https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512586#M21998 <P>As a sense check, do you have the right scopes applied on that token - it looks like you might be requesting a non-Qlik scope in that example?</P> <P>Ref:&nbsp;<A href="https://qlik.dev/authenticate/oauth/scopes/" target="_blank">https://qlik.dev/authenticate/oauth/scopes/</A></P> Tue, 01 Apr 2025 13:13:03 GMT Dave_Channon 2025-04-01T13:13:03Z https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512377#M21991 <P>I am trying to call the endpoint 'api/v1/users/me' in my Javascript application however I get a 401 error.<BR />Prior to this, I get an access token via oAuth and this is stored in session storage. I then call this endpoint and pass in the access token, however I get the 401 error. I have also tried to use the API Key in my code and it does not work. I copied the access token that that gets given to me and I try to use it to call the same endpoint in postman and I still get the 401 error.<BR /><BR /></P> <LI-CODE lang="javascript"> const getUserData = async (token: string) =&gt; { const accessToken = sessionStorage.getItem('qlikAccessToken'); try { const userInfoUrl = 'https://my-tenant.us.qlikcloud.com/api/v1/users/me'; const response = await fetch(userInfoUrl, { method: 'GET', headers: { 'Authorization': `Bearer ${accessToken}`, 'Accept': 'application/json', 'Content-Type': 'application/json' }, }); if (!response.ok) { throw new Error(`HTTP error! Status: ${response.status}`); } const userData = await response.json(); console.log('User Data:', userData); } catch (error) { console.error('Error fetching user data:', error); } };</LI-CODE> Mon, 31 Mar 2025 14:44:35 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512377#M21991 jcampbel1 2025-03-31T14:44:35Z https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512405#M21992 <P>can you show the call and body you used to generate the token?</P><P>-Rob</P> Mon, 31 Mar 2025 18:36:21 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512405#M21992 rwunderlich 2025-03-31T18:36:21Z https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512418#M21993 <P>hello, here is how i generate the token.<BR /><BR /></P> <LI-CODE lang="javascript"> const redirectToQlikAuth = async () =&gt; { const clientId = 'my-client-id'; // Consider moving to environment variables const redirectUri = encodeURIComponent(process.env.REACT_APP_REDIRECT_URI || 'http://localhost:3000/CDO-DA/build/redirect'); const state = crypto.randomUUID(); const codeVerifier = generateCodeVerifier(); const codeChallenge = await generateCodeChallenge(codeVerifier); sessionStorage.setItem('qlikAuthState', state); sessionStorage.setItem('codeVerifier', codeVerifier); const qlikAuthUrl = `https://my-tenant.us.qlikcloud.com/oauth/authorize?` + `response_type=code&amp;` + `client_id=${clientId}&amp;` + `redirect_uri=${redirectUri}&amp;` + `state=${state}&amp;` + `code_challenge=${codeChallenge}&amp;` + `code_challenge_method=S256&amp;` + `scope=user.profile`; window.location.href = qlikAuthUrl; }; const generateCodeVerifier = () =&gt; { const array = new Uint32Array(56 / 2); window.crypto.getRandomValues(array); return Array.from(array, dec =&gt; ('0' + dec.toString(16)).substr(-2)).join(''); }; const generateCodeChallenge = async (codeVerifier: string) =&gt; { const encoder = new TextEncoder(); const data = encoder.encode(codeVerifier); const digest = await window.crypto.subtle.digest('SHA-256', data); return btoa(String.fromCharCode(...Array.from(new Uint8Array(digest)))) .replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, ''); };</LI-CODE> Mon, 31 Mar 2025 20:13:54 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512418#M21993 jcampbel1 2025-03-31T20:13:54Z https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512429#M21994 <P>I believe you need to then exchange the authorization code for a token using&nbsp;<A href="https://qlik.dev/apis/rest/oauth/#post-oauth-token" target="_blank" rel="noopener"><SPAN class="">POST</SPAN></A><SPAN class=""><A href="https://qlik.dev/apis/rest/oauth/#post-oauth-token" target="_blank" rel="noopener"><SPAN>/oauth</SPAN></A><SPAN><A href="https://qlik.dev/apis/rest/oauth/#post-oauth-token" target="_blank" rel="noopener">/token</A>. with an&nbsp;<FONT face="courier new,courier">oauth-authorization-code-request</FONT>. See&nbsp;<A href="https://www.qalyptus.com/blog/setting-up-qlik-oauth-for-authentication" target="_blank" rel="noopener">https://www.qalyptus.com/blog/setting-up-qlik-oauth-for-authentication</A>&nbsp;for a good overview and example.</SPAN></SPAN></P><P>-Rob<BR /><A href="http://www.easyqlik.com" target="_blank" rel="noopener">http://www.easyqlik.com</A><BR /><A href="http://masterssummit.com" target="_blank" rel="noopener">http://masterssummit.com</A><BR /><A href="http://qlikviewcookbook.com" target="_blank" rel="noopener">http://qlikviewcookbook.com</A></P> Mon, 31 Mar 2025 21:17:55 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512429#M21994 rwunderlich 2025-03-31T21:17:55Z https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512498#M21997 <P><a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/6148">@rwunderlich</a>&nbsp;, my code does this in the callback method. I get the token from the post endpoint. I then try to call the 'api/v1/users/me' endpoint passing in the Bearer token into the authorization and I am given the following error:<BR /><BR /></P> <LI-CODE lang="markup">"errors":[{"code":"USERS-7","status":404,"title":"Not found"}]}</LI-CODE> <P>&nbsp;</P> Tue, 01 Apr 2025 09:24:11 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512498#M21997 jcampbel1 2025-04-01T09:24:11Z https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512586#M21998 <P>As a sense check, do you have the right scopes applied on that token - it looks like you might be requesting a non-Qlik scope in that example?</P> <P>Ref:&nbsp;<A href="https://qlik.dev/authenticate/oauth/scopes/" target="_blank">https://qlik.dev/authenticate/oauth/scopes/</A></P> Tue, 01 Apr 2025 13:13:03 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512586#M21998 Dave_Channon 2025-04-01T13:13:03Z https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512611#M22000 <P>that was the issue, it works now! thanks</P> Tue, 01 Apr 2025 14:13:50 GMT https://community.qlik.com/t5/Integration-Extension-APIs/Getting-401-Unauthorized-error-when-calling-Qlik-api-endpoint/m-p/2512611#M22000 jcampbel1 2025-04-01T14:13:50Z