Multiple authorisation issue

Hi there!
Is there any way to pass multiple authorization keys in API requests? I’ve tried searching but couldn’t find any useful information at once. Maybe there were something similar but I couldn’t distinguish it in the lines of code :frowning_face:
So here’s the issue: my endpoint has both basic and oauth at the same time. I’ve tried setting them in headers

but the issue still remains.
The server responds with “401” error as basic auth hasn’t been passed. Could anyone please advise how to solve the issue?
Thanks in advance!

Hey @Anton_IA,

Have you tried using both the Authorization tab and the Headers tab to set-up your request?
You could use the Authorization tab for OAuth as explained in the documentation ( and the Headers tab for the Basic Auth as shown here (

Let us know if that works!

Hi @arlemi, thank you so much for your response! Yes, I’ve tried that as well. The thing is when I’m using both of them, the Auth headers generated by Postman automatically (temporary ones) overwrite those that I set manually in the headers so in such case, unfortunately, I can use only Oauth based on your example.

Do you happen to know any other solution?


Looking at the screenshot you posted in the first message, were you trying coma-separated value? It seems to be the recommendation according to that StackOverflow answer.

If this doesn’t work, could you detail a bit more what’s your use-case? That should make it easier for us to find a solution. :slight_smile:

1 Like

Thanks, @arlemi! You’re totally correct: I’ve been using just spaces between authorizations. Setting them comma-separated solves the issue. Thank you so much for your help! :+1:

1 Like

Hey @Anton_IA, If Arlemi’s answer solved your query can you please mark that answer a “Solution” for this thread?

1 Like

It does not work for me with comma-separated. Please help!

“fault”: {
“faultstring”: “Invalid Access Token”,
“detail”: {
“errorcode”: “keymanagement.service.invalid_access_token”

Hi @pxzxz,
Unfortunately, it’s all quite server-dependent. If your application accepts multiple auth headers, it’ll work for you. In my case, it worked, however, when I tried the same with many other applications, it worked from time to time, not as frequently as I wanted.
If it doesn’t work, most likely you’ll need to whitelist your IP in your server configuration to bypass basic auth or to pass username&password in the request URL with the following structure:
What application exactly do you call? Is it a widely known one?
Hope this helps you!

Hello @Anton_IA ,
I am running the API on Postman.
I am sure that I do not need to whitelist my IP as I am able to get the response without OAuth2.