Authorizing a REST API GET Call with Salesforce

0
I'm trying to authorize a REST GET call.  I'm using a microflow that first issues a OAUTH2 POST to Salesforce and returns a valid Access Token. I then try to use the Access Token to authorize the REST GET call with a simple SOQL query.  Everything works great with cUrl and SOAPUI, but I can't avoid the following error: LatestError: 401: Unauthorized at MyFirstModule.REST_GetTaskIDs (CallRest : 'Call REST (GET)') LatestHttpResponse: [{"message":"INVALID_HEADER_TYPE","errorCode":"INVALID_AUTH_HEADER"}]   I've tried a number of ways to add the Authorization Header, but I either get the above error or a different one "Session ID expired or invalid" when I try to embed it in the Location URL.  I'm not sure how to see the URLs the Desktop Modeler (7.20.1) is assembling.  Thanks for any help you can provide. Here's the microflow:             Here's the Call REST (GET) setup:      
asked
2 answers
1

It looks like you have

'Bearer $NewSettings/AccessToken'

Shouldn't it be

'Bearer ' + $NewSettings/AccessToken

 

answered
0

Thanks Nils.  Here's the raw request & response: 

Request content for GET request to https://na85.salesforce.com/services/data/v44.0/query?q=SELECT+ID,OwnerID,AccountID+from+Task+WHERE+type='Evaluation' HTTP/1.1
Authorization: (omitted)

Response content for GET request to https://na85.salesforce.com/services/data/v44.0/query?q=SELECT+ID,OwnerID,AccountID+from+Task+WHERE+type='Evaluation'
HTTP/1.1 401 Unauthorized
Date: Thu, 13 Dec 2018 00:11:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=appserver
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: upgrade-insecure-requests
X-Robots-Tag: none
Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private
Set-Cookie: BrowserId=XXXXXXXXXXXXXXXXX;Path=/;Domain=.salesforce.com;Expires=Mon, 11-Feb-2019 00:11:08 GMT;Max-Age=5184000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked

[{"message":"INVALID_HEADER_TYPE","errorCode":"INVALID_AUTH_HEADER"}]

Does this mean that the access token is not getting through?  If so, is the custom header formatted correctly?   

Please advise.  Thank you.

answered