Auth call 401 Unauthorized


I am sending a Auth call through postman and it works, as soon as I do the same call in angular it gives 401 Unauthorized.

my api call looks like the following:

      { headers: new HttpHeaders().append('Authorization', 'Bearer ' + `${this.token}`) }

my error in the console:
`[{status: 401, title: "Unable to validate access token"}]`

It is sending to my headers as shown in my network tab:

[{name: "Authorization", value: "Bearer 44a2389527e5922d6a3a80b2d00094f724050bd5", op: "a"}]

The token is valid as I still manually have to refresh it as I have not build in the auto refresh function.


Hey @handre thank you for posting this here, I will ask if one of our Dev Success team can take a look as we have spent time in DM debugging and not found the solution. One more question I should ask is, have you seen our js-sdk. It has code in that handles the authorization for you.

You can find it at

We also have code examples at and using the js-sdk. We also have a good getting started guide for the js-sdk here


Hi @drew

Yes I have seen your js-sdk however I prefer the do the API calls as it’s much more simpler in angular using api’s then implementing the js-sdk.

So if possible I would keep with the API.

I saw that when I do get requests, the Auth header gets send along, but when I do a POST or PUT request the headers are not being send, however I am using the same call, just changing from return this.http.get() to return


hi @drew

I am still waiting for feedback on this?

I got the authorization working, and refreshing, so I am not doing the call through postman anymore.
However when I get items it works, but when I send to cart, I get a 401 error


Hi @handre

You need to pass the Authorization header with every request. It sounds to me like the token has expired, invalid or missing to receive the 401.

You may wish to have a look at @moltin/request which is incredibly smaller than the JS SDK but takes care of passing the token along with every request. It exposes methods such as get, put, post, delete that you can use within your app.

I hope this helps :smile:


Hi @notrab

No the request is on an interval so after each hour it generates a new header request. that cancels out the time-out event.

I am also using the token to get cart, get products etc. but when I PUT to cart, or POST checkout I get a 401 error. I am not using your sdk as I am doing a pure api call app


@handre I’m struggling to understand what is going on in your application.

Are you able to provide more of the code you’re using to make these requests?

As for the “SDK”, the @moltin/request library is very small, and takes care of making the requests, I’d be interested to know if you still have the issue using that, if you don’t then it’s perhaps the way your token is being refreshed/sent.

Apologies I can’t be any further help.


ok here is my get product request:
allProducts() { return this.http.get(${this.uri}/v2/products?include=main_image, { headers: new HttpHeaders().set('Authorization', 'Bearer ' + localStorage.getItem('auth')) } ); }

This works perfectly fine. Here is my add to cart request:
addToCart() { return `${this.uri}/v2/carts/yourCart/items`, { headers: new HttpHeaders().set('Authorization', 'Bearer ' + localStorage.getItem('auth')) } ); }

Now I am getting a 401 error


@handre Thanks - what does the payload look like you’re sending to /carts/yourCart/items?

You’ll also need to send the Content-Type: application/json header with the POSTrequest.


Also, are you able to make the request using curl with the same access_token stored in localStorage.getItem('auth')?

        product_id: "xxx",
        quantity: "2", 
        type: "cart_item"

And it the content-type in the console is application/json in the headers that I am sending.



Hi @handre

The headers need to be sent as a header with the request, it shouldn’t exist inside the payload. If I’m not mistaken, the headers is the 3rd arg with Angular httpService.

If I make the same request as you, you can see the difference in my request headers/payload.

I hope this helps


Such a rooky error. Thanks man!


No worries - I’m glad you got it sorted :smile: