C# – GET request works in browser, but I get Unauthorized when using Postman

cdynamics-crm-2016httphttp-getpostman

I am issuing a request via chrome: 

[org]/api/data/v8.1/accounts?$select=name,accountid&$top=3

and I get a reasonable response:

{
  "@odata.context":"[org]/api/data/v8.1/$metadata#accounts(name,accountid)","value":[
    {
      "@odata.etag":"W/\"769209\"","name":"Telco","accountid":"c6ed63e0-9664-e411-940d-00155d104b35"
    },{
      "@odata.etag":"W/\"752021\"","name":"Fourth Coffee","accountid":"d1eefc0a-3ebc-e611-80be-24be051ac8a1"
    },{
      "@odata.etag":"W/\"768036\"","name":"Fourth Coffee","accountid":"3cbb8d24-20bd-e611-80c0-24be051ac8a1"
    }
  ]
}

However, when attempting to do the same GET through postman, I am getting a 401 unauthorized!

I've tried with no headers at all, as well as basic auth:

Authorization:Basic Y2hybGFiXxxxxxxxxxxxxxcmQxMjM=

What am I doing wrong? Is there something I need to change within CRM to allow me to do GETs from postman?

The following are headers that Chrome uses (got this from DevTools):

  • Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
  • Accept-Encoding:gzip, deflate, sdch
  • Accept-Language:en-US,en;q=0.8
  • Authorization:Negotiate
    TlRMTVNTUAADAAAAGAAYAIoAAABkAWQBogAAAAwADABYAAAADgAOAGQAAAAYABgAcgAAABAAEAAGAgAAFYKI4gYBsR0AAAAPai35LURprYMgYVSwMQXi/2MAaAByAGwAYQBiAGEAZwBvAHIAZABvAG4ASABPAFUALQBXAFMALQBBAEcATwBSAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd0avVN8acJQKvlSN8hYrSgEBAAAAAAAAoBg7uZi80gEIIthtN5clBAAAAAACAAYARABFAFYAAQAUAEIAQQBOAEMAUgBNADIAMAAxADYABAAcAGQAZQB2AC4AYwBoAHIAbABhAGIALgBpAG4AdAADADIAQgBBAE4AQwBSAE0AMgAwADEANgAuAGQAZQB2AC4AYwBoAHIAbABhAGIALgBpdddddddddddddddbABhAGIALgBpAG4AdAAHAAgAoBg7uZi80gEGAAQAAgAAAAgAMAAwAAAAAAAAAAEAAAAAIAAAccTLbO5YZuNnhdCDsjPCg1YXJuNv0XuASIhHrWWBg7kKABAAAAAAAAAAAAAAAAAAAAAAAAkAPABIAFQAVABQAC8AYgBhAG4AYwByAG0AMgAwADEANgAuAGQAZQB2AC4AYwBoAHIAbABhAGIALgBpAG4AdAAAAAAAAAAAAAAAAACtRrU1oDZ/XXRVVEUuj0yT
  • Cache-Control:max-age=0
  • Cookie:ReqClientId=42484e9a-f488-41a9-a016-1cd6e5820b3c
  • Host:myhost….
  • Proxy-Connection:keep-alive
  • Upgrade-Insecure-Requests:1
  • User-Agent:Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Mobile Safari/537.36

Best Answer

First, login into CRM and leave the tab sitting there.

Go into POSTMan

Enable the Interceptor (see image) interceptor

Enter the URL and hit SEND, just like that. POSTMan will take care of cookies and headers on its own, and you'll see the results.

If you logout from CRM, POSTMan will obviously no longer be able to issue the requests and will return 401 instead.

Related Topic