Question

Pega REST service recording 401 response code though it is serving with http code 200

I have a service where it responds for an inbound request coming from different application.

Though everything look normal, in access logs there is additional response recording with http code 401 as below (altered the service names for security purpose). Could someone please suggest where it might go wrong in Pega?

163.166.211.21 [30/Jul/2019:10:45:50 +0100] HTTP/1.1 8080 POST /prweb/PRRestService/abcd/x2/cases 401 - 82 - POST /prweb/PRRestService/abcd/x2/cases HTTP/1.1
163.166.211.21 [30/Jul/2019:10:45:52 +0100] HTTP/1.1 8080 POST /prweb/PRRestService/abcd/v2/cases 201 237 1858 - POST /prweb/PRRestService/abcd/x2/cases HTTP/1.1

here, the response codes highlighted are showing two different responses within 2 seconds interval recorded in access logs.

Comments

Keep up to date on this post and subscribe to comments

July 30, 2019 - 12:05pm

Does your service require authentication? A 401 error code indicates that the request is not authenticated. Typically you have to pass a valid username and password in the Authorization header of the request (see https://en.wikipedia.org/wiki/Basic_access_authentication)

July 31, 2019 - 6:06am
Response to CELLINGER

Yes, My service require authentication and the credentials are correct because there is no denial of service I can see. As I have mentioned in my question, there is http 200 response recording as well immediately after http 401 response in access logs. End user also able to use the service. Only thing puzzling me is why the unauthorized response is being recorded before valid response? Any ways to debug at this level to spot where it is going wrong?

July 31, 2019 - 10:10am

Is the client using preemptive authentication? If not, I believe it will attempt to connect to the resource without the authentication header, detect the 401 error, then connect a second time with the authentication header. Enabling preemptive authentication ensures that authentication is passed every time.

August 1, 2019 - 7:26am
Response to CELLINGER

Thanks for the recommendation @ceillinger. I tried preemprive authenticaiton now but still the same issue occurring.