topic Re: Proc HTTP 401 Unauthorized in SAS Procedures

Proc HTTP 401 Unauthorized

CR-Horton — Sun, 12 Dec 2021 01:08:26 GMT

Hello,

I am having some issues with proc http. In particular I am trying to access an API endpoint, but getting a 401 unauthorized error. I have got this to work in Python, but not SAS. Is there anything in my code below that does not look correct? Do I need to somehow pass the client_id and client_secret? When I debug it I see something like " X-Auth-Token header is required"

%let accesskey=XXXXXXXXXXXXXXXXXXXXX;
%let client_id=XXXXXXXXXXXXXXXXXXXXXXXXX;
%let client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;

%let fullurl=https://api.bigcommerce.com/stores/XXXXXXXX/v3/catalog/products;

filename BC_Prod temp;

proc http
url= "&fullurl."
method="GET" out=BC_Prod;
headers
"Authorization"="Bearer &accesskey."
debug level=3;
run;

Thanks in advance and apologies if I am clearly missing something!

Re: Proc HTTP 401 Unauthorized

Sajid01 — Sun, 12 Dec 2021 15:18:49 GMT

Can we see the log please?

Re: Proc HTTP 401 Unauthorized

ballardw — Sun, 12 Dec 2021 17:21:06 GMT

Did make a version of the code with NO macro variables before attempting the macro version?

If not, that is the first thing to do.

Re: Proc HTTP 401 Unauthorized

Sajid01 — Sun, 12 Dec 2021 19:40:51 GMT

Hello @CR-Horton

1. The error code 401 means authorisation has failed / access denied.
Please make sure that the SAS code and Python code are being executed with the same userid;

2.It will be good if you verify your syntax. Is the semicolon after out=BC_Prod; correctly placed ?
Please try moving it after authorisation as "Authorization"="Bearer &accesskey." ;

The details and examples are available here https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/proc/n0bdg5vmrpyi7jn1pbgbje2atoov.htm

Re: Proc HTTP 401 Unauthorized

Tom — Sun, 12 Dec 2021 21:05:33 GMT

You seem to be missing a semi-colon. You should have separate PROC, HEADERS and DEBUG statements.

Use indentation to make this clearer to the humans reading/editing the program.

filename BC_Prod temp;

proc http
  url= "&fullurl."
  method="GET" 
  out=BC_Prod
;
  headers "Authorization"="Bearer &accesskey." ;
  debug level=3;
run;

Re: Proc HTTP 401 Unauthorized

ChrisHemedinger — Mon, 13 Dec 2021 12:31:04 GMT

You show the macro variable assignments for client_id and client_secret, but these are not referenced in your PROC HTTP code so they wouldn't be passed. Now, maybe the access_token is all you need (often the case) because the other credentials have already been exchanged in order to get that.

Is your Python environment on the same machine/network as your SAS environment? Perhaps you also need to specify a proxy host from your SAS environment to reach the internet. Try this test program from your SAS environment to make sure things are working.

Re: Proc HTTP 401 Unauthorized

CR-Horton — Mon, 13 Dec 2021 17:50:24 GMT

Yes, I did, but get the same sort of error message.

Re: Proc HTTP 401 Unauthorized

CR-Horton — Mon, 13 Dec 2021 17:52:03 GMT

Thanks for your reply. The semicolon placement if correct so that is not the issue. See: https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/proc/p0az1lwh6i73b1n1bianqjpgoek0.htm#p0az1lwh6i73b1n1bianqjpgoek0

Re: Proc HTTP 401 Unauthorized

CR-Horton — Mon, 13 Dec 2021 17:53:37 GMT

Thanks, Tom.

You are correct about the missing semicolon, but that didn't seem to address the main issue I am having.

Re: Proc HTTP 401 Unauthorized

CR-Horton — Mon, 13 Dec 2021 18:08:01 GMT

Hi Chris,

Correct, the client_id & client_secret are not referenced. I was doing some testing with those, but they are not relevant to the code I shared.

I ran the test program no problem.

Python is on the same machine and running some simple code such as this gets me what I need:

import http.client
conn = http.client.HTTPSConnection("api.bigcommerce.com")
headers = { 'x-auth-token': "XXXXXXXXXXXXXXXXXXXXXXXXXX" }
conn.request("GET", "/stores/XXXXXXX/v3/catalog/products", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

Here is the SAS log for reference:
1842 %let accesskey=XXXXXXXXXXXXXXXX;
1843
1844 %let
1844! fullurl=https://api.bigcommerce.com/stores/XXXXXXXX/v3/c
1844! atalog/products;
1845
1846 filename BC_Prod temp;
1847
1848 proc http
1849 url= "&fullurl."
1850 method="GET" out=BC_Prod;
1851 headers
1852 "Authorization"="Bearer &accesskey.";
1853 debug level=3;
1854 run;

> GET /stores/XXXXXXX/v3/catalog/products HTTP/1.1
> User-Agent: SAS/9
> Host: api.bigcommerce.com
> Accept: */*
> Connection: Keep-Alive
> Authorization: ************
>
< HTTP/1.1 401 Unauthorized

< Content-Type: text/plain; charset=UTF-8

< Transfer-Encoding: chunked

< Connection: keep-alive

< X-Request-ID: 85aafd01402485585ccb34caf2379a4b

< Strict-Transport-Security: max-age=31536000;
includeSubDomains

<

< 000001DC9E0E01CE: 58 2D 41 75 74 68 2D 54 6F 6B 65 6E 20 68
65 61 X-Auth-Token hea
< 000001DC9E0E01DE: 64 65 72 20 69 73 20 72 65 71 75 69 72 65
64 der is required
NOTE: 401 Unauthorized
NOTE: PROCEDURE HTTP used (Total process time):
real time 0.27 seconds
cpu time 0.01 seconds

Re: Proc HTTP 401 Unauthorized

ChrisHemedinger — Mon, 13 Dec 2021 20:06:13 GMT

In Python you used x-auth-token as the header key. So why not try this HEADERS statement:

headers "x-auth-token"="&accesskey.";

Re: Proc HTTP 401 Unauthorized

CR-Horton — Mon, 13 Dec 2021 20:29:35 GMT

That did it! Appreciate the help!