Hi
May I ask someone to help me with following code?
%let url=xxx;
%let token=_very_long_token_;
filename out temp;
proc http
url="&url"
method="GET"
out=out;
headers "Authorization" = "Token token = &token" ;
run;
%put Received code: &SYS_PROCHTTP_STATUS_CODE.;
%put Received phrase: &SYS_PROCHTTP_STATUS_PHRASE.;
It which gives result:
%put Received code: &SYS_PROCHTTP_STATUS_CODE.;
Received code: 401
%put Received phrase: &SYS_PROCHTTP_STATUS_PHRASE.;
Received phrase: Unauthorized
When the same is done in bash, it works correctly:
url=xxx;
token=_very_long_token_;
curl -k -H "Authorization: Token token=\"$token\"" "$url"
Why the SAS code does not work identically to the bash?
Are you certain the form is "Authorization: Token token <token-value>" ? And not just "Authorization: Token <token-value>" ?
I've seen a lot of APIs and token schemes, but using the token keyword twice and then the actual token seems odd.
Oh, also your bash script puts the token value in quotes, but your SAS code does not have that. Maybe you need something like:
headers "Authorization" = "Token token = ""&token""" ;
Chris, thank you for the suggestions!
"Token token = ": I'm not completely sure about it, but since it works in bash, it should be correct.
Quotes: Yes, I know about this difference, but I've already tried your suggestion, as well as (one by one and a few other modifications how to pass the quotes):
%let token=%22&token%22;
%let token=%str(%")&token%str(%");
%let token=%bquote(")&token%bquote(");
Nothing works. Sorry, I should have mentioned that in my original post.
You can try the DEBUG LEVEL=3; statement on PROC HTTP to maybe get more details about what is being sent. Also, since you are using the -k flag on curl, maybe you need this statement in PROC HTTP:
SSLPARMS "SSLREQCERT"="ALLOW";
Do you suggest
proc http
url="&url"
method="GET"
out=out;
headers "Authorization" = "Token token = ""&token""" ;
SSLPARMS "SSLREQCERT"="ALLOW";
DEBUG LEVEL=3;
run;
?
If my syntax is correct (I haven't found an example of the SSLPARMS usage), it makes no difference. The debug level of 3 procudes:
> GET /XXX/YYY/ZZZ HTTP/1.1 > User-Agent: SAS/9 > Host: XXX > Accept: */* > Connection: Keep-Alive > Authorization: ************ > < HTTP/1.1 401 Unauthorized < server: nginx < date: Wed, 02 Aug 2023 14:41:52 GMT < content-type: text/plain < content-length: 21 < cache-control: no-cache < x-request-id: ea3c2385-fcf4-4a21-9df0-69ade9a4b6c7 < x-runtime: 0.000492 < < 00007F765802B461: 41 75 74 68 6F 72 69 7A 61 74 69 6F 6E 20 6D 69 Authorization mi < 00007F765802B471: 73 73 69 6E 67 ssing NOTE: PROCEDURE HTTP used (Total process time): real time 0.00 seconds cpu time 0.00 seconds Received code: 401 Received phrase: Unauthorized
Url and the host are correct and identical to the bash, I just don't want to share it unless really necessary.
I also tried various options of quoting the token, no success.
Is it a documented API that we can see somewhere? Or something that's internal/proprietary. Sometimes by looking at API doc I can work out the magic incantation.
Ok, if you are willing to dig into the topic, I'm trying to use conjure api with the token: https://docs.conjur.org/Latest/en/Content/Developer/Conjur_API_Authenticate.htm?tocpath=Developer%7C...
It's equivalent of the last example without the certificate (it works without it in bash, see my original post).
curl --cacert <certfile> \ -H "Authorization: Token token=\"$response\"" \ <url>
I haven't found any example for the conjure API with SAS.
The token has been previously obtained by another proc http and coded to base64. This should be correct, because when I copy-paste the token obtained in SAS to the shell script, it also works (when not using a "hard-copy" of the token, the bash script downloads the token itself as well).
There is a limited time validity of the token; but, of course, I'm sure that all the time I'm using a valid one, which was downloaded right before this proc http.
Edit: This may be slightly more appropriate: https://docs.conjur.org/Latest/en/Content/Developer/Conjur_API_Retrieve_Secret.htm?tocpath=Developer... (obtaining a password, the authentication is used as shown above)
It may be that your curl/bash environment was finding the cert via normal environment variables that were not available in your SAS session.
Registration is now open for SAS Innovate 2025 , our biggest and most exciting global event of the year! Join us in Orlando, FL, May 6-9.
Sign up by Dec. 31 to get the 2024 rate of just $495.
Register now!
Learn how use the CAT functions in SAS to join values from multiple variables into a single value.
Find more tutorials on the SAS Users YouTube channel.
Ready to level-up your skills? Choose your own adventure.