Automation Testing

UFT API TEST RETURNS HTTP 401 ERROR

By Test Guild
  • Share:
Join the Guild for FREE

Server returned HTTP status code 401:

Since publishing my UFT book The UFT API Testing Manifesto – A step-by-step, hands-on testing guide for the masses, I've received a few emails from folks who are receiving this error message: Server returned HTTP status code 401: Unauthorized while attempting to run their API tests.

More about the 401 Unauthorized error

According to Wikipedia, the 401 Unauthorized message is “401 Unauthorized is similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.[2] The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication.”

Why this 401 error occurs in UFT API

Sometimes the server you're testing against expects to receive authentication information before transport. For this reason, you must add some additional information to your API request's HTTP header. This can be done using custom code in BeforeApplyProtocolSettings event handler.

How to add a username and password to your HTTP Request Header

  • In your test, click on the web service activity on your main canvas area.
  • Under its Properties section, click on the Events icon.


  • Select the Create a default handler…option from the BeforeApplyProtocolSettings event.


  • In the TestUserCode.cs file, under the StServiceCallActivity5_OnBeforeApplyProtocolSettings method, add the following (note your StServiceCallActivity number might be different)
  • Create a string variable that contains the user name and password your server needs for authentication:

string myAuth = “Basic” + Convert.FromBase64String(System.Text.Encoding.ASCII.GetBytes(“YourUserName:YourPassword));

  • Next, add your authentication variable value as a parameter to the HttpRequestHeaders Add method:

this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,myAuth);


  • Run your test. You should no longer receive a 401 error message.

   
More UFT API Automation Awesomeness


For more UFT API Automation Awesomeness, tips, tricks and how-tos, check out my new book The UFT API Testing Manifesto – A step-by-step, hands-on testing guide for the masses –now available on Amazon.com!

Don't own a Kindle? No Problem — you can still read my book!

I'm aware that some of you have had trouble accessing my books in the past. The truth is that you don't need a Kindle! There are a variety of free ways you can read a Kindle eBook:

  • Read it on your PC or Mac (Kindle Cloud Reader)
  • Read it on your iPhone or iPad (iTunes App)
  • Read it on your Android (Kindle for Android)
  • Read it on your Blackberry (Kindle for Blackberry)

In short, it's really simple to read Amazon Kindle books, no matter what type of device you use to access the Internet.

A bearded man with blue glasses and a black-and-white jacket smiles at a microphone in a studio setting.

About Joe Colantonio

Joe Colantonio is the founder of TestGuild, an industry-leading platform for automation testing and software testing tools. With over 25 years of hands-on experience, he has worked with top enterprise companies, helped develop early test automation tools and frameworks, and runs the largest online automation testing conference, Automation Guild.

Joe is also the author of Automation Awesomeness: 260 Actionable Affirmations To Improve Your QA & Automation Testing Skills and the host of the TestGuild podcast, which he has released weekly since 2014, making it the longest-running podcast dedicated to automation testing. Over the years, he has interviewed top thought leaders in DevOps, AI-driven test automation, and software quality, shaping the conversation in the industry.

With a reach of over 400,000 across his YouTube channel, LinkedIn, email list, and other social channels, Joe’s insights impact thousands of testers and engineers worldwide.

He has worked with some of the top companies in software testing and automation, including Tricentis, Keysight, Applitools, and BrowserStack, as sponsors and partners, helping them connect with the right audience in the automation testing space.

Follow him on LinkedIn or check out more at TestGuild.com.

  1. Is that double quote missing in GetBytes argument?

    string myAuth = “Basic” + Convert.FromBase64String(System.Text.Encoding.ASCII.GetBytes(“YourUserName:YourPassword));

    When I used this code, UFT says the it cannot convert byte[] to string and the compile fails.

    Thanks

  2. Yes – Sorry Rick! I will update the screenshot after the Holidays. The line should be:
    string upAuth = “Basic ” + Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(“USERNAME:PASSWORD”));

  3. Even after updating the above line of code i am facing the issue in compiling.It says it cannot convert byte[] to string

  4. Hi Joe,

    I tried encoding the username and passwork thorough some base64 encoder and tried passing it .I was getting compiled but returning 401 error again
    public void StServiceCallActivity5_OnOnSendRequest(object sender, HP.ST.Ext.WebServicesActivities.ActivityProcessRawMessageEventArgs args)
    {
    //TODO: Add your code here…
    this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,”Basic cWNtc2VydmljZTAiMTiUMHM4aDJGeXFXMiA=”);
    }
    tried without concatinating Basic also as below:

    public void StServiceCallActivity5_OnOnSendRequest(object sender, HP.ST.Ext.WebServicesActivities.ActivityProcessRawMessageEventArgs args)
    {
    //TODO: Add your code here…
    this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,”cWNtc2VydmljZTAwMTpUMHM4aDJGeXFXMiA=”);
    }

  5. Sorry Joe.I am passing it in Before apply protocol settings method as below

    public void StServiceCallActivity5_OnBeforeApplyProtocolSettings(object sender, HP.ST.Ext.WebServicesActivities.Models.StChannelsBindingStack args)
    {
    //TODO: Add your code here…
    this.StServiceCallActivity5.HttpRequestHeaders.Add(“Authorization”,”cWNtc2VydmljZTAwMTpUMHM4aDJGeXFXMiA=”);

    }

    Tried passing by appending “Basic” as well as without “Basic”.But no luck.It is returning 401 error

  6. Joe,

    I would like to capture the HttpStatusCode that is returned if the call fails. I see it in the run result but I can’t figure out how to capture it in code. Any ideas on how to get this value?

  7. Hi Joe,
    Why can’t we use the Header section in the Input tab of Properties for providing the authentication details?

    ~ Rick

  8. Hi Joe,

    Cool, have you ever run across a HTTP request behind a log-in page? I have some of these and always get a 302 redirect, obviously because it has to go to the log-in page first. What’s the best way to handle this in Service Test or UFT API?

    Thanks, Nick

  9. I’ve found that sending a Base64 Authorization POST with a redirect option works in most cases with the HTTP requests. However I am running into a “409 Conflict” error on some pages that require a login. I have your book but didn’t see anything about this situation, I was think about your solution above but it’s not really a REST Service or anything so I don’t have a OnBeforeApplyProtocolSettings Activity. Any ideas?

    Thanks

  10. Nick or Joe-

    were you able to use this authorization for REST services. I even do not see Onbeforeapplyprotocolsettins events? Any idea why I do not see?

    Krishna

  11. Hi Joe,

    I am facing an error in trying to post data from an XML file using POST request to REST API Service. I am not using API Test type of UFT but using vbscript code (Microsoft.XMLHTTP ) to post data from XML to api server. However at objRestReq.Send strXMLContent step I get Operation Aborted error and error description is “Unknown” .Status code returned is 1223. However the data is correctly posted to GUI. I also tried to do the same flow using Service Test of UFT(API Test Type) and status code returned is as expected. Please help me resolve this error

  12. Hi,

    I follow your book “The UFT API Testing Manifesto” and I have 404 error when i have been added this WSDL : “http://www.webservicex.net/geoipservice.asmx?WSDL”

    Error :”Couldnot download ‘http://www.webservicex.net/geoipservice.asmx?WSDL’ …error 404

    What should I do ?

Comments are closed.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

5 Top Model Context Protocol Automation Tools (MCP Guide 2025)

Posted on 04/09/2025

What is Model Context Protocol (MCP) Model Context Protocol (MCP) is an open ...

What is TDD (Test Driven Development)

Posted on 04/05/2025

What is Test-Driven Development (TDD)? Test-Driven Development is a software development approach that ...

The Best Open Source API Testing Tools for 2025

Posted on 04/01/2025

Here is my list of the best open source API testing tools for ...