/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Testing a Signavio Process Intelligence Elasticsearch type Connection results in 401 Unauthorized. However, a cURL GET request is successful.
An example of the extended message in the pi-etl-adapter log file:
[HTTP Headers]
HTTP/1.1 401 Unauthorized
www-authenticate: Basic realm="security", charset="UTF-8"
www-authenticate: Bearer realm="security"
www-authenticate: ApiKey
content-type: application/json
content-encoding: gzip
content-length: nnn
strict-transport-security: max-age=nnnnnnnnnn
2025-10-31T18:26:18.390+01:00 TRACE 7744 --- [Thread-29] [com.cdata.ELASTICSEARCH] : [2|Q-Id] [HTTP|Res: 0] {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate with provided credentials and anonymous access is not allowed for this request","additional_unsuccessful_credentials":"API key: invalid credentials for API key [xxxxxxxxxxxxxxxxxxxxx]","header":{"WWW-Authenticate":["Basic realm=\"security\", charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate with provided credentials and anonymous access is not allowed for this request","additional_unsuccessful_credentials":"API key: invalid credentials for API key [xxxxxxxxxxxxxxxxxx]","header":{"WWW-Authenticate":["Basic realm=\"security\", charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}
Cause
In the Process Intelligence Elasticsearch Connection, the APIkey property is being set to the encoded value that is returned from the API Keys endpoint.
Resolution
Set the APIkey value unencoded.
The cURL request works with the encoded value, however, the Process Intelligence Elasticsearch connector requests combine both the API Key and API Key Id and then base64 encode them. Therefore, it is required to set the APIKey property to the value from the api_key object and not the encoded parameter.
For example:
If the API token endpoint returns something like the following when getting an API Token:
{
"id": "vdpCxXyYzZxxxxxx",
"name": "my-api-key",
"api_key": "fzcfghnnnnnnnK11A",
"encoded": "dmRwQ1Vuc0J5RXJ3Q3pFT3cydVo6ZnpmeElqeXhRYzJjWGtLY2MzSzExQQ"
}
The encoded value will need to be decoded and that value used instead. When decoded, a combined string id:Apikey will be returned (separated by a colon). Ensure to use the APIkey part as the Id is already known. Linux example (for illustration only - not a valid value):
echo "dmRxQ1Vxx0J5RXJ3QxxFT3cydVo6ZxxxxElqeXhRYzJjWGtLY2MzSzExQQ==" | base64 --decode
vdpCxXyYzZxxxxxx:fzfxIjyxQc2cXkKcc3K11A
Keywords
soe, Process Intelligence, Elasticsearch, 401, Unauthorized, encoded, decoded, APIkey, unable, authenticate, anonymous, access , KBA , BPI-SIG-PI-DS , Data Source (CSV, Connector) , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)