1.  Home
  2. RPG400-L
  3. October 2025

Re: External Re: Auth 2.0

Sorry, I should have been more clear.

Post the exact HTTP request that is being made by HTTPAPI. There should
be a feature to do that in HTTPAPI (GETURI has it).

Then compare it to the HTTP request in POSTMAN. That can be found clicking
the <> in Postman. You'll see the exact HTTP request.

On Wed, Oct 15, 2025 at 7:20 AM (WalzCraft) Jerry Forss <
JForss@xxxxxxxxxxxxx> wrote:

The log

HTTPAPI Ver 1.41 released 2020-06-05
NTLM Ver 1.4.0 released 2014-12-22
OS/400 Ver V7R4M0

http_persist_open(): entered
http_long_ParseURL(): entered
DNS resolver retrans: 2
DNS resolver retry : 2
DNS resolver options: x'00000136'
DNS default domain: CABINET.COM
DNS server found: ip
DNS server found: ip
DNS server found: ip
Nagle's algorithm (TCP_NODELAY) disabled.
SNI hostname set to: login.microsoftonline.com

-------------------------------------------------------------------------------------
Dump of server-side certificate information:

-------------------------------------------------------------------------------------
Cert Validation Code = 6000
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Serial Number: 05:19:33:39:5D:75:58:5B:65:48:97:4F:05:8F:41:1E
Common Name: stamp2.login.microsoftonline.com
Country: US
State/Province: Washington
Locality: Redmond
Org Unit: Microsoft Corporation
Issuer CN: DigiCert SHA2 Secure Server CA
Issuer Country: US
Issuer Org: DigiCert Inc
Version: 3
not before: 20250918190000
Unknown Field: 19:00:00 18-09-2025
not after: 20260318185959
Unknown Field: 18:59:59 18-03-2026
pub key alg: 1.2.840.113549.1.1.1
signature algorithm: 1.2.840.113549.1.1.11
Unknown Field:
0382010F003082010A0282010100C9FE08BC2BCD9BF41D6797FBACE5DB39F2BBAB8E352C8C53502D7467CEEF853C1DB306AE48E8E9EBDCF86367505526B50596ADCE7994B03426F964788206DEB40145613D351CEC136C239D4F1105D650E46CB110FA9499D6CE09225082812FB2A9BD42A3E13C336764A36369BD15E10532B5E3C683191E9B7FBF651601EB8F74158BF11D240B703C40550EB553680A586FF3CB264F72173AB4DD172BC9AC61AED0CDC6738B2588D88185A7B8CE126F0D6470699347F268144EBEF63885EE418152B6DA06313D298DDB085861F7A93AD02F40B75FFE5F93419A93AE8F33190B6EB8E8A102796D7A384BC25103701DFD4810C2BADA6A428249EE9A5C9C7A985D950203010001
Unknown Field: 2048
Unknown Field: B9A926D3DE2ADA0D4C539F61F057548D
Unknown Field: 1.2.840.113549.2.5
Unknown Field: 6A141EA7819496385EF008CE7F6C9345422A4C3B
Unknown Field:
505A94BD9D8692F45222ABFA3084857CC47D087B57E7CDFACE88527921627F9A
Unknown Field: 5
Unknown Field: stamp2.login.microsoftonline.com
Unknown Field: 0
Unknown Field: 1.3.6.1.5.5.7.3.2
Unknown Field: 1.3.6.1.5.5.7.3.1
Unknown Field: 2.23.140.1.2.2
Unknown Field: http://ocsp.digicert.com

Protocol Used: TLS Version 1.2
http_persist_req(POST) entered.
http_long_ParseURL(): entered
http_long_ParseURL(): entered
do_oper(POST): entered
There are 0 cookies in the cache
POST /code/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
User-Agent: http-api/1.41
Content-Type: application/x-www-form-urlencoded
Content-Length: 221
application/x-www-form-urlencoded


senddoc(): entered
grant_type=client_credentials&client_id=client&client_secret=secret&scope=
https://tffproduction.onmicrosoft.com/code/.default
recvresp(): entered
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Date: Tue, 14 Oct 2025 17:36:57 GMT
Connection: close
Content-Length: 339


