Forum Discussion

jodydowling's avatar
jodydowling
New Contributor
4 years ago
Solved

Missing header

When submitting a request with an Authorization header, it seems to be stripped out when it is received.  Message returned is "Bad Request: The authorization header is null or empty or isn't bearer. ...
  • richie's avatar
    richie
    4 years ago
    Hey jodydowling,

    So the request doesnt even include the Authorization header, not that the value is blank, right?

    Well thats a new one on me.

    Can you clarify the authorisation scheme being used in your request? Basic auth? OAuth?
    When you use (for example) basic auth, the Auth header is dynamically created based on (if i can remember correctly) a base64 encode of the username and password. If for some reason the Authorization header isnt being generated or the value isnt being generated you can hard code the Authorization header (along with the value) to force the presence of the missing Auth header in your request.

    When you add the header, make sure you spell it correctly or it wont work.
    The reason im saying this is that (im british and you spell Authorization as Authorisation...however, the headers spelling is US english....spelled with the 'z'

    Ok, thats it. Force the presence of the header by actually adding an Authorization header and you should be golden!

    Nice one,

    Rich
richie's avatar
richie
Community Hero
4 years ago
Hey jodydowling,

So the request doesnt even include the Authorization header, not that the value is blank, right?

Well thats a new one on me.

Can you clarify the authorisation scheme being used in your request? Basic auth? OAuth?
When you use (for example) basic auth, the Auth header is dynamically created based on (if i can remember correctly) a base64 encode of the username and password. If for some reason the Authorization header isnt being generated or the value isnt being generated you can hard code the Authorization header (along with the value) to force the presence of the missing Auth header in your request.

When you add the header, make sure you spell it correctly or it wont work.
The reason im saying this is that (im british and you spell Authorization as Authorisation...however, the headers spelling is US english....spelled with the 'z'

Ok, thats it. Force the presence of the header by actually adding an Authorization header and you should be golden!

Nice one,

Rich
  • sonya_m's avatar
    sonya_m
    SmartBear Alumni (Retired)
    4 years ago

    Thanks a lot for the valuable input here Richie🙂

     

    Hi jodydowling! Does this advice help?

    • jodydowling's avatar
      jodydowling
      New Contributor
      4 years ago

      I manually add the header and it appears in the Raw Request, however, I still get the message.  As noted in my original inquiry, this works fine in Postman and worked previously in Ready API.  It broke when the service was moved to AZURE.  I suspect that some security function is stripping out the header, but was looking to see if anyone else has experienced any issues after the services moved to the cloud.

       

      POST https://cplxxxxuture.abc.com/v3/ABCManagement.svc HTTP/1.1
      Accept-Encoding: gzip,deflate
      Content-Type: text/xml;charset=UTF-8
      SOAPAction: "GetABCMetaData"
      Authorization: Bearer eyJhbGciOiJSUzI1UrkpgYaXznJhPNPCEfbnsLJiJYwg
      ClientID: A42F5
      Content-Length: 937
      Host: cpltrainfuture.fnf.com
      Connection: Keep-Alive
      User-Agent: Apache-HttpClient/4.5.2 (Java/12.0.1)