When getting started with SAS© Viya™, and more specifically when automating tasks via the CAS REST API, it is common to want to create sessions programmatically.
However, a frequent error can occur when using tools like cURL to initiate these sessions: the HTTP 403 status code. This article explains why this error occurs and how to fix it to interact correctly with your SAS© services.
Imagine the following scenario: you are working on a deployment image (like a PDC image) and you try to create a new CAS session by sending a PUT request to the sessions endpoint.
Your command might look like this:
To solve this problem, you must provide valid authentication information in your HTTP request. Two main methods are available:
This is the most direct method for quick tests. You pass your username and password directly in the request.
⚠️ Security Warning: Basic authentication encodes your credentials in Base64, which is easily decodable. It is imperative to use this method only over HTTPS (secure port) to prevent your credentials from being transmitted in clear text over the network.
The standard and most secure method for modern applications is to use an OAuth token.
Instead of sending your password with every request, you first obtain an access token and then include it in the header of your API calls.
Header Syntax:
You must add an Authorization header containing your token:
1
1 Authorization: Bearer
If you encounter a 403 error on the CAS API, it's a sign that the server doesn't know who you are. Make sure to include valid credentials (secure Basic Auth or an OAuth Token) to unlock access and successfully create your session.
The codes and examples provided on WeAreCAS.eu are for educational purposes. It is imperative not to blindly copy-paste them into your production environments. The best approach is to understand the logic before applying it. We strongly recommend testing these scripts in a test environment (Sandbox/Dev). WeAreCAS accepts no responsibility for any impact or data loss on your systems.