This error signifies that the client attempting to access the API endpoint lacks proper authentication or the necessary credentials to obtain the requested resource. In this support article, we'll look into the reasons behind a 401 error and guide you through the steps to resolve it effectively.
Understanding the 401 Error
The HTTP status code 401, also referred to as an "Unauthorized" error, is a clear indication that while the server comprehends the request you've made, it requires you to provide valid authentication credentials before it can grant you access to the desired resource. These credentials might take various forms, such as a username and password, an API key, an API token (as utilised by IriusRisk), or another form of authentication.
Things to Check
Verify Your API Token: One of the common causes of a 401 error is an incorrect or invalid API token. Ensure that the API key you're using is correct and active. Even a small typographical error can lead to authentication failures. You may need to generate a new API token.
Check User Permissions: It's crucial to validate that the user account you're using to make the API request has the appropriate permissions. In particular, confirm that the account possesses the required permission, seen in the Global Permissions as "API_ACCESS." Without the correct permissions, access to the API endpoint will be denied.
Examine Password Expiry: For accounts that use a password for authentication, make sure that the password hasn't expired. If the option for "password expired" is selected within the UI, it can trigger authentication issues. Note: If you're utilizing Single Sign-On (SSO), the "password expired" option might not be visible. In such cases, reaching out to support for further assistance is advisable.
Encountering a 401 error when interacting with API endpoints can be frustrating, but armed with the insights provided in this article, you're now well-equipped to troubleshoot and resolve this issue. By ensuring the correctness of your API key, verifying user permissions, and confirming that your password hasn't expired, you can overcome this hurdle and call API endpoints without any issues.