Clear authorization header on rest call redirect

Yopisn · 3 weeks ago

Hello,

I am calling a third party API get method that redirect to AWS API.

My call is done using REST step in a Flow and ends with this error: <Error><Code>InvalidArgument</Code><Message>Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified</Message>

If I use Postman with the same request, it works because they have a default setting Follow Authorization header (Retain authorization header when a redirect happens to a different hostname.) that is set to OFF by default. If I set it to ON, I get the same error I get in ServiceNow.

Meaning, I need to delete the Authorization header at the time of the redirect. But I am not able to find anything in ServiceNow that would do that, even by using a Script step in my Flow and calling sn_ws.RESTMessageV2().

Does someone has a clue on how to solve that?

Naveen20 · 3 weeks ago

Can you try this
Run a probe that hits the third-party API, captures the Location header from the 302, then issues a second curl to that URL with no Authorization, and returns the body to your Flow.

Yopisn · 3 weeks ago

Thanks @Naveen20 , that sounds promising solution. However, what do you mean by "Run a probe"? What should I do? If I call the API ServiceNow does the redirect automatically.

Naveen20 · 3 weeks ago

That should do