Passing an invalid or expired access token now returns HTTP 401 instead of HTTP 500 (v.22, breaking change)

Not quite a breaking change, but in some specific scenarios it may be.

In short, before when an invalid or expired access token was passed this way:

GET /api/domain/odata/Crm_Customers?$top=10 HTTP/1.1
Host: demodb.my.erp.net
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2NTQwNzA5MTQsImV4cCI6MTY1NDA3NDUxNCwiaXNzIjoiSGVsbG8gZnJvbSBteSBJZCBzZXJ2ZXIiLCJhdWQiOlsiRG9tYWluQXBpIiwic2VjIiwidXBkYXRlIl0sImN1c3RvbV9jbGFpbSI6IkhlbGxvLCBob3cgaXMgaXQiLCJjbGllbnRfaWQiOiJpbnRlcm5hbC5hcGkuZGJob3N0L2FwaSIsImNsaWVudF9zeXN0ZW1fdXNlciI6InVzZXIiLCJjbGllbnRfZGIiOiJFMV9ERVYiLCJqdGkiOiJZYU44WTNzVTVWNm9xN3VxNjVuSTFBIiwic2NvcGUiOlsiRG9tYWluQXBpIiwic2VjIiwidXBkYXRlIl19.Pzut0EC0ghG6Joy17VYPgq4X8eysEy9fMu01u61w9Nk

the following error was returned:

500 Internal Server Error

This is not a very informative response code, is it? That's why the error is now returned as:

401 Unauthorized

Far more self-descriptive.

Does this change affect me?

Yes, if you have error handling for such a scenario and you expect to receive exactly HTTP 500.

What to do if this change affects me?

Just adapt your error handling to HTTP 401.

---

More information is available in our official documentation:

https://docs.erp.net/dev/domain-api/authentication.html

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk