Getting 401 unauthorized error in web rest API creating new case


Hello everybody,

I'm having a similar issue as the one described in this question:

I'm trying to instantiate a testing process, on ACME organization with the user walter.bates. I can do it using the portal UI, but through the API REST I'm getting 401 unauthorized error.

Thanks in advance,

1 answer



Which tool are you using the execute the REST call? You have to make sure that the correct headers and cookies are passed along the call.



Submitted by gonzalo on Tue, 11/14/2017 - 20:13

Hi Lionel, and thank you for answering.
I'm using Postman, as I've seen in some tutorials over the internet.
At first I'm calling loginservice and then the endpoint I want to test.
In cookies there are three of them, JSESSIONID, bonita.tenant and X-Bonita-API-Token.
¿Is there something I'm missing?
Other endpoints, like identity/user and bpm/case/case# are working well.


Submitted by Lionel Palacin on Tue, 11/14/2017 - 22:01


Yes there is one tricky point: X-Bonita-API-Token

You have to have this token in both the cookies and the headers.

So your header would look like this:

Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate Accept-Language:en Cache-Control:no-cache Connection:keep-alive Cookie:bonita.tenant=1; JSESSIONID=CB38F1835009338520C0304423053E66; X-Bonita-API-Token=c3039d3c-16e0-47eb-a6c4-eb28967a1eaf; BOS_Locale=en X-Bonita-API-Token:c3039d3c-16e0-47eb-a6c4-eb28967a1eaf

Submitted by gonzalo on Fri, 11/24/2017 - 12:41

Hi Lionel, and thank you very much. It works!
Now I'm having another issue, but I think is better open a new thread.