Categories

Introduction to Bonsai
Using the Bonsai App
Bonsai Features
Heroku User Guide for Bonsai
Language & Framework Guides
Integrations
Platform
Elasticsearch & OpenSearch Version Support
Managing your search resources
Troubleshooting
API guide
Bonsai FAQ
Compliance & Security FAQ
Docs
>
Introduction to BonsaiUsing the Bonsai AppBonsai FeaturesHeroku User Guide for BonsaiLanguage & Framework GuidesIntegrationsPlatformElasticsearch & OpenSearch Version SupportManaging Your ResourcesTroubleshootingAPI GuideBonsai FAQCompliance & Security
>
API Error 401: Unauthorized

API Error 401: Unauthorized

An HTTP 401: Unauthorized error occurs when a request to the API could not be authenticated.
Last updated
July 7, 2023

An HTTP 401: Unauthorized error occurs when a request to the API could not be authenticated. All requests to API resources must use some authentication scheme to prove access rights to the resource.

If you are receiving an HTTP 401: Unauthorized error, there are several possibilities for why it might be occurring:

  • The authentication credentials are missing
  • The authentication credentials are incorrect
  • The authentication credentials belong to a token that has been revoked

Check that the authentication credentials you are passing along in the request are correct and belong to an active token.

Example

A call to the API that results in an HTTP 401: Unauthorized error may look something like this:

<div class="code-snippet-container">
<a fs-copyclip-element="click-2" href="#" class="btn w-button code-copy-button" title="Copy">
<img class="copy-image" src="https://global-uploads.webflow.com/63c81e4decde60c281417feb/6483934eeefb356710a1d2e9_icon-copy.svg" loading="lazy" alt="">
<img class="copied-image" src="https://assets-global.website-files.com/63c81e4decde60c281417feb/64839e207c2860eb9e6aa572_icon-copied.svg" loading="lazy" alt="">
</a>
<div class="code-snippet">
<pre><code fs-codehighlight-element="code" fs-copyclip-element="copy-this-2" class="hljs language-javascript">{
 "errors": [
   "Authentication failed.",
   "Could not authenticate your request.",
   "This request has failed authentication. Please read the docs or email us at support@bonsai.io."
 ],
 "status": 401
}</code></pre>
</div>
</div>

The <span class="inline-code"><pre><code>"status": 401</code></pre></span> key indicates the HTTP 401: Unauthorized error.

Troubleshooting

The first thing to do is to carefully read the list of errors returned by the API. This will often include some hints about what is happening:

<div class="code-snippet-container">
<a fs-copyclip-element="click-3" href="#" class="btn w-button code-copy-button" title="Copy">
<img class="copy-image" src="https://global-uploads.webflow.com/63c81e4decde60c281417feb/6483934eeefb356710a1d2e9_icon-copy.svg" loading="lazy" alt="">
<img class="copied-image" src="https://assets-global.website-files.com/63c81e4decde60c281417feb/64839e207c2860eb9e6aa572_icon-copied.svg" loading="lazy" alt="">
</a>
<div class="code-snippet">
<pre><code fs-codehighlight-element="code" fs-copyclip-element="copy-this-3" class="hljs language-javascript">{
 "errors": [
   "The 'Authorization' header has no value for the password field.",
   "The API token is missing, inactive or does not exist.",
   "Authentication failed.",
   "Could not authenticate your request.",
   "This request has failed authentication. Please read the docs or email us at support@bonsai.io."
 ],
 "status": 401
}</code></pre>
</div>
</div>

If that doesn't help, then check is that the credentials you're sending are correct. You can view the credentials in your account dashboard and cross-reference this with the credentials you're passing to the API.

If you're sure that the credentials are correct, then you may want to try isolating the problem. Try making a curl call to the API and see what happens. For example, using Basic Auth:

<div class="code-snippet-container">
<a fs-copyclip-element="click-4" href="#" class="btn w-button code-copy-button" title="Copy">
<img class="copy-image" src="https://global-uploads.webflow.com/63c81e4decde60c281417feb/6483934eeefb356710a1d2e9_icon-copy.svg" loading="lazy" alt="">
<img class="copied-image" src="https://assets-global.website-files.com/63c81e4decde60c281417feb/64839e207c2860eb9e6aa572_icon-copied.svg" loading="lazy" alt="">
</a>
<div class="code-snippet">
<pre><code fs-codehighlight-element="code" fs-copyclip-element="copy-this-4" class="hljs language-javascript">curl -s -vvv -XGET https://user1234:somereallylongpassword@api.bonsai.io/clusters/
{
 "clusters": [],
 "status": 200
}</code></pre>
</div>
</div>

If the request succeeds, then you have eliminated the API Token as the source of the problem, and it's likely an issue with how the application is making the call to the API.

If the request still fails, then you should consult the documentation for the authentication scheme you're using to determine which HTTP headers are needed in the request. You can also use the -vvv flag in curl to see which headers and values are being passed with the request.

If all else fails, you can always contact support and we will be glad to assist.

View code snippet
Close code snippet

One More Cloud

The search experts. Makers of Bonsai and Websolr.

Subscribe for product updates:

Elasticsearch is a trademark of Elasticsearch BV. Apache and Apache Lucene are trademarks of the Apache Software Foundation.

Status

|

FAQ

|

Terms

|

Privacy

Resources

Search AssessmentHeroku AddonPricingDocsBlogAnnouncementsCareersContact

Platform

Elasticsearch on Google CloudElasticsearch on AWSOpenSearch on Google CloudOpenSearch on AWS

ES/OS-as-a-Service

Managed ElasticsearchManaged OpenSearch

© One More Cloud, Inc. All Rights Reserved