Please use proper authorization behaviour

My company migrates from Zendesk to Freshdesk. I'm working on migrating the API.


The first pain I immediately faced is that your authentification scheme is non-standard. See https://en.wikipedia.org/wiki/Basic_access_authentication.


Expected (standard) behaviour of most http clients is to try to authentificate as anonymous, then after getting a 401 with WWW-Authenticate the client will send auth headers.Since as you don't send WWW-Authenticate header in response, users that uses the standard way will get:

{"require_login":true}

or

{"code":"invalid_credentials","message":"You have to be logged in to perform this action."}

depending on the api version. 


Please fix that. This is the first impresssion of using API and it's really bad. I had to spend 40 minutes digging into Apache HttpClient source code to understand what's happening



3 people have this question

Hi @Sergey, What did you do to work around the problem?

I have my API key but when i am using it it returns this


[20-05-24 15:01:55:577 IST] {"code":"invalid_credentials","message":"You have to be logged in to perform this action."}


Please help me with it. I don't understand what is issue

I have the same issue as Chandan Kumar. 

Login or Signup to post a comment