You have not told us anything about how the delete works. Perhaps the user/claim/role does not have authorization to delete the resource. Check the code.
Problem with API authorization
![](https://techprofile.blob.core.windows.net/images/WmBD9oL6a0-0MJb9XowEMg.png?8D95C2)
Hello I am having some issues with an API call from my mobile app.
The API is developed with ASP.NET MVC 5.
All my API calls work, with a 200 status code.
But there is one DELETE call that always returns 401, of course using the same access_token
. If I reuse the same token for a different GET/POST/PUT call everything succeeds.
FYI, this is the response that keeps failing, and I don't understand why:
Object {
"config": Object {
"adapter": [Function xhrAdapter],
"baseURL": "https://my.url.com/api/v2",
"data": undefined,
"headers": Object {
"Accept": "applications/json",
"Authorization": "Bearer QsX8raQRx7pKJZHrNkeCEl2yUbsq3mwla1_6DwReJpFSfVWn18fzM6cdI9XgCFOxO-wseMHM1pLSsuNGi3_PNXpWvulv0oTaWnKOt6zUuj_mjetiApfNfUX4FSnRrVcHGycJLt8bf4hJX6P1HMVi4DsZsm9ASwbXXQosqAWKIgE_wMpNtGQ8PXpmZL977HBlM9IzpcRw4SBMslbxh00AY-zz75KTbPSbZM198YzDFT5tJyDYuN1bZBWGYk8ivRYx3OgLLrFMNp4HSRkbzzdmQa1cd7dmLRtUv6bnU8c1NX6rxpdtuoMGvKsTp5ZuWisA",
},
"maxBodyLength": -1,
"maxContentLength": -1,
"method": "delete",
"params": Object {},
"timeout": 0,
"transformRequest": Array [
[Function transformRequest],
],
"transformResponse": Array [
[Function transformResponse],
],
"transitional": Object {
"clarifyTimeoutError": false,
"forcedJSONParsing": true,
"silentJSONParsing": true,
},
"url": "Products/4670?target=mobile",
"validateStatus": [Function validateStatus],
"xsrfCookieName": "XSRF-TOKEN",
"xsrfHeaderName": "X-XSRF-TOKEN",
},
"data": Object {
"message": "Authorization has been denied for this request.",
},
"duration": 69,
"headers": Object {
"cache-control": "no-cache",
"content-length": "68",
"content-type": "application/json; charset=utf-8",
"date": "Tue, 01 Mar 2022 23:25:32 GMT",
"expires": "-1",
"pragma": "no-cache",
"server": "Microsoft-IIS/10.0",
"www-authenticate": "Bearer",
"x-aspnet-version": "4.0.30319",
"x-powered-by": "ASP.NET",
},
"ok": false,
"originalError": [Error: Request failed with status code 401],
"problem": "CLIENT_ERROR",
"status": 401,
}
NOTE: when I use Postman to log in to the /token
endpoint, the access_token
that I get back is about double in characters length, not sure if it depends by the device I am using to log in (Postman vs mobile app).
Can anyone see what's wrong?