Skip to Main Content

ORDS, SODA & JSON in the Database


For appeals, questions and feedback, please email

auth/token API resulting in 401 Unauthorized response


I am trying to protect my Rest API's that we have in the ORDS. I followed the steps as per the below documentation. Createded new role, privilege's, Client and also retrived the clientID and client Secret. When I tried to access the below url it responds with 401 Unauthorized. I used the respective clientID ,clientSecret ,hostname. I am not sure what is missing here. Can anyone please help in this regard ?


curl -i --user DSICR72xtZroyQt0PaCB_Q..:GGSi4KSacnGyqTw7qFaAqQ.. --data "grant_type=client_credentials" <hostname>/ords/ngcc_dwh/oauth/token

Response :

HTTP/1.1 401 Unauthorized
Date: Wed, 04 Oct 2023 07:30:07 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Content-Length: 1468
WWW-Authenticate: Basic realm="weblogic"
X-Content-Type-Options: nosniff
X-ORACLE-DMS-ECID: 0061hvu0EvX5aah_x9h8iW0004iO001CQd
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8

<TITLE>Error 401--Unauthorized</TITLE>
<BODY bgcolor="white">
<FONT FACE=Helvetica><BR CLEAR=all>
<TABLE border=0 cellspacing=5><TR><TD><BR CLEAR=all>
<FONT FACE="Helvetica" COLOR="black" SIZE="3"><H2>Error 401--Unauthorized</H2>
<TABLE border=0 width=100% cellpadding=10><TR><TD VALIGN=top WIDTH=100% BGCOLOR=white><FONT FACE="Courier New"><FONT FACE="Helvetica" SIZE="3"><H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
</FONT><FONT FACE="Helvetica" SIZE="3"><H4>10.4.2 401 Unauthorized</H4>
</FONT><P><FONT FACE="Courier New">The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.</FONT></P>


Post Details
Added on Oct 4 2023