How to fix REST status codes 401 and 500?
Issue 1: User cannot access REST (status code 401)
This problem is related to authentication. It indicates that the user does not have permission to access the requested resources.
Solution: Check authentication
- Check the authentication method described in the administration manual (basic, token, etc).
- When using basic authentication, configure the basicauth_ip_restrictions parameter by specifying IP addresses that are allowed to send requests to the REST API using basic authentication. For more information see the section "How to Use IP Constraints" in the administration manual. Enclose each rule in quotation marks.
- The restrictions that apply when using basic authentication are described in the BOC Developer Portal in the article "Basic Authentication".
- Check if IDM is enabled. Specific configuration steps are necessary to set up the web client for this authentication mechanism. Please contact your customer account manager for instructions.
Issue 2: User cannot access REST (status code 401) in SaaS
You are using a BOC product that is hosted in the BOC cloud (SaaS). REST-access to the environment was previously possible, but now you cannot access it.
Solution: Have the IP address unlocked
Hosted environments have an additional access restriction: their own IP whitelist. It happens that the company infrastructure changes and BOC is not aware of these changes (i.e. the requesting client now has a different IP address).
Retry the request and send the timestamp (date and time) of the request to BOC technical support. We will then check whether your IP address has been blocked and we will extend the IP whitelist if necessary.
Note: Adjustments to the IP whitelist are only done, if the request is made by an authorized person.
Issue 3: Requests return a status code 500 (internal server error).
Some REST-requests work normally on a client, while others return a status code of 500 (internal server error).
Solution: Adjust timeout
This typically happens with (but not limited to) third-party client software such as Excel and PowerBI.
Such applications typically have some form of timeout configured to provide a better user experience. A common value is 100 seconds for a timeout. Once the timeout is reached, the application will abort the operation and report the generic "error 500".
However, some REST requests to the BOC Management Office software can take significantly longer than 100 seconds. The specific duration depends on many factors and can therefore vary.
Adjust the timeout value in the affected client software to resolve the error. Several attempts with different values may be necessary until a suitable value is found.