SetError() #13: HTTP/1.1 400 Bad Request
recvresp(): end with 400
recvdoc parms: identity 339
header_load_cookies() entered
recvdoc(): entered
SetError() #0:
recvdoc(): Receiving 339 bytes.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""
http://www.w3.org/TR/html4/strict.dtd";>
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html;
charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Header</h2>
<hr><p>HTTP Error 400. The request has an invalid header name.</p>
</BODY></HTML>

SetError() #13: HTTP/1.1 400 Bad Request
http_close(): entered

-----Original Message-----
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Brad
Stone
Sent: Tuesday, October 14, 2025 1:40 PM
To: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Subject: External Re: Auth 2.0

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.

Post the request, not the code if you can. You'll probably see the issue.
HTTPAPI must have a "debug" mode, right?

On Tue, Oct 14, 2025 at 11:10 AM Jean-Marc DUVAL via RPG400-L <
rpg400-l@xxxxxxxxxxxxxxxxxx> wrote:

Hi,

Why
rc = http_req('POST'
: APITokenURL
: ResponseFile
: *omit
: *omit
: FormData
: 'application/x-www-form-urlencoded');
and not
rc = http_req('POST'
: APITokenURL
: ResponseFile
: *omit
: *omit
: FormData
: Headers);

-----Message d'origine-----
De : RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> De la part de
(WalzCraft) Jerry Forss
Envoyé : mardi 14 octobre 2025 17:54
À : RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx> Objet :
Auth 2.0



ATTENTION : Ce message provient d'une source EXTERNE. Veuillez
n'ouvrir les liens ou pièces jointes que si vous êtes sûr de
l'expéditeur.



Hi All

I am trying to build a new API to call TForce for shipping requests
that uses Auth 2.0.

I have done this in the past for FedEx and works but having issues
with TForce.

I can get the access token in Postman but is failing when I try from
my RPG pgm.
I am sure it's just something basic I am not understanding.

Postman request

Authorization
Auth Type 2.0

Body
client_id What we got for TForce
client_secret What we got for TForce
scope What we got for TForce
grant_type client_credentials

Works fine getting token

My RPG code

//
======================================================================
==============
// Prototype SetTokenHeader
//
======================================================================
==============

Dcl-Proc SetTokenHeader;

//

----------------------------------------------------------------------------------
// Input Parameters
//
----------------------------------------------------------------------
------------

Dcl-pi *N;
Headers VarChar(2000);
End-pi;

//

----------------------------------------------------------------------------------
// Local Parameters
//
----------------------------------------------------------------------
------------

//

----------------------------------------------------------------------------------
// Data Structures
//
----------------------------------------------------------------------
------------

//

----------------------------------------------------------------------------------
// Mainline
//
----------------------------------------------------------------------
------------

Headers = 'application/x-www-form-urlencoded' + CRLF;

End-Proc;

//
======================================================================
============== // Prototype CreateToken - Generate Token //
======================================================================
==============

Dcl-Proc CreateToken;

//

----------------------------------------------------------------------------------
// Input Parameters
//
----------------------------------------------------------------------
------------

// Dcl-pi *n;
// Token VarChar(100);
// End-pi;

//

----------------------------------------------------------------------------------
// Local Parameters
//
----------------------------------------------------------------------
------------

Dcl-S FormData Varchar(1000);

//

----------------------------------------------------------------------------------
// Data Structures
//
----------------------------------------------------------------------
------------

// Token Response From API Call
Dcl-ds TokenResponse Qualified;

access_token VarChar(2000);
token_type Char(20);
expires_in Packed(7 : 0);
scope Char(20);

End-ds;

//

----------------------------------------------------------------------------------
// Mainline
//
----------------------------------------------------------------------
------------

