Here API returns Unrecognized Kid Null error

Asked 20/8, 2020 at 7:8 Answered 20/12, 2021 at 1:54

This is my cURL request

curl https://geocode.search.hereapi.com/v1/geocode?q=5%20Rue%20Daunou%2C%2075000%20Paris%2C%20France -H "Authorization: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXX"

This is the response

{"error":"Unauthorized","error_description":"Token Validation Failure - unrecognized kid null"}

I am not sure what is going on. I tried different access keys. I generated new ones. But keep getting the same error.

Delacroix answered 20/8, 2020 at 7:8 Comment(4)

what api is it? – Sappy 20/8, 2020 at 10:16

@Sappy its a rest API. – Delacroix 20/8, 2020 at 12:14

please drop the documentation – Sappy 20/8, 2020 at 12:18

Are you sure your token is right? If I make the same call but with my apikey in the URL, it works fine. – Precipitant 20/8, 2020 at 19:37

The "Access Key ID" is not quite the token you need to send in the Authorization header, which is why you get a "Token Validation Failure".

The "Access Key ID" is however one of the credential parameter that you need, in order to generate the OAuth tokens, the other parameter being the "Access Key Secret".

If you didn't save the Access Key Secret already, go to your HERE Account Project Management Space and make sure to download the credential file:

In the credential file, pay attention to the last three lines:

here.access.key.id = redacted
here.access.key.secret = redacted_redacted_redacted
here.token.endpoint.url = https://account.api.here.com/oauth2/token

Then, we can use Postman to generate the OAuth tokens:

Open Postman and create a new request.
Method POST, url: https://account.api.here.com/oauth2/token
Go to the Auth tab and select:
- Type: OAuth 1.0
- Add auth data to Request Headers (probably the default choice)
- Signature Method: HMAC-SHA256
- Consumer Key: put the here.access.key.id value
- Consumer Secret: put the here.access.key.secret value
Go to the Body tab and select:
- x-www-form-urlencoded
- Key: grant_type, Value: client_credentials
Send the request. You should receive an access token. That one should work with your curl request.

Auth tab

Body tab

Note

For the record, the following, not using OAuth but an "API key" to be found under the REST section as well, also works:

curl https://geocode.search.hereapi.com/v1/geocode?apiKey=<REST-API-KEY>&q=5%20Rue%20Daunou%2C%2075000%20Paris%2C%20France

However the Geocode API Reference does not document the apiKey authentication, unlike other HERE API e.g. Routing, and I would not recommend it besides for occasional experiments with curl requests.

Coattail answered 20/8, 2020 at 21:54 Comment(0)

I found a very simple solution. I removed the Authorization header and added the "apiKey" query parameter to my URL.

For example:

https://revgeocode.search.hereapi.com/v1/revgeocode?48.2181679%2C16.3899064&lang=en-US&apiKey={TOKEN}

Minh answered 20/12, 2021 at 1:54 Comment(0)

Note

Recommended topics

Hot tags