What does this ERROR code means "UNAUTHENTICATED_API_CALL"?

I am getting this error code on Create Customer API.
I did not find explanation for this Error Code.

I am not getting what I am doing wrong, Incorrect api Creadetails or account verification or incorrect api url??

This error means that one of your headers in the request is wrong.
Could be the access_key, signature, or the salt


This error drove me crazy when I was first learning the system. Basically it means that the request was malformed. It can come up in several contexts (maybe more):

  • One or more of the header fields is missing or has an invalid value (as @aviarviv pointed out).
  • There is an error in the calculation of the signature (possibly the body contains whitespace, or the body is represented by {} instead of being blank).
  • The HTTP verb is not correct.

Check the API Reference carefully. Once you get the hang of it, you will hardly ever see this error. I’m sorry the error does not provide more helpful instructions.

1 Like

I am getting this same error now, while orking through the access-payments sample, using Node.js for the back-end server.

Error: Network response was not OK. Check logs in the console.
    "message": {
        "error_code": "UNAUTHENTICATED_API_CALL",
        "status": "ERROR",
        "message": "access_key header is not valid",
        "response_code": "UNAUTHENTICATED_API_CALL",
        "operation_id": "e51d6e12-25b1-439b-ba84-85d5d3adb67c"

I traced the server side code and I do see my access key and secret values when looking at the this object fields, from a breakpoint set in the constructor for the RapydService object:

  constructor() {
    this._accessKey = config.accessKey;
    this._secretKey = config.secretKey;
    this._baseUrl = config.baseRapydApiUrl;

I didn’t see any instructions in the access-sample readme regarding signature calculations or creating a salt, so I assumed the sample code did that for me?

Any help would be appreciated because I am not sure what to try next to fix this.

1 Like

Thanks @NotWilliamShatner,

Per our own @isaac,

This is a node.js example The utilities.js file implements the signature calculation. You can refer to this at GitHub - RapydPayments/rapyd-request-signatures: When you send a request, you calculate the signature and insert the result into the signature header. When the platform receives the request, it performs the same signature calculation. If the resulting values do not match, the request is rejected.

He also follows this here: Rapyd Integrations: Request Signatures and How to Calculate - YouTube

I assume you are doing your development in the sandbox. You have to use the sandbox access key and secret key, and not the production keys. You get both from the Client Portal (when you are logged in as account owner), and you select one or the other with the Sandbox toggle at the lower left of the screen.

1 Like