Unauthorized when trying to connect from Node Red to Cumolocity using REST

Hi everyone!

I currently use Cumolocity IoT (Free Trial) and Node-Red v3.1.0 and I need to communicate my field equipment through node-red and send the information to Cumolocity IoT.

Reviewing information from the documentation I found the following: “Device Integration using REST”

However, when I use my nodes in node red I get an invalid credentials error when trying to send data via REST (HTTP Request node):

Error Message:

msg.payload : string[200]

“{“error”:“security/Unauthorized”,“message”:“Invalid credentials! : Bad credentials”,“info”:“htp/www.cumulocity.com/guides/reference/rest-implementation//#a-name-error-reporting-a-error-reporting”}”

I share some screenshots of my node flow and configuration:

  • Node-Red Flow:
    It consists of an inject node, connected to a function node and finally sent through an “HTTP Request” node

  • Configuration of HTTP REQUEST node:

  • Configuration of FUNCTION node:

const newDeviceData = {*
“c8y_IsDevice”: {},*
“name”: “HelloWorldDevice”*

msg.payload = newDeviceData;
return msg;

  • Credentials of User
    The user “AFlores” has all the roles and privileges of Cumolocity IOT

Finally comment on my tenant information:

TenantId: env770035
User: AFlores

PS1: The interesting thing is that with this account env770035/AFlores I have been able to communicate via MQTT to Cumolocity IoT (Free Trial)

PS2: For the username and password in RES, I understand that it must be encoded in Base 64 under the following nomenclature “Basic TenantID/User:Password”, and that is how it is configured in the red node (HTTP REQUEST NODE), however the error does not disappear.

I thank everyone for their support and I hope you can give me some idea of what is happening.


two things you could check:

  1. When you go in your Tenant UI to Administration > Accounts > Users and click on this user, does it say You cannot edit the user since it is managed via your authorization server?

  2. Can you open a terminal and send this curl (fill in your password first):

curl 'https://env770035.us.cumulocity.com/inventory/managedObjects' -v -u 'env770035/AFlores:<your-password>'

It should return a list of 5 JSON Objects. Did it? If yes, is the Authorization header shown in curl output the same as you are using in Node Red?


Regarding the first point, this message does not appear.

In relation to the second I get the following error:

C:\Windows\System32>curl ‘ttps://env770035.us.cumulocity.com/inventory/managedObjects’ -v -u ‘env770035/AFlores:***’

  • Closing connection -1
    curl: (3) URL using bad/illegal format or missing URL

PD: I deleted the H from HTTP because they won’t let me post links even though I’m new to the forum.

That happens when I run the command from CMD with administrator rights. About the curl I have the following information:

C:\Windows\System32>curl --version
curl 8.0.1 (Windows) libcurl/8.0.1 Schannel WinIDN
Release-Date: 2023-03-20
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets

I am doing something wrong?

Just a guess, but I suspect there are some invalid characters (e.g. a instead of '), but I’m not sure if it is just a problem with the rendering on the website after you’ve pasted it.

I just checked how CMD handles single quotes, and it seems that CMD interprets single quotes as normal characters…therefore you need to use double quotes " instead.

It is best to use code blocks for this information, .e.g. using triple backquotes

For example, if you use the following markdown (the language accepted the tech community):

curl "https://env770035.us.cumulocity.com/inventory/managedObjects" -v -u "env770035/AFlores:***"

Then it renders it using a nice formatted block (as seen below)…this should reduce copy/paste errors:

curl "https://env770035.us.cumulocity.com/