Automation Testing


By Test Guild
  • Share:
Join the Guild for FREE

Server returned HTTP status code 401:

Since publishing my UFT book The UFT API Testing Manifesto – A step-by-step, hands-on testing guide for the masses, I've received a few emails from folks who are receiving this error message: Server returned HTTP status code 401: Unauthorized while attempting to run their API tests.

More about the 401 Unauthorized error

According to Wikipedia, the 401 Unauthorized message is “401 Unauthorized is similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.[2] The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication.”

Why this 401 error occurs in UFT API

Sometimes the server you're testing against expects to receive authentication information before transport. For this reason, you must add some additional information to your API request's HTTP header. This can be done using custom code in BeforeApplyProtocolSettings event handler.

How to add a username and password to your HTTP Request Header

  • In your test, click on the web service activity on your main canvas area.
  • Under its Properties section, click on the Events icon.

  • Select the Create a default handler…option from the BeforeApplyProtocolSettings event.

  • In the TestUserCode.cs file, under the StServiceCallActivity5_OnBeforeApplyProtocolSettings method, add the following (note your StServiceCallActivity number might be different)
  • Create a string variable that contains the user name and password your server needs for authentication:

string myAuth = “Basic” + Convert.FromBase64String(System.Text.Encoding.ASCII.GetBytes(“YourUserName:YourPassword));

  • Next, add your authentication variable value as a parameter to the HttpRequestHeaders Add method:


  • Run your test. You should no longer receive a 401 error message.

More UFT API Automation Awesomeness

For more UFT API Automation Awesomeness, tips, tricks and how-tos, check out my new book The UFT API Testing Manifesto – A step-by-step, hands-on testing guide for the masses –now available on!

Don't own a Kindle? No Problem — you can still read my book!

I'm aware that some of you have had trouble accessing my books in the past. The truth is that you don't need a Kindle! There are a variety of free ways you can read a Kindle eBook:

  • Read it on your PC or Mac (Kindle Cloud Reader)
  • Read it on your iPhone or iPad (iTunes App)
  • Read it on your Android (Kindle for Android)
  • Read it on your Blackberry (Kindle for Blackberry)

In short, it's really simple to read Amazon Kindle books, no matter what type of device you use to access the Internet.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. Is that double quote missing in GetBytes argument?

    string myAuth = “Basic” + Convert.FromBase64String(System.Text.Encoding.ASCII.GetBytes(“YourUserName:YourPassword));

    When I used this code, UFT says the it cannot convert byte[] to string and the compile fails.


    1. Yes – Sorry Rick! I will update the screenshot after the Holidays. The line should be:
      string upAuth = “Basic ” + Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(“USERNAME:PASSWORD”));

          1. Hi Joe,

            I tried encoding the username and passwork thorough some base64 encoder and tried passing it .I was getting compiled but returning 401 error again
            public void StServiceCallActivity5_OnOnSendRequest(object sender, HP.ST.Ext.WebServicesActivities.ActivityProcessRawMessageEventArgs args)
            //TODO: Add your code here…
            this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,”Basic cWNtc2VydmljZTAiMTiUMHM4aDJGeXFXMiA=”);
            tried without concatinating Basic also as below:

            public void StServiceCallActivity5_OnOnSendRequest(object sender, HP.ST.Ext.WebServicesActivities.ActivityProcessRawMessageEventArgs args)
            //TODO: Add your code here…

          2. Sorry Joe.I am passing it in Before apply protocol settings method as below

            public void StServiceCallActivity5_OnBeforeApplyProtocolSettings(object sender, HP.ST.Ext.WebServicesActivities.Models.StChannelsBindingStack args)
            //TODO: Add your code here…


            Tried passing by appending “Basic” as well as without “Basic”.But no luck.It is returning 401 error

  2. Joe,

    I would like to capture the HttpStatusCode that is returned if the call fails. I see it in the run result but I can’t figure out how to capture it in code. Any ideas on how to get this value?

  3. Hi Joe,
    Why can’t we use the Header section in the Input tab of Properties for providing the authentication details?

    ~ Rick

  4. Hi Joe,

    Cool, have you ever run across a HTTP request behind a log-in page? I have some of these and always get a 302 redirect, obviously because it has to go to the log-in page first. What’s the best way to handle this in Service Test or UFT API?

    Thanks, Nick

    1. I’ve found that sending a Base64 Authorization POST with a redirect option works in most cases with the HTTP requests. However I am running into a “409 Conflict” error on some pages that require a login. I have your book but didn’t see anything about this situation, I was think about your solution above but it’s not really a REST Service or anything so I don’t have a OnBeforeApplyProtocolSettings Activity. Any ideas?


  5. Nick or Joe-

    were you able to use this authorization for REST services. I even do not see Onbeforeapplyprotocolsettins events? Any idea why I do not see?


  6. Hi Joe,

    I am facing an error in trying to post data from an XML file using POST request to REST API Service. I am not using API Test type of UFT but using vbscript code (Microsoft.XMLHTTP ) to post data from XML to api server. However at objRestReq.Send strXMLContent step I get Operation Aborted error and error description is “Unknown” .Status code returned is 1223. However the data is correctly posted to GUI. I also tried to do the same flow using Service Test of UFT(API Test Type) and status code returned is as expected. Please help me resolve this error

  7. Hi,

    I follow your book “The UFT API Testing Manifesto” and I have 404 error when i have been added this WSDL : “”

    Error :”Couldnot download ‘’ …error 404

    What should I do ?

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Selenium SMS Email Testing Tool (e2e with Mailosaur)

Posted on 09/25/2023

Do you have manual tests that are not currently automated, not because they ...

How to Scale Your Enterprise Testing (Introducing SBOX)

Posted on 09/21/2023

Based on my conversations with hundreds of testers each year, automation testing has ...

The 4 Destroyers of Any Automation Test Script

Posted on 09/05/2023

After interviewing over 500 test engineers on my podcast, I've identified the four ...