Not able to parse Authorization Header

Question

am calling an API with he query paramter as told by my Remedy team and i get the "Not able to parse Authorization Header" error

var yhttp = new XMLHttpRequest();
var phonedata=":People?q=%27Phone%20Number%20Business%27%20%3D%20%22%2B12017148030%22&fields=userid";
yhttp.open('GET', 'https://remproditsm.broadridge.net/api/arsys/v1/entry/CTM:People?q=%27Phone%20Number%20Business%27%20%3D%20%22%2B12017148030%22&fields=ciscofinesse');
yhttp.setRequestHeader('Authorization', 'Bearer' + response);
yhttp.setRequestHeader('Content-Type', 'application/json');
yhttp.send();

have tried AR-JWT instead of Bearer, have tried with application/json header and without, i was not convinced if i should be passing that in the header but remedy team advised me to pass it. Also, this works fine in Postman.

Answer 1

I propose to double check the postman and on the right side you have the CODE button,

then export working version from postman to JavaScript-XHR.

Answer 2

ok i found the issue, AJAx request by default is asynchronous, am using the varibale from the response as the token, and by the time it reaches the 2nd GET API request , it has nothing in the res variable, so i converted my first API request for token to synchronous

xhttp.open('POST', 'url',false);

          xhttp.setRequestHeader('authString', 'authentication string');

            xhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');

            xhttp.send(data);

            res= xhttp.responseText;

                document.write(res);

Answer 3

Yes, you need "AR-JWT {token}" as your Authorization header value. The token should be stored after the login call and used for each subsequent REST operation. https://docs.bmc.com/docs/ars2008/examples-of-using-the-rest-api-to-get-update-and-delete-an-entry-from-a-form-929631054.html