401 Unauthorized Authentication Error When Making API Requests
The request is rejected with a 401 Unauthorized authentication error when making an API request.
- Application API
- API Requests
- JSON Web Token (JWT)
To ensure that you are minting your JSON Web Token (JWT) correctly, ensure that you are doing the following:
- Generating a valid IAT (issued at time)
- Using the correct application_id
- Using the correct private key associated to the application
Remember: The Private Key is generated only when the application is created using the Application API. This Private Key must be stored securely, as Vonage does not store this. The Private Key should not contain any return characters.
If new public and private keys are generated using the Vonage API Account Dashboard, click Save Changes after the new Public Key and Private Key generation. For some older versions of applications, an extra step of updating the private setting is mandatory before the Save can be done. If this is not done, the new public and key pair are not saved, and you will still encounter an Invalid token issue.
The steps to mint new key pair - Go to Applications --> Edit.
Step2: Update privacy setting for the application (may not be required if it is already filled in)
Step 3: Save Changes
Once Saved, the page should take you back to your application view.
You can validate the key pair by running the command openssl rsa -pubout -in private.key. This will return the public key, which can be validated with the public key available in the application settings.
If you still experience issues authenticating your request, creating a new application and using the new application_id and Private Key to mint your new tokens is recommended.
You can check your JWT at jwt.io. Enter your token and public key to ensure the token is valid and live.
Review your server synchronise time if you experience issues with your established token.
This usually occurs when there is an issue with the JWT in the HTTP header.
For more information on how Vonage APIs use JWTs for authentication, see our developer guide on Authentication using JSON Web Tokens (JWT).
Article is closed for comments.