Skip to main content

How do I troubleshoot callouts configured for authentication?


How do I troubleshoot callouts configured for authentication?

Callout notifications configured with authentication must include an authentication header for successful delivery. Callouts can fail if endpoints are not compliant with RFC 7617 or if credentials are not valid.

Check Authentication on Callouts

After you have configured a callout notification, perform the following steps to check callout authentication: 

  1. Verify that the Callout Authentication check box is selected.
  2. Run the following curl command to validate the user name and password credentials.
    $ curl -v [callouts endpoint URL] -u username:password

    If the user name and password are valid, a 200 OK HTTP response is returned.

  3. Ensure that the callout endpoint is RFC 7617 compliant. Specifically, the callout must return a WWW-Authentication header for 401 status. 

    For example:

    $ curl -v
    * Hostname was NOT found in DNS cache
    *   Trying
    * Connected to ( port 443 (#0)
    * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    * Server certificate: *
    * Server certificate: COMODO RSA Domain Validation Secure Server CA
    * Server certificate: COMODO RSA Certification Authority
    * Server certificate: AddTrust External CA Root
    > GET /basic-auth/user/passwd HTTP/1.1
    > User-Agent: curl/7.37.1
    > Host:
    > Accept: */*
    * Server nginx is not blacklisted
    < Server: nginx
    < Date: Tue, 08 Sep 2015 08:21:27 GMT
    < Content-Length: 0
    < Connection: keep-alive
    < Access-Control-Allow-Origin: *
    < Www-Authenticate: Basic realm="Fake Realm"
    < Access-Control-Allow-Credentials: true