b1b4eaaa93 100644
--- a/packages/builder/src/components/userInterface/temporaryPanelStructure.js
+++ b/packages/builder/src/components/userInterface/temporaryPanelStructure.js
@@ -317,7 +317,28 @@ export default {
           icon: "ri-bar-chart-fill",
           properties: {
             design: { ...all },
-            settings: [{ label: "Model", key: "model", control: ModelSelect }],
+            settings: [
+              { label: "Model", key: "model", control: ModelSelect },
+              {
+                label: "Chart Type",
+                key: "type",
+                control: OptionSelect,
+                options: [
+                  "column2d",
+                  "column3d",
+                  "line",
+                  "area2d",
+                  "bar2d",
+                  "bar3d",
+                  "pie2d",
+                  "pie3d",
+                  "doughnut2d",
+                  "doughnut3d",
+                  "pareto2d",
+                  "pareto3d",
+                ],
+              },
+            ],
           },
           children: [],
         },
diff --git a/packages/client/src/state/bbComponentApi.js b/packages/client/src/state/bbComponentApi.js
index 9945d17b36..be918d3048 100644
--- a/packages/client/src/state/bbComponentApi.js
+++ b/packages/client/src/state/bbComponentApi.js
@@ -27,6 +27,7 @@ export const bbFactory = ({
       method: method,
       headers: {
         "Content-Type": "application/json",
+        "x-user-agent": "Budibase Builder",
       },
       body: body && JSON.stringify(body),
     })
diff --git a/packages/server/src/api/controllers/auth.js b/packages/server/src/api/controllers/auth.js
index fb00024d43..de88c29643 100644
--- a/packages/server/src/api/controllers/auth.js
+++ b/packages/server/src/api/controllers/auth.js
@@ -10,12 +10,9 @@ exports.authenticate = async ctx => {
   if (!username) ctx.throw(400, "Username Required.")
   if (!password) ctx.throw(400, "Password Required")
 
-  // TODO: Don't use this. It can't be relied on
-  const referer = ctx.request.headers.referer.split("/")
-  const appId = referer[3]
-
   // find the instance that the user is associated with
   const db = new CouchDB(ClientDb.name(env.CLIENT_ID))
+  const appId = ctx.params.appId
   const app = await db.get(appId)
   const instanceId = app.userInstanceMap[username]
 
diff --git a/packages/server/src/api/routes/auth.js b/packages/server/src/api/routes/auth.js
index b4b68e8929..fa95a3a5e6 100644
--- a/packages/server/src/api/routes/auth.js
+++ b/packages/server/src/api/routes/auth.js
@@ -3,6 +3,6 @@ const controller = require("../controllers/auth")
 
 const router = Router()
 
-router.post("/api/authenticate", controller.authenticate)
+router.post("/:appId/api/authenticate", controller.authenticate)
 
 module.exports = router
diff --git a/packages/server/src/api/routes/tests/couchTestUtils.js b/packages/server/src/api/routes/tests/couchTestUtils.js
index d292442165..f70fc0ced1 100644
--- a/packages/server/src/api/routes/tests/couchTestUtils.js
+++ b/packages/server/src/api/routes/tests/couchTestUtils.js
@@ -22,7 +22,7 @@ exports.supertest = async () => {
 exports.defaultHeaders = {
   Accept: "application/json",
   Cookie: ["builder:token=test-admin-secret"],
-  "user-agent": "Budibase Builder",
+  "x-user-agent": "Budibase Builder",
 }
 
 exports.createModel = async (request, instanceId, model) => {
@@ -176,8 +176,7 @@ const createUserWithPermissions = async (
   const designDoc = await db.get("_design/database")
 
   const loginResult = await request
-    .post(`/api/authenticate`)
-    .set("Referer", `http://localhost:4001/${designDoc.metadata.applicationId}`)
+    .post(`/${designDoc.metadata.applicationId}/api/authenticate`)
     .send({ username, password })
 
   // returning necessary request headers
diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js
index 4ce99f7d3a..d0ce1e2f30 100644
--- a/packages/server/src/middleware/authenticated.js
+++ b/packages/server/src/middleware/authenticated.js
@@ -15,19 +15,16 @@ module.exports = async (ctx, next) => {
 
   const appToken = ctx.cookies.get("budibase:token")
   const builderToken = ctx.cookies.get("builder:token")
-  const isBuilderAgent = ctx.headers["user-agent"] === "Budibase Builder"
+  const isBuilderAgent = ctx.headers["x-user-agent"] === "Budibase Builder"
 
   // all admin api access should auth with buildertoken and 'Budibase Builder user agent
   const shouldAuthAsBuilder = isBuilderAgent && builderToken
 
   if (shouldAuthAsBuilder) {
-    if (builderToken === env.ADMIN_SECRET) {
-      ctx.isAuthenticated = true
-      ctx.isBuilder = true
-    } else {
-      ctx.isAuthenticated = false
-      ctx.isBuilder = false
-    }
+    const builderTokenValid = builderToken === env.ADMIN_SECRET
+
+    ctx.isAuthenticated = builderTokenValid
+    ctx.isBuilder = builderTokenValid
 
     await next()
     return