REST API invalid_credentials You have to be logged in to perform this action

Hi all,

We are using the API v2 for a few years now. We (Geo-ICT department) use FreshDesk as a system to send and receive request from within our company. These request contains tasks for projects. Every morning we use the API to pull all the pages with a certain status from the system. This is done with FME and we use an HTTPCaller for this which allows us to perform GET commans.

As of yesterday I’m receiving an invalid_credentials message, which tells me that I have to be logged in to perform this action. Nothing has changed in the method of our HTTPCaller or my credentials that we use. The credentials are that of my agent account, which is also the highest user. Also our API-key is used for this, which also hasn’t changed.

Are there any people here that know FME and the HTTPCaller? Or does anyone from FreshDesk know if something has changed in the validation of API calls?

1 Like

I have not used HTTPCaller so I am not sure what the tool does under the hood. I am not aware of any changes to the Freshdesk API either, so let me check with the Freshdesk team.

Meanwhile, is there any way you can let me know what are the actual HTTP headers sent out by HTTPCaller when you select the api-key header?

Thanks for your reply. I can’t view / show the actual content of the message since I’m not able to run this piece of software due to the credential issues. With FME (when credentials are ok) I can replicate the message flow and output the attributes generated during run.

Btw, I’ve tested with another agents’ credentials, but this gives the same error.

I don’t see a possibility to replicate the function without connecting to an actual API. Therefor I’m not able to give you the info about the HTTP headers. All I can is refer to the Help page of this Transformer (this is what FME calls this HTTPCaller), which is here:

After some testing on my side, I found out that the Header “api-key” isn’t working anymore and this should be renamed into “Authorization”. Also, the API-key value should be encoded as Base 64 text. With these two changes the connection works again. The previous settings have worked for the last 2-3 years, so something changed on the server side. If anyone knows what, please let me know. It’s working for now, but would be nice to know why and what changed.


This is indeed the recommended way for supplying Authorization details in a request to the Freshdesk REST API. I wasn’t sure how HTTPCaller handles this. Glad that you found this out. :slight_smile:

We haven’t heard of any changes yet. Probably some such changes were made (or some older authorization schemes deprecated). I see nothing in the Changelog of the API either, so still kinda unsure of any change in Auth schemes. In any case, the Authorization scheme you have changed to should continue to work now.

1 Like

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.