Skip to main content

*** Archive *** How to pre-emptively HTTP authenticate REST and SOAP calls from a robot

Article # 3028749 - Page views: 256


Question / Problem: 

A robot uses a CallREST step to run a request on a REST/SOAP API. The step fails because of authentication problems (e.g. error 401) even though the step configuration contains the correct credentials.

Answer / Solution: 

Before applying the workaround below, please make sure that this is indeed the case: use Browser Tracer to trace the REST/SOAP request and verify that the request that got denied doesn't contain an Authorization header (in the request headers).

If the header is not there then it's possible that the REST/SOAP API expects the client (robot, in this case) to send the authorization header together with the request and does not challenge back the request. If this is the case, and the API accepts Basic authentication (this can be verify in the API documentation or by using another REST/SOAP client where the authorization can be configured in the same request) follow the steps below to configure the robot to send it:

  • Open the configuration of the Call REST /SOAP step
  • On the All Loading tab scroll down to "Additional Headers to send" and click the + button to add a new header
  • Switch to Expression mode
  • Use the expression below:

    "Authorization: Basic "+base64Encode(textToBinary(username+":"+pwd))

    Note1 : 'username' and 'pwd' are the variables containing the username and password required by the REST/SOAP API. Replace these accordingly if using different variable names.
    Note2: The same result can be accomplished using the corresponding converters.

Applies to:  

Product Version



  • Was this article helpful?