Home/ Questions/Q 7218565
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T21:29:58+00:00

I’m working with a REST API that returns a 401 if my authorization token

  • 0

I’m working with a REST API that returns a 401 if my authorization token has expired. When I receive a 401, I’d like to run my authentication logic, retrieve a new token and then retry my original call. What’s the best way to do this.

Right now, I have an Authenticator class that “knows” how to authenticate with the API. The rest of the data access logic lives in a Repository object. The Repository object has the responsibility of sending requests to the API to retrieve information, using the information stored in the Authenticator.

An example of this is Repository.List() [It’s not really static, just writing it this way for brevity). Conceptually, this is what List() should do.

  • Try to connect to API and get a list of items
  • If 401 error, re-authenticate and try again
  • Return the list of items or throw an exception

This pattern will be used for all of my methods in all of my repositories, so I’d like a delegate or something that I could use with all of the API calls.

Any ideas?

Thanks,
Greg

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I came up with a solution that is working well.

    I created a static method that accepts two arguments, a Func and a reference to my
    Authentication object. The Authentication object can re-authenticate, and holds the auth info for making API calls. I used a ref because I didn’t want multiple instances of an Authenticator for one account existing with different auth tokens, but I needed to be able to support multiple accounts at the same time, so I couldn’t make it static.

    public static string ReauthenticateOn401(
    Func<Authenticator, string> method, 
    ref Authenticator authenticator)
{
    if (method == null)
        throw new ArgumentNullException("action");

    if (authenticator == null)
        throw new ArgumentNullException("authenticator");

    int attempts_remaining = 2;
    bool reauth_attempted = false;
    while (attempts_remaining > 0)
    {
        try
        {
            return method(authenticator);
        }
        catch (WebException e)
        {
            if (e.Response != null && reauth_attempted == false)
            {
                if (((HttpWebResponse)e.Response).StatusCode == HttpStatusCode.Unauthorized)
                {
                    authenticator.GetAuthToken();
                    reauth_attempted = true;
                    attempts_remaining--;
                }
                else
                {
                    throw;
                }
            }
            else
            {
                throw;
            }
        }
    }
    throw new Exception("The ReauthenticateOn401 method failed to return a response or catch/throw an exception.  The log flowed outside the while loop (not expected to be possible) and is generating this generic exception");
        }

    I then have different classes for requesting data from the API. Here is what one of them might look like, where _authenticator is passed into the class when the class is instantiated.

    string json = Authenticator.ReauthenticateOn401( (authenticator) =>
{
    string apiUrl = "http:/blahblahblah.api.com"
    HttpWebRequest request = WebRequest.Create(apiUrl) as HttpWebRequest;
    //Add headers, or adjust the body as necessary for your API
    using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
    using (StreamReader reader = new StreamReader(response.GetResponseStream()))
    {
        return reader.ReadToEnd();
    }
}, ref _authenticator);

    The beauty is that I can pass in whatever logic I want to ReathenticateOn401, and it will attempt to call the method, and then reauthenticate if a 401 is received. Otherwise, it will succeed or throw an exception that I can then handle.

    • 0