Hey @vfarmak! Looking at your error code, I notice that it is including CRLF. This means what's being sent is not "authorization_code", but "authorization_code\r\n". 

Three options to fix it:

1. Fastest: Add recfm=n to your pbody filename statement:

filename pbody temp recfm=n;

If we write this file out both with and without recfm=n, you'll notice that the file without recfm=n has a carriage return:

Whereas the one with recfm=n does not:

This prevents sending CRLF within your payload.

2. Recommended: Use the form option in PROC HTTP to create name-value pairs and automatically URL encode values:

%let auth_code=xxx;
%let client_id=yyy;
%let client_secret=zzz;

filename tokresp temp;
filename hedresp temp;

proc http
    url="https://oauth2.googleapis.com/token"
    method="POST"
    ct="application/x-www-form-urlencoded"
    in=form(
        "code"="&auth_code"
        "client_id"="&client_id"
        "redirect_uri"="urn:ietf:wg:oauth:2.0:oob"
        "grant_type"="authorization_code"
    )
    out=tokresp
    headerout=hedresp
    headerout_overwrite;
run;

3. Less-preferred: write your payload to the in option directly with a macro variable, but that gets a bit harder to read, and you'll still need to URL encode anything that needs it.

%let auth_code=xxx;
%let client_id=yyy;
%let client_secret=zzz;
%let payload=code=&auth_code%nrstr(&)client_id=&client_id%nrstr(&)redirect_uri=urn:ietf:wg:oauth:2.0:oob%nrstr(&)grant_type=authorization_code;

filename tokresp temp;
filename hedresp temp;

proc http
    url="https://oauth2.googleapis.com/token"
    method="POST"
    in="&payload"
    ct="application/x-www-form-urlencoded"
    out=tokresp
    headerout=hedresp
    headerout_overwrite;
run;

Thank your @Stu_SAS for your reply.

I tried the 2nd solution and it still gives me HTTP 404:Bad Request.

I have copied and paste the code in a Notepad++ and checked for \r\n characters (basically I confirmed that when I use the let statement in SAS code, no \r\n occurs. Used the solution and produced the below log

1                                                          The SAS System                               10:52 Monday, March 23, 2026

1          ;*';*";*/;quit;run;
2          OPTIONS PAGENO=MIN;
3          %LET _CLIENTTASKLABEL='Retrieve Data 3';
4          %LET _CLIENTPROCESSFLOWNAME='Process Flow';
5          %LET _CLIENTPROJECTPATH='C:\Users\Vasilios.Farmakiotis\OneDrive - Generali Hellas Insurance Company SA\Projects\29.
5        ! Google Analytics Cloud\Snoopy\Google Analytics 4.egp';
6          %LET _CLIENTPROJECTPATHHOST='GHATH7777';
7          %LET _CLIENTPROJECTNAME='Google Analytics 4.egp';
8          %LET _SASPROGRAMFILE='';
9          %LET _SASPROGRAMFILEHOST='';
10         
11         ODS _ALL_ CLOSE;
12         OPTIONS DEV=SVG;
13         GOPTIONS XPIXELS=0 YPIXELS=0;
14         %macro HTML5AccessibleGraphSupported;
15             %if %_SAS_VERCOMP_FV(9,4,4, 0,0,0) >= 0 %then ACCESSIBLE_GRAPH;
16         %mend;
17         FILENAME EGHTML TEMP;
18         ODS HTML5(ID=EGHTML) FILE=EGHTML
19             OPTIONS(BITMAP_MODE='INLINE')
20             %HTML5AccessibleGraphSupported
21             ENCODING='utf-8'
22             STYLE=HTMLBlue
23             NOGTITLE
24             NOGFOOTNOTE
25             GPATH=&sasworklocation
26         ;
NOTE: Writing HTML5(EGHTML) Body file: EGHTML
27         
28         /* Parameteres for proc http */
29         %let auth_code=xxx;
30         %let client_id=yyy;
31         %let client_secret=zzz;
32         
33         /* filenames */
34         filename tokresp temp;
35         filename hedresp temp;
36         
37         proc http
38            url="https://oauth2.googleapis.com/token"
39            method="POST"
40            ct="application/x-www-form-urlencoded"
41            in=form(
42                "code"="&auth_code"
43                "client_id"="&client_id"
44                "redirect_uri"="urn:ietf:wg:oauth:2.0:oob"
45                "grant_type"="authorization_code"
46            )
47            out=tokresp
48            headerout=hedresp
49            headerout_overwrite;
50         run;

NOTE: 400 Bad Request
NOTE: PROCEDURE HTTP used (Total process time):
      real time           0.07 seconds
      user cpu time       0.00 seconds
      system cpu time     0.00 seconds
2                                                          The SAS System                               10:52 Monday, March 23, 2026

      memory              461.37k
      OS Memory           22108.00k
      Timestamp           03/23/2026 11:06:34 AM
      Step Count                        27  Switch Count  0
      

51         
52         %LET _CLIENTTASKLABEL=;
53         %LET _CLIENTPROCESSFLOWNAME=;
54         %LET _CLIENTPROJECTPATH=;
55         %LET _CLIENTPROJECTPATHHOST=;
56         %LET _CLIENTPROJECTNAME=;
57         %LET _SASPROGRAMFILE=;
58         %LET _SASPROGRAMFILEHOST=;
59         
60         ;*';*";*/;quit;run;
61         ODS _ALL_ CLOSE;
62         
63         
64         QUIT; RUN;
65         

I don't know whether it is the credential type or something else (below is the screenshot).

I will try to create another client ID (not a desktop one) to see if this is the case.

Did PROC HTTP write anything to the out file? That can help determine what went wrong in the request.

Hi @Stu_SAS 

I am still working on it. I have read that I need to setup a service account (because I will access with proc http the GA4 and ingest the data via the SAS DI Studio / SAS Enterprise Guide - ETL process).

I will ping you when I get some progress. There is a JWT option that needs to be setup with SAS Datastep (9.4M8 installation here).

As soon I get a result, I will let you know.

Hi @Stu_SAS 

I had to rework on the following things:

• Create a service account in GA4 (since this will be used for ETL extraction from SAS)
• Associate the application in google analytics with the google cloud console service account via service account's email
• Got the JSON file from GA4 and read in SAS Enterprise Guide (Step 1)
• I had then to retrieve the access token from google by using python code (I tried with SAS but I couldn't deal with the base encoding 64 URL and got errors while parsing the private key from JSON (there were non legit characters) (Step 2)
• Last but not least, while I retrieved the access token I used the proc http method and returned results (Step 3)

Below you will see the code in Steps.

/* Step 1 */
filename keyfile "C:\Users\Vasilios.Farmakiotis\Documents\Work\GA4\mobilehub-greece-3e8f337fe225.json";
libname keyjson json fileref=keyfile;

data svc;
    set keyjson.root;
    call symputx("PRIVATE_KEY", private_key);
    call symputx("CLIENT_EMAIL", client_email);
    call symputx("TOKEN_URI", token_uri);
run;

/* Step 2 */
/* Call Python script to generate token */
options noxwait noxsync;

/* Adjust path as needed */
x "python C:\Users\Vasilios.Farmakiotis\Documents\Work\GA4\get_ga4_token.py";

/* Read token from access_token.txt */
filename tok "C:\Users\Vasilios.Farmakiotis\Documents\Work\GA4\access_token.txt";

data _null_;
    infile tok;
    input;
    call symputx("ACCESS_TOKEN", _infile_);
run;

%put &=ACCESS_TOKEN;

/* Step 3 */
filename ga4req temp;
filename ga4resp temp;

/* Request body */
data _null_;
    file ga4req;
    put '{';
    put '  "property": "properties/999999999",';
    put '  "dateRanges": [{"startDate":"7daysAgo","endDate":"today"}],';
    put '  "metrics": [{"name":"activeUsers"}],';
    put '  "dimensions": [{"name":"country"}]';
    put '}';
run;

proc http
    method="POST"
    url="https://analyticsdata.googleapis.com/v1beta/properties/999999999:runReport" in=ga4req out=ga4resp; headers "Authorization" = "Bearer &ACCESS_TOKEN" "Content-Type" = "application/json"; run; libname ga4 json fileref=ga4resp;

I am still working on it. 

I will let you know.