HELP: Unable to request bearer token (401) [VB]


#1

Hi there,

I’m new to this whole API business and I’m trying to implement it into a school project. I have no issues using the bearer token, but more so in obtaining it. I have followed the tutorial at https://opendata.transport.nsw.gov.au/site/en_us/gs-api-basics.html, but have been unable to do the POST command.

I’m developing in VB.Net and have had no problems with using GET to actually fetch data from the API using a bearer token, but for some reason when I try to POST for the bearer I get “The remote server returned an error: (401) Unauthorized.” Now I have done the confidential and scope settings like the tutorial has stated and I’m sure my token is correct, but for some reason I keep getting the 401. Currently, I’m just using the opendata website to generate a bearer token but it expires and it’s a pain to generate another one manually. Here’s the code (this isn’t the real problem at the moment):

    Dim requests As HttpWebRequest
    Dim response As HttpWebResponse
    requests = CType(WebRequest.Create(https://xxx:yyy@api.transport.nsw.gov.au/auth/oauth/v2/token?grant_type=client_credentials&scope=user), HttpWebRequest)
    requests.ContentLength = 0
    requests.Method = "POST"
    Dim requeststream As Stream = requests.GetRequestStream
    response = CType(requests.GetResponse(), HttpWebResponse)
    Return New StreamReader(response.GetResponseStream()).ReadToEnd

I then tried to use some REST clients on chrome (Postman and Advanced Rest Client) to try do the POST. The command looks like: https://xxxxx:yyyyy@api.transport.nsw.gov.au/auth/oauth/v2/token?grant_type=client_credentials&scope=user (same as in the tutorial). The advanced REST client shows this as the source message:

POST /auth/oauth/v2/token?grant_type=client_credentials&scope=user
HOST api.transport.nsw.gov.au
content-length: 0

For the response, I receive:
{
“error”: “invalid_client”
“error_description”: “The given client credentials were not valid”
}

Now, I know the credentials are valid, so I guess it’s something to do with the POST cause it loses the @. I’m not really familiar with this API business so I have absolutely no idea especially when it comes to more cURL commands. Any assistance would be greatly appreciated! Cheers


#2

If it doesn’t work on Postman I’m guessing it’s not a VB issue, then. Did you follow the instructions on this page? Specifically:

  • Set a callback URL
  • Set scope to user
  • Set application type to confidential

#3

Thanks for your reply!

I can confirm that those were already set. I have since resolved the issue by moving the key and secret into the header instead of having them in the notation that the guide suggests. This seems to only apply to certain applications… Oh well.

Cheers


#4

Ahh strange… so it works using Authorization: Basic [b64 encoded API key/secret combination]?