Happy Business Starts Here


401 "this resource is protected" when calling outside of Postman

I am running the following cURL command from a Docker apache container:

okroot@80ab2ea4a383:/var/www/html# curl -X POST \
>   https://apisandbox-api.zuora.com/rest/v1/payment-methods/credit-cards \
>   -H 'accept: application/json' \
>   -H 'cache-control: no-cache' \
>   -H 'content-type: application/json' \
>   -H 'postman-token: bcb73ba1-cf38-03ce-1481-10490f74ceef' \
>   -H 'signature: OWQzYjdkZGY4ZmIzMzZhZGIwOWVmODdkOTA2MTNmNWQ4N2M3YWY1ZQ==' \
>   -H 'token: H6Q6cyQmUfm2GW9jTPYJzFDW3TC4LZTv' \
>   -d '{
>   "creditCardType": "Visa",
>   "creditCardNumber": "4111111111111111",
>   "expirationMonth": "3",
>   "expirationYear": "2018",
>   "securityCode": "123",
>   "defaultPaymentMethod": "true",
>   "cardHolderInfo": {
>     "cardHolderName": "Sugar Daddy",
>     "addressLine1": "123 Sugar Lane",
>     "city": "Test",
>     "state": "VA",
>     "zipCode": "23225",
>     "country": "USA"
>   },
>   "accountKey": "A00294289"
> }'

Locally, using Postman this call returns a success and a paymentId;however, when running on Docker (local, opened up to port 3000:3000) it fails w/ the following error:

  "success" : false,
  "reasons" : [ {
    "code" : 90000011,
    "message" : "this resource is protected, please sign in first"
  } ]

This exact call works fine locally using Postman (using the Postman chrome extension). It just fails when I run it on git-bash or on a container (I've tried the postman/newman_alpine33 and php:5.6-apache images, both opened up to localhost which has all the necessary access for our internal API's).


When running from Postman, the full header looks like this:

Content-Type: application/json
Connect-Time: 0
Accept-Encoding: gzip
Total-Route-Time: 0
Connection: close
Cache-Control: no-cache
X-Request-Id: 5a84a2f8-aa8e-401a-b578-9344fab20b62
Via: 1.1 vegur
Cookie: __cfduid=d1fa09744db03033b7edb95a0ce3567581507065628; session=eyJyZWNXbnQiOlsiMTVlOXkxbzEiXX0.DLWWog.ucH6BkRU_h7kJP-kE57bmJ4c8eM
Accept: application/json
Host: requestb.in
Cf-Ray: 3a8323deXae80844-IAD
Cf-Visitor: {"scheme":"https"}
Cf-Ipcountry: US
Postman-Token: 51b857b1-dc7b-aXfb-bee0-a5e227ec043a
Content-Length: 416
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Accept-Language: en-US,en;q=0.8,es;q=0.6
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Token: H6Q6cyQmUfm2GW9jTPYJzFDW3TX4LZTv

NOTE: The above headers were captured using https://requestb.in/15e9y1o1?inspect (a tool for catching the "real" headers on a request). The headers that were visibly stated on the successful Postman are the same as those used in the 401'ing cURL request.

Honor Student

Re: 401 "this resource is protected" when calling outside of Postman

Hi guys,


is there any progress with this issue, I have similar issue when testing Zuora rest api in Postman, but it returns code 401 when I'm using other tools (Advanced Rest Client, Salesforce dev console).

May it be there are some settings on Zuora side (for my api user) stating the source of requst?