GET request works in browser, but I get Unauthorized when using Postman

c# http postman http-get dynamics-crm-2016
Alex Gordon picture Alex Gordon · Apr 24, 2017 · Viewed 34.7k times · Source

I am issuing a request via chrome: 

[org]/api/data/v8.1/accounts?$select=name,accountid&$top=3

and I get a reasonable response:

{
  "@odata.context":"[org]/api/data/v8.1/$metadata#accounts(name,accountid)","value":[
    {
      "@odata.etag":"W/\"769209\"","name":"Telco","accountid":"c6ed63e0-9664-e411-940d-00155d104b35"
    },{
      "@odata.etag":"W/\"752021\"","name":"Fourth Coffee","accountid":"d1eefc0a-3ebc-e611-80be-24be051ac8a1"
    },{
      "@odata.etag":"W/\"768036\"","name":"Fourth Coffee","accountid":"3cbb8d24-20bd-e611-80c0-24be051ac8a1"
    }
  ]
}

However, when attempting to do the same GET through postman, I am getting a 401 unauthorized!

I've tried with no headers at all, as well as basic auth:

Authorization:Basic Y2hybGFiXxxxxxxxxxxxxxcmQxMjM=

What am I doing wrong? Is there something I need to change within CRM to allow me to do GETs from postman?

The following are headers that Chrome uses (got this from DevTools):

  • Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
  • Accept-Encoding:gzip, deflate, sdch
  • Accept-Language:en-US,en;q=0.8
  • Authorization:Negotiate TlRMTVNTUAADAAAAGAAYAIoAAABkAWQBogAAAAwADABYAAAADgAOAGQAAAAYABgAcgAAABAAEAAGAgAAFYKI4gYBsR0AAAAPai35LURprYMgYVSwMQXi/2MAaAByAGwAYQBiAGEAZwBvAHIAZABvAG4ASABPAFUALQBXAFMALQBBAEcATwBSAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd0avVN8acJQKvlSN8hYrSgEBAAAAAAAAoBg7uZi80gEIIthtN5clBAAAAAACAAYARABFAFYAAQAUAEIAQQBOAEMAUgBNADIAMAAxADYABAAcAGQAZQB2AC4AYwBoAHIAbABhAGIALgBpAG4AdAADADIAQgBBAE4AQwBSAE0AMgAwADEANgAuAGQAZQB2AC4AYwBoAHIAbABhAGIALgBpdddddddddddddddbABhAGIALgBpAG4AdAAHAAgAoBg7uZi80gEGAAQAAgAAAAgAMAAwAAAAAAAAAAEAAAAAIAAAccTLbO5YZuNnhdCDsjPCg1YXJuNv0XuASIhHrWWBg7kKABAAAAAAAAAAAAAAAAAAAAAAAAkAPABIAFQAVABQAC8AYgBhAG4AYwByAG0AMgAwADEANgAuAGQAZQB2AC4AYwBoAHIAbABhAGIALgBpAG4AdAAAAAAAAAAAAAAAAACtRrU1oDZ/XXRVVEUuj0yT
  • Cache-Control:max-age=0
  • Cookie:ReqClientId=42484e9a-f488-41a9-a016-1cd6e5820b3c
  • Host:myhost....
  • Proxy-Connection:keep-alive
  • Upgrade-Insecure-Requests:1
  • User-Agent:Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Mobile Safari/537.36

Answer

Alex picture Alex · Apr 24, 2017

First, login into CRM and leave the tab sitting there.

Go into POSTMan

Enable the Interceptor (see image) interceptor

Enter the URL and hit SEND, just like that. POSTMan will take care of cookies and headers on its own, and you'll see the results.

If you logout from CRM, POSTMan will obviously no longer be able to issue the requests and will return 401 instead.

Related questions

How do you set the Content-Type header for an HttpClient request?

I'm trying to set the Content-Type header of an HttpClient object as required by an API I am calling. I tried setting the Content-Type like below: using (var httpClient = new HttpClient()) { httpClient.BaseAddress = new Uri("http://example.com/"); httpClient.DefaultRequestHeaders.…

Read More
.NET: Simplest way to send POST with data and read response

To my surprise, I can't do anything nearly as simple as this, from what I can tell, in the .NET BCL: byte[] response = Http.Post ( url: "http://dork.com/service", contentType: "application/x-www-form-urlencoded", contentLength: 32, content: "home=Cosby&favorite+flavor=…

Read More
Getting Http Status code number (200, 301, 404, etc.) from HttpWebRequest and HttpWebResponse

I am trying to get the HTTP status code number from the HttpWebResponse object returned from a HttpWebRequest. I was hoping to get the actual numbers (200, 301,302, 404, etc.) rather than the text description. ("Ok", "MovedPermanently", etc.) Is the number buried in …

Read More