How to authorize http api using post with username and password

Hello guys,

I was trying to achieve something like that last few days..

What do I need. I need to POST data from api to obtain sessionId so I can use api further. Sadly I didn't even achieve to succesfully get 200 response from the api.

Could anyone tell me if I am missing some kind of node?

Curl : curl -X POST "" -H "accept: application/json" -H "Content-Type: application/json" -d "{"username":"string","password":"string"}"

C# where it is working as well:

            using (var requestToken = new HttpRequestMessage(new HttpMethod("POST"), ""))
                requestToken.Headers.TryAddWithoutValidation("Accept", "application/json");

                requestToken.Content = new StringContent("{\"username\":\"username\",\"password\":\"password\"}", Encoding.UTF8, "application/json");

I was trying simple http request with basic authentication / request with added headers.

Anyone who could help me?

Maybe it has something to do with this?

The address what I typed above is not correct. I am not providing the address how it supposed to be. I am sorry. But there is username and password anyway so it wouldn't work.

What did your flow look like? Can you post your flow (you can remove any sensitive info)

Not at far as I can tell. You haven't really provided enough info. I mean it's good you have proof the API works (let's us know you know what you're doing) but you haven't shown what you did in node-red.

Okay, so what I was trying to do in my flow is.

Http request where I using basic authentication then I was trying to format it into json and print it.

the 415 status code showed when I tried to use output as a complete msg. When I use just .msg it shows nothing

The HTTP 415 Unsupported Media Type client error response code indicates that the server refuses to accept the request because the payload format is in an unsupported format. The format problem might be due to the request's indicated Content-Type or Content-Encoding

Does that help?

Lastly, as you haven't posted your flow I can't check headers etc.

[{"id":"85ff2371.2062","type":"tab","label":"Flow 1","disabled":false,"info":""},{"id":"ef1fb1a6.fe39b","type":"inject","z":"85ff2371.2062","name":"","topic":"","payload":"","payloadType":"str","repeat":"300","crontab":"","once":false,"onceDelay":"","x":290,"y":200,"wires":[["860cc555.a00e38"]]},{"id":"860cc555.a00e38","type":"http request","z":"85ff2371.2062","name":"Login","method":"POST","ret":"txt","paytoqs":false,"url":"api","tls":"","persist":false,"proxy":"","authType":"","x":490,"y":200,"wires":[["9e84dae6.4e53b8"]]},{"id":"463b47a.98546b8","type":"debug","z":"85ff2371.2062","name":"","active":true,"tosidebar":true,"console":false,"tostatus":true,"complete":"true","targetType":"full","x":850,"y":200,"wires":[]},{"id":"9e84dae6.4e53b8","type":"json","z":"85ff2371.2062","name":"","property":"payload","action":"","pretty":true,"x":670,"y":200,"wires":[["463b47a.98546b8"]]}]

Here is my import string.

I found data about 415 as well. But honestly I don't know what to do with it since it is working for me in C# without any fancy modifications

I'll take a look in just a minute but please use the forum for pasting flows.

paste code directly into reply between backticks like this

Looking at your C# code, you should not use basic auth in your http request node. Instead, use a change or function node before it and use it to set msg.headers to {'Content-Type': 'application/json'}, and the payload to an object with the username/password values. Make sure the method is POST and try again.

The request is simply a json object posted to that endpoint. Basic auth sets the username and password values base64 encoded in an Authorization header. That’s not what’s going on here.

Same when looking at the curl. No basic auth there either, just an object sent as body of the POST request.

1 Like


You dont specify content type in the headers, you probably need to add headers to the msg. (info is in the built in documentation of the http request node)

Never mind - look at what @afelix posted ^

1 Like

But also look at what Steve posted because the content type for the body is application/json by default :slight_smile:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.