"Message: Authentification failed" when using REST with JSON

Thursday, March 20, 2014 2:13:20 AM

When I issue any REST request with Content-Type set to "application/json" in the HTTP header, I always get the following reply from the server:
{"Message":"Authentication failed.","StackTrace":"","ExceptionType":""}

Even with such a message, the request is processed without a problem.

I am testing this in Excel VBA. The following code should reproduce the issue. Please adjust carefully the value for your SpiraTeam configuration.

Public Sub ReproduceJSONContentTypeBug()
    'Issue: When specifying JSON as Content-Type, the server replies
    '{"Message":"Authentication failed.","StackTrace":"","ExceptionType":""}
    Dim BASEURL As String
    Dim PROJECT_ID As Long
    Dim RESSOURCEURL As String
    Dim USERNAME As String
    Dim APIKEY As String
    Dim requestBody As String
    Dim MyRequest As Object
    'Please adjust the following variables following your configuration
    BASEURL = "http://XXXXX/SpiraTeam/Services/v4_0/RestService.svc/"
    RESSOURCEURL = "projects/" & PROJECT_ID & "/incidents"
    'Please adjust ProjectId's value accordingly.
    requestBody = "{""ProjectId"":XX,""Description"":""The server replied: 'Authentication failed.' but the incident was created."",""Name"":""Testing""}"

    'HTTP request
    Set MyRequest = CreateObject("WinHttp.WinHttpRequest.5.1")
    MyRequest.setRequestHeader "username", USERNAME
    MyRequest.setRequestHeader "api-key", APIKEY
    MyRequest.setRequestHeader "Content-Type", "application/json" 'THIS LINE TRIGGERS THE ERRONEOUS SERVER'S REPLY.
    MyRequest.setRequestHeader "Accept", "application/json"
    MyRequest.send (requestBody)
    'The reply is always "{"Message":"Authentication failed.","StackTrace":"","ExceptionType":""}"
    'But the command processed correctly.
    Debug.Print MyRequest.responseText
    MsgBox MyRequest.responseText
End Sub
2 Replies
Friday, March 21, 2014 2:50:23 PM
re: maco on Thursday, March 20, 2014 2:13:20 AM
Hi Maxim
if you leave the Content-Type alone and just send the Accept: application/json header, does it then work?


Friday, March 21, 2014 4:09:35 PM
re: inflectra.jimx on Friday, March 21, 2014
Hi Jim, thank you for your answer.

Removing the Content-Type header didn't work because now the server complained about the message being raw data.

However, the error gave me a hint by telling me that the accepted Content-Type are "Json" or "Xml" (notice the capitalized J).
So I retried with
MyRequest.setRequestHeader "Content-Type", "application/Json"
and it worked without the authentication issue.

Seems like a bug that could be fixed by Inflectra. The error message should tell me exactly what is wrong, not some (inexistant) authentication problem.

This solves my question, thanks again!
  • Started: Thursday, March 20, 2014 2:13:20 AM
  • Last Reply: Friday, March 21, 2014 4:09:35 PM
  • Replies: 2
  • Views: 5323