While Basic Authentication might be tempting for quick tests, you should always secure your SAS Viya production workflows by using OAuth tokens generated via a service account (Client Credentials flow). Additionally, be sure to anticipate token expiration by building automatic renewal logic (Refresh Tokens) directly into your REST automation scripts.
When getting started with SAS© Viya™, and more specifically when automating tasks via the CAS REST API, it is common to want to create sessions programmatically.
However, a frequent error can occur when using tools like cURL to initiate these sessions: the HTTP 403 status code. This article explains why this error occurs and how to fix it to interact correctly with your SAS© services.
Imagine the following scenario: you are working on a deployment image (like a PDC image) and you try to create a new CAS session by sending a PUT request to the sessions endpoint.
Your command might look like this:
To solve this problem, you must provide valid authentication information in your HTTP request. Two main methods are available:
This is the most direct method for quick tests. You pass your username and password directly in the request.
⚠️ Security Warning: Basic authentication encodes your credentials in Base64, which is easily decodable. It is imperative to use this method only over HTTPS (secure port) to prevent your credentials from being transmitted in clear text over the network.
The standard and most secure method for modern applications is to use an OAuth token.
Instead of sending your password with every request, you first obtain an access token and then include it in the header of your API calls.
Header Syntax:
You must add an Authorization header containing your token:
1
1 Authorization: Bearer
If you encounter a 403 error on the CAS API, it's a sign that the server doesn't know who you are. Make sure to include valid credentials (secure Basic Auth or an OAuth Token) to unlock access and successfully create your session.
Los códigos y ejemplos proporcionados en WeAreCAS.eu son con fines educativos. Es imperativo no copiarlos y pegarlos ciegamente en sus entornos de producción. El mejor enfoque es comprender la lógica antes de aplicarla. Recomendamos encarecidamente probar estos scripts en un entorno de prueba (Sandbox/Dev). WeAreCAS no acepta ninguna responsabilidad por cualquier impacto o pérdida de datos en sus sistemas.