0

I'm using a third-party API and cannot get the initial authorization to work to get the session key. I've used this code with several other APIs in the past and am stumped why it's not working here. This API requires you to Base64 encode the username and password to authenticate your access.

I've tried a number of things, but narrowed down the different error messages to whether I use "Basic" or "Bearer" in my encoding.

With "Bearer" the error message is:

The remote server returned an error: (401) Unauthorized

With "Basic" the error message is:

The remote server returned an error: (500) Internal Server Error

Given the messages, I'm assuming "Bearer" is correct, because at least it's trying and is saying that the access is unauthorized... But, I'm told the username and password provided is correct! I've checked several times to verify.

Any idea what could be causing the issue?

Code:

Sub MyWebApiProcedure()
    Dim vHTTPREQUEST As HttpWebRequest, vHTTPRESPONSE As HttpWebResponse, vSTREAMOBJECT As Stream, vSTREAMREADER As StreamReader, vSESSIONKEY As String

    Dim vURI As String = "https://api.myapi.com/api/myendpoint/"
    Dim vUSERNAME As String = "myusername"
    Dim vPASSWORD As String = "mypassword"
    Dim vTOKEN As String = "Bearer " + System.Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(vUSERNAME + ":" + vPASSWORD))

    vHTTPREQUEST = CType(WebRequest.Create(vURI), HttpWebRequest)
    vHTTPREQUEST.Method = "GET"
    vHTTPREQUEST.ContentType = "application/x-www-form-urlencoded"
    vHTTPREQUEST.Accept = "application/json"
    vHTTPREQUEST.Headers.Add("Authorization", vTOKEN)

    '>>> THE ERROR OCCURS AT THIS LINE <<<'
    vHTTPRESPONSE = CType(vHTTPREQUEST.GetResponse(), HttpWebResponse)

    vSTREAMOBJECT = vHTTPRESPONSE.GetResponseStream()
    vSTREAMREADER = New StreamReader(vSTREAMOBJECT, Text.Encoding.UTF8)
    vSESSIONKEY = vSTREAMREADER.ReadToEnd()

    vHTTPRESPONSE.Close()
    vSTREAMREADER.Close()

    Response.Write(vSESSIONKEY)
End Sub

EDIT: Received the Python version from the support team based on the documentation.

encoded_auth_text = base64.b64encode(b'username' + b':' + b'password')

response = requests.post(url='https://api.myapi.com/api/myendpoint', headers={'Authorization': encoded_auth_text}, timeout=30)
Improve this question
5
  • What authentication does the third party API expect? If you're not sure which of the two, but are sure that the credentials are correct, and observe that one of the two produces an HTTP 401 response and the other does not, then I'd have made the opposite conclusion... That the one which doesn't produce an HTTP 401 response is the correct authentication/authorization. A separate problem may also exist, but you should address one problem at a time. For the problem of authentication/authorization... Which of the two does the 3rd party server indicate in their documentation or support? Commented Sep 18, 2024 at 19:31
  • I think you're right. It is the opposite. The server requires Base64 with a username and password pair. And, I believe that means you must use "Basic" and that will return the internal server error. I wasn't thinking straight. So... to answer your question the 3rd party documentation specifically states is requires Base64 with a username and passowrd. Commented Sep 18, 2024 at 19:45
  • In that case, if the problem is that the 3rd party server is returning an HTTP 500 response, then unless the body of the response contains useful information about the problem then your next step is probably to contact that 3rd party for support. Commented Sep 18, 2024 at 19:54
  • We've been contacting them, but despite their efforts, no solution. But... I think I may be being stupid here?? I added their python code in an edit to my OP. Looking at it closer it looks like they are using "POST"? Is that my issue? I'm using a GET request. Commented Sep 18, 2024 at 20:32
  • Dang it! That's what it was. I needed to use a POST request versus a GET request. Since it was the original in python, I wasn't being careful or critical enough in my translation. Sorry for the wasted time. Commented Sep 18, 2024 at 20:44

1 Answer 1

Reset to default
0

The answer was to use a POST request instead of a GET request. And, since it's a Base64 encoding of the username and password. You need to use "Basic" authentication.

Lesson learned to read the documentation more critically.

Sub MyWebApiProcedure()
    Dim vHTTPREQUEST As HttpWebRequest, vHTTPRESPONSE As HttpWebResponse, vSTREAMOBJECT As Stream, vSTREAMREADER As StreamReader, vSESSIONKEY As String

    Dim vURI As String = "https://api.myapi.com/api/myendpoint/"
    Dim vUSERNAME As String = "myusername"
    Dim vPASSWORD As String = "mypassword"
    Dim vTOKEN As String = "Basic " + System.Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(vUSERNAME + ":" + vPASSWORD))

    vHTTPREQUEST = CType(WebRequest.Create(vURI), HttpWebRequest)
    vHTTPREQUEST.Method = "POST"
    vHTTPREQUEST.ContentType = "application/x-www-form-urlencoded"
    vHTTPREQUEST.Accept = "application/json"
    vHTTPREQUEST.Headers.Add("Authorization", vTOKEN)

    vHTTPRESPONSE = CType(vHTTPREQUEST.GetResponse(), HttpWebResponse)

    vSTREAMOBJECT = vHTTPRESPONSE.GetResponseStream()
    vSTREAMREADER = New StreamReader(vSTREAMOBJECT, Text.Encoding.UTF8)
    vSESSIONKEY = vSTREAMREADER.ReadToEnd()

    vHTTPRESPONSE.Close()
    vSTREAMREADER.Close()

    Response.Write(vSESSIONKEY)
End Sub
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.