SAP Knowledge Base Article - Public

3318090 - Authentication error using SAP Datasphere OData API

Symptom

When consuming data in Power BI and other Clients, Tools, and Apps via an OData Service, authentication error raises:

  • {"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"}
  • 401-Unauthorized 
  • Invalid authentication credentials provided (HTTP Status 401)

Environment

SAP DataSphere

Resolution

Consuming exposed data in third-party clients, tools, and apps via an OData service requires a three-legged OAuth2.0 flow with type authorization_code. Users must manually authenticate against the configured IDP in order to generate the authorization code before continuing with the remaining OAuth2.0 steps.

Auth 2.0 Authentication Code requires passing parameters such as oAuth_token_URL, oAuth_authorize_url, client_id, client_secret. 

It is up to the client to properly handle these parameters to assure authentication against SAP Datasphere. Also, refresh token will be valid for 30 days and the lifetime of it cannot be changed: 

Create OAuth2.0 Clients to Authenticate Against SAP Datasphere

See Also

Consume Data via the OData API | SAP Help Portal 

Connecting SAP Data Warehouse Cloud OData API with PowerBI via a Blank Query

Keywords

odata, api, unauthorized, dwc, token lifetime, OAuth2.0 , KBA , DS-BB-ODATA , To address issues related to Odata consumption API , DS-AUT , Authorizations (Locks, etc.) , Problem

Product

SAP Datasphere all versions