API Error 401: Unauthorized

An HTTP 401: Unauthorized error occurs when a request to the API could not be authenticated. All requests to API resources must use some authentication scheme to prove access rights to the resource.

If you are receiving an HTTP 401: Unauthorized error, there are several possibilities for why it might be occurring:

  • The authentication credentials are missing
  • The authentication credentials are incorrect
  • The authentication credentials belong to a token that has been revoked

Check that the authentication credentials you are passing along in the request are correct and belong to an active token.

Example

A call to the API that results in an HTTP 401: Unauthorized error may look something like this:

{
  "errors": [
    "Authentication failed.",
    "Could not authenticate your request.",
    "This request has failed authentication. Please read the docs or email us at support@bonsai.io."
  ],
  "status": 401
}

The "status": 401 key indicates the HTTP 401: Unauthorized error.

Troubleshooting

The first thing to do is to carefully read the list of errors returned by the API. This will often include some hints about what is happening:

{
  "errors": [
    "The 'Authorization' header has no value for the password field.",
    "The API token is missing, inactive or does not exist.",
    "Authentication failed.",
    "Could not authenticate your request.",
    "This request has failed authentication. Please read the docs or email us at support@bonsai.io."
  ],
  "status": 401
}

If that doesn't help, then check is that the credentials you're sending are correct. You can view the credentials in your account dashboard and cross-reference this with the credentials you're passing to the API.

If you're sure that the credentials are correct, then you may want to try isolating the problem. Try making a curl call to the API and see what happens. For example, using Basic Auth:

curl -s -vvv -XGET https://user1234:somereallylongpassword@api.bonsai.io/clusters/
{
  "clusters": [],
  "status": 200
}

If the request succeeds, then you have eliminated the API Token as the source of the problem, and it's likely an issue with how the application is making the call to the API.

If the request still fails, then you should consult the documentation for the authentication scheme you're using to determine which HTTP headers are needed in the request. You can also use the -vvv flag in curl to see which headers and values are being passed with the request.

If all else fails, you can always contact support and we will be glad to assist.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us