SAP Knowledge Base Article - Public

3318090 - Authentication error using SAP Datasphere OData API


When consuming data in Power BI and other Clients, Tools, and Apps via an OData Service, authentication error raises:

  • {"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"}
  • 401-Unauthorized 
  • Invalid authentication credentials provided (HTTP Status 401)


SAP DataSphere


Consuming exposed data in third-party clients, tools, and apps via an OData service requires a three-legged OAuth2.0 flow with type authorization_code. Users must manually authenticate against the configured IDP in order to generate the authorization code before continuing with the remaining OAuth2.0 steps.

Auth 2.0 Authentication Code requires passing parameters such as oAuth_token_URL, oAuth_authorize_url, client_id, client_secret. 

It is up to the client to properly handle these parameters to assure authentication against SAP Datasphere. Also, refresh token will be valid for 30 days and the lifetime of it cannot be changed: 

Create OAuth2.0 Clients to Authenticate Against SAP Datasphere

See Also

Consume Data via the OData API | SAP Help Portal 

Connecting SAP Data Warehouse Cloud OData API with PowerBI via a Blank Query


odata, api, unauthorized, dwc, token lifetime, OAuth2.0 , KBA , DS-BB-ODATA , To address issues related to Odata consumption API , DS-AUT , Authorizations (Locks, etc.) , Problem


SAP Datasphere all versions