Symptoms
When connecting a TimeXtender REST data source using OAuth 2.0 authentication, you successfully complete the authentication process. However, when querying an API endpoint, the request fails with an authentication error. The issue occurs because the Authorization header is sent as bearer {accessToken} (with a lowercase "b"), which some API servers (especially those following OpenAPI standards) reject. If you manually change the header to use Bearer (with an uppercase "B") in tools like Postman, the request succeeds.
Cause
The issue is caused by TimeXtender sending the Authorization header with a lowercase "bearer" instead of the required uppercase "Bearer". Some API servers are case-sensitive and expect the exact string "Bearer" as per the OAuth 2.0 specification. Using the incorrect case leads to authentication failures.
Resolution
- In the TimeXtender REST data source setup, locate the field for the Authorization header prefix.
- Manually enter Bearer (with an uppercase "B") in the Header prefix field.
- Save the configuration and test the connection again.
- The API requests should now authenticate successfully, as the Authorization header will be sent as
Authorization: Bearer {accessToken}.
Additional Notes
- This issue is specific to API servers that enforce case sensitivity for the "Bearer" prefix in the Authorization header.
- If you encounter similar issues with other authentication headers, ensure that the header values match the exact case expected by the API server.
Reference Ticket
35667
