Hi @dennis_oz ,

it would seem to me as the SSL handshake is failing between the webpage security and the certificates available in the Java certificate store used by your SAS 9.3 installation.

Here is what you and your IT teams need to do:

1- get the certificate path (individual certifiicates) from the webpage. Y0u can do this with Internet Explorer or Chrome. The certificates must be saved in PEM base64 format.

2- locate the Java JRE used by your SAS 9.3 installation.

3- Import those certificates into the certificate store of that Java installation, with a java tool named keytool. 

4- Just to be sure, install those certificates as well in your machine certificate store, where SAS runs

When you import  certificates, use the same order as in the path. First the CA certificate, then intermediates, and finally the end certificate.

Once you do this, your code should not give a PKIX error anymore.

Best regards,

Juan 

Hi @JuanS_OCS , @joeFurbee ,@alexal ,@h-elmu-t
I am giving a crack at something else i found over here

https://communities.sas.com/t5/Developers/Authentication-OAuth-2nd-PROC-HTTP-fails/m-p/640008#M733

I am supposed do something like this as per the instructions from the owner of the API

filename resp temp;

proc http url="https://mysasserver.net:443/SASLogon/oauth/token"
method='post'
in="grant_type=password%nrstr(&username=)&USERNAME.%nrstr(&password=)&PASSWORD."
username="&CLIENT_ID."
password="&CLIENT_SECRET."
out=resp
auth_basic verbose;
debug level=3;
run;

libname tokens json "%sysfunc(pathname(resp))";
%global ACCESS_TOKEN;

proc sql noprint;
select access_token into:ACCESS_TOKEN, from tokens.root;
quit;

%let username='SVCTESTCRMAUTOXX';
%let password=XXXXXXX;

31         proc http url="https://XXXXXXX/wfo/rest/core-api/auth/token"
32         	method='post'
33         	in="grant_type=password%nrstr(&username=)&USERNAME.%nrstr(&password=)&PASSWORD."
NOTE: Line generated by the macro variable "PASSWORD".
33         "grant_type=password&username='SVCTESTCRMAUTOXX'&password=XXXXXXX
           __________________________________________________________________________
           22
ERROR 22-322: Expecting a name.  

34         	username="&CLIENT_ID."
WARNING: Apparent symbolic reference CLIENT_ID not resolved.
NOTE: Line generated by the macro variable "PASSWORD".
33         "grant_type=password&username='SVCTESTCRMAUTOXX'&password=XXXXXXX
           __________________________________________________________________________
           76
ERROR 76-322: Syntax error, statement will be ignored.

35         	password="&CLIENT_SECRET."
WARNING: Apparent symbolic reference CLIENT_SECRET not resolved.
36         	out=resp
37         	auth_basic verbose;
38         	run;

I only have username , url and password .  I have no idea of a grant_type. any pointers will be appreciated 😅

Hi @dennis_oz,

To run the proc http code in the example is requesting an access token from SAS Viya. In order to fulfill the request, you need to register your client and use the clientid and clientsecret in the username and password parameters.

There are multiple articles and tools you can use to register the client. Here are a couple of resources:

Registering Clients

Authentication to SAS Viya: a couple of approaches

Add These Tools to Your SAS Viya Developer's Toolbox

The one-click SAS Viya Token Generator

In the end you can test out your code and see the results of for the access token, using grant_type=password, with the following code:

proc http url="http://mysasserver.sas.com/SASLogon/oauth/token" 
method="POST" 
auth_basic
username="myclientid"
password="myclientsecret"
in='grant_type=password&username=sasuser&password=saspassword'
headerout=hdrs
headerout_overwrite
out=out;
headers "Accept"="application/json";
run;

data _null_;
  rc = jsonpp('out','log');
run;