HttpClient returns 401 with correct authorisation header

Question

I have been trying for a while now to consume the eventbrite api with vb.net, I am using the HttpClient to consume the api however it only returns a HTTP 401 Unathorised when I call the same method with the same headers using postman it returns the expected response with a HTTP 200 OK

VB.Net

Dim objClient As New HttpClient()

objClient.BaseAddress = New Uri("https://www.eventbriteapi.com/v3/")
objClient.DefaultRequestHeaders.Authorization = New AuthenticationHeaderValue("Bearer", "IODVRTRFJ5FVEXZXXXXX")

Dim objResponse As HttpResponseMessage = Await objClient.GetAsync("events/search?organizer.id=77181XXXXX")

If objResponse.IsSuccessStatusCode Then

    Dim strJSON As String = Await objResponse.Content.ReadAsStringAsync
    txtOutput.Text = strJSON

Else

    txtOutput.AppendText(objResponse.ToString + vbCrLf)
    txtOutput.AppendText(objResponse.RequestMessage.ToString + vbCrLf)

End If

objClient.Dispose()

Request

Method: GET, RequestUri: 'https://www.eventbriteapi.com/events/search?organizer.id=77181XXXXX', Version: 1.1, Content: <null>, Headers:
{
  Authorization: Bearer IODVRTRFJ5FVEXZXXXXX
}

Response

StatusCode: 401, ReasonPhrase: 'UNAUTHORIZED', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Transfer-Encoding: chunked
  Connection: keep-alive
  x-xss-protection: 1; mode=block
  x-content-type-options: nosniff
  Vary: Accept
  X-UA-Compatible: IE=edge
  X-Frame-Options: SAMEORIGIN
  Access-Control-Allow-Origin: *
  Access-Control-Allow-Headers: Authorization
  Date: Fri, 28 Nov 2014 14:32:02 GMT
  P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  Set-Cookie: SS=AE3DLHTSIyq8Ey6stmsFe7sH0LwxwTjQNw; Domain=.eventbriteapi.com; httponly; Path=/; secure
  Set-Cookie: eblang=lo%3Den_US%26la%3Den-us; Domain=.eventbriteapi.com; expires=Sat, 28-Nov-2015 14:32:02 GMT; httponly; Path=/
  Set-Cookie: SP=AGQgbblV535q50zSGYa6PvdeMsiuIPDnFlsnyVrk5VIvAnFRtrUHh7AU791a46nkYXJQhH3_VZLFgHuw4j8sAYXPy3l6adKHpQ5js-vjoXyJpTp51nd4Ewnhd-lS9UlI2YL0rUaHCkLvt4_buXJOvRuN222hINBjvQBsJPrR9woApj_ic0MT0cJcNIDsY40PnEOhH8p2xijrXVZHQa6fjwemsjgJEu_Vn6NBi4UO9hBL7sLl-eetYyE; Domain=.eventbriteapi.com; httponly; Path=/
  Set-Cookie: G=v%3D1%26i%3D1429e3af-ac09-4b67-b2a3-1f4473c28bcd%26a%3D51b%26s%3DAPDvTK5mqMI40Xz80zXcPKvFx7daGz_DOA; Domain=.eventbriteapi.com; expires=Sat, 28-Nov-2015 14:32:02 GMT; httponly; Path=/
  Set-Cookie: AN=; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
  Server: nginx
  Allow: GET
  Allow: HEAD
  Allow: OPTIONS
  Content-Type: application/json
}

Postman

Answer 1

The reason I was getting the 401 Unauthorized was because when i was calling the api originally I was querying https://www.eventbriteapi.com/v3/events/search?organizer.id=77181XXXXX.

This URL is not valid and should be https://www.eventbriteapi.com/v3/events/search/?organizer.id=77181XXXXX (note the extra / after search)

Eventbrite automatically redirected me to the correct URL however it lost the authentication header and thus was unauthorized.

Working VB.Net code:

Dim objClient As New HttpClient()

Try

    objClient.BaseAddress = New Uri("https://www.eventbriteapi.com/v3/")
    objClient.DefaultRequestHeaders.Authorization = New AuthenticationHeaderValue("Bearer", Context.EventBriteApiToken)

    Dim objResponse As HttpResponseMessage = Await objClient.GetAsync("users/" + Context.EventBriteUserId + "/owned_events/?page=" + intPage.ToString)
    objResponse.EnsureSuccessStatusCode() '** Throws exception

    Dim strJSON As String = Await objResponse.Content.ReadAsStringAsync
    Return JsonConvert.DeserializeObject(Of EventBrite.EventSearchResponse)(strJSON)

Catch ex As Exception

    Throw ex

Finally

    objClient.Dispose()

End Try

Answer 2

I had a similar issue. Building .net application and I was using the HttpClient class. The url I was calling was "http" and the server redirects it to https. Apparently this drops the headers. Didnt happen through postman !!

Solution: use httpS