Trying to get a same-day reservation at a popular restaurant can be nearly impossible, especially during peak dinner hours. In the same way, some APIs require ‘authorization’ and you must be careful to not try to use ‘authentication’ instead, where word similarities can cause headaches. For example, OAuth 2 implementations usually require including an ‘Authorization’ header, but it’s easy to type ‘Authentication’ instead. It’s a common problem, so if a request keeps failing make sure you’re using the correct word. Authorization header construction also has a few traps for the unwary. OAuth 2 tokens must be prepended with a “Bearer” to work, and with respect to Authentication, common mistakes include:
• Forgetting the ‘Basic’ prefix (including a space)
• Not encoding ‘username: password’ or forgetting the colon
• Falling foul to quirkiness – e.g. where an API provider only requires a username (often the API key), yet it’s still necessary to place a colon after it (even if there’s no password)
Read the Full Whitepaper