FRC Events API Authorization Isn't Working

Hi,

I’m trying to access the FRC Events API, and I keep running into the error 401 unauthorized. I think I’ve followed the instructions from the Apiary documentation, yet I’m still running into the error.

I’ve tried sending a request to a randomly selected endpoint given as an example in the documentation, with the correct authorization header. (with the key being “Authorization”, and the value being the base64 encoded string “username:authorizationtoken” format)

I’ve tried using both Postman and just writing a request using Java. The Java code is below.

        URL url = new URL("https://frc-api.firstinspires.org/v2.0/2017/CMPMO");
        HttpURLConnection connection = (HttpURLConnection) url.openConnection();

        String clearAuth = "-snipped pls don't ban me from the API FIRST-";
        String encodedAuth = new String(Base64.getEncoder().encode(clearAuth.getBytes()));

        connection.setRequestProperty("Authorization", encodedAuth);
        connection.setRequestMethod("GET");
        connection.connect();

I condensed the code, removing everything regarding the input of data. I’d appreciate it if someone could point out what I’m doing wrong. Thanks.

My account has expired, but this is what I have from back when it was working:

            URL url = new URL (path);
            
            String encodedAuth = new String(Base64.encodeBase64(clearAuth.getBytes()));
            
            HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
            connection.setRequestMethod("GET");
            connection.setRequestProperty  ("Authorization", "Basic " + encodedAuth);
            connection.setRequestProperty("Accept", "application/json");
            connection.setHostnameVerifier(new Verifier());
            stream = (InputStream)connection.getInputStream();

Note the small difference in the Authorization property (which is probably what’s getting you… it’s been a few years, but I remember running into an issue with that as well), and the addition of the Accept property to specify the return format (“application/xml” would be the other acceptable value).

Thank you! Do you have any idea what the “basic” in front of the encoded string is? This tripped me up for a while.

It just specifies the type of authorization. Basic Auth is probably the most common, but I think the industry is moving towards more OAuth instead of Basic… but it’ll be a very long transition. The link below goes into it a little bit, and explains some of the other types that may be used, depending on the interface/system you’re accessing. For example, if you want to access any of the Google API services, you get an OAuth2 token from them and use Bearer Authentication with them instead of Basic.