ResponseFile = %Trim(Path) + 'TForce_Token_Resp.json';
Rc = http_xproc(HTTP_POINT_ADDL_HEADER : %paddr(SetTokenHeader));

FormData = 'grant_type=client_credentials' +
'&client_id=' + %Trim(ClientID) +
'&client_secret=' + %Trim(APIKeyLive) +
'&scope=' + %Trim(APIScope);

rc = http_req('POST'
: APITokenURL
: ResponseFile
: *omit
: *omit
: FormData
: 'application/x-www-form-urlencoded');

Fails with RC of 400

Response json

!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""
https://urldefense.com/v3/__http://www.w3.org/TR/html4/strict.dtd__;!!
J76aczzK!xAjRZysEN8m9RA6wZidwhN2QTclHubpQuBYJVnQc3wqkUxK9ZGhxbLN8iWEQR
g0dQzKxgDXGtlOFJ69DFXxs4zi0$ "> <HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type"
Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Bad Request -
Invalid Header</h2> <hr><p>HTTP Error 400. The request has an invalid
header name.</p> </BODY></HTML>




Subject to Change Notice:

WalzCraft reserves the right to improve designs, and to change
specifications without notice.

Confidentiality Notice:

This message and any attachments may contain confidential and
privileged information that is protected by law. The information
contained herein is transmitted for the sole use of the intended
recipient(s) and should "only"
pertain to "WalzCraft" company matters. If you are not the intended
recipient or designated agent of the recipient of such information,
you are hereby notified that any use, dissemination, copying or
retention of this email or the information contained herein is
strictly prohibited and may subject you to penalties under federal
and/or state law. If you received this email in error, please notify
the sender immediately and permanently delete this email. Thank You

WalzCraft PO Box 1748 La Crosse, WI, 54602-1748
https://urldefense.com/v3/__http://www.walzcraft.com__;!!J76aczzK!xAjR
ZysEN8m9RA6wZidwhN2QTclHubpQuBYJVnQc3wqkUxK9ZGhxbLN8iWEQRg0dQzKxgDXGtl
OFJ69DFfq5xCnQ$
<
https://urldefense.com/v3/__http://www.walzcraft.com__;!!J76aczzK!xAjR
ZysEN8m9RA6wZidwhN2QTclHubpQuBYJVnQc3wqkUxK9ZGhxbLN8iWEQRg0dQzKxgDXGtl
OFJ69DFfq5xCnQ$
Phone: 1-800-237-1326
--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a
message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
https://urldefense.com/v3/__https://lists.midrange.com/mailman/listinf
o/rpg400-l__;!!J76aczzK!xAjRZysEN8m9RA6wZidwhN2QTclHubpQuBYJVnQc3wqkUx
K9ZGhxbLN8iWEQRg0dQzKxgDXGtlOFJ69DFXgC-sSS$
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://urldefense.com/v3/__https://archive.midrange.com/rpg400-l__;!!
J76aczzK!xAjRZysEN8m9RA6wZidwhN2QTclHubpQuBYJVnQc3wqkUxK9ZGhxbLN8iWEQR
g0dQzKxgDXGtlOFJ69DFd1JxbRO$
.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.

--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a
message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related questions.


--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a
message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or
change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.




Subject to Change Notice:

WalzCraft reserves the right to improve designs, and to change
specifications without notice.

Confidentiality Notice:

This message and any attachments may contain confidential and privileged
information that is protected by law. The information contained herein is
transmitted for the sole use of the intended recipient(s) and should "only"
pertain to "WalzCraft" company matters. If you are not the intended
recipient or designated agent of the recipient of such information, you are
hereby notified that any use, dissemination, copying or retention of this
email or the information contained herein is strictly prohibited and may
subject you to penalties under federal and/or state law. If you received
this email in error, please notify the sender immediately and permanently
delete this email. Thank You

WalzCraft PO Box 1748 La Crosse, WI, 54602-1748
www.walzcraft.com<http://www.walzcraft.com> Phone: 1-800-237-1326
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.