Multiple authorisation issue

Anton_IA · July 11, 2019, 2:27pm

Hi there!
Is there any way to pass multiple authorization keys in API requests? I’ve tried searching but couldn’t find any useful information at once. Maybe there were something similar but I couldn’t distinguish it in the lines of code
So here’s the issue: my endpoint has both basic and oauth at the same time. I’ve tried setting them in headers

but the issue still remains.
The server responds with “401” error as basic auth hasn’t been passed. Could anyone please advise how to solve the issue?
Thanks in advance!

arlem · July 13, 2019, 10:25am

Hey @Anton_IA,

Have you tried using both the Authorization tab and the Headers tab to set-up your request?
You could use the Authorization tab for OAuth as explained in the documentation (learning.getpostman.com) and the Headers tab for the Basic Auth as shown here (stackoverflow.com).

Let us know if that works!

Anton_IA · July 15, 2019, 3:55pm

Hi @arlem, thank you so much for your response! Yes, I’ve tried that as well. The thing is when I’m using both of them, the Auth headers generated by Postman automatically (temporary ones) overwrite those that I set manually in the headers so in such case, unfortunately, I can use only Oauth based on your example.

Do you happen to know any other solution?

arlem · July 17, 2019, 8:24am

Hey,

Looking at the screenshot you posted in the first message, were you trying coma-separated value? It seems to be the recommendation according to that StackOverflow answer.

If this doesn’t work, could you detail a bit more what’s your use-case? That should make it easier for us to find a solution.

Anton_IA · July 17, 2019, 8:54am

Thanks, @arlem! You’re totally correct: I’ve been using just spaces between authorizations. Setting them comma-separated solves the issue. Thank you so much for your help!

kaustavdm · July 18, 2019, 8:08am

Hey @Anton_IA, If Arlemi’s answer solved your query can you please mark that answer a “Solution” for this thread?

pxzxz · April 1, 2020, 8:39am

It does not work for me with comma-separated. Please help!

{
“fault”: {
“faultstring”: “Invalid Access Token”,
“detail”: {
“errorcode”: “keymanagement.service.invalid_access_token”
}
}
}

Anton_IA · April 1, 2020, 9:02am

Hi @pxzxz,
Unfortunately, it’s all quite server-dependent. If your application accepts multiple auth headers, it’ll work for you. In my case, it worked, however, when I tried the same with many other applications, it worked from time to time, not as frequently as I wanted.
If it doesn’t work, most likely you’ll need to whitelist your IP in your server configuration to bypass basic auth or to pass username&password in the request URL with the following structure: http://username:password@example.com/
What application exactly do you call? Is it a widely known one?
Hope this helps you!

pxzxz · April 1, 2020, 9:38am

Hello @Anton_IA ,
I am running the API on Postman.
I am sure that I do not need to whitelist my IP as I am able to get the response without OAuth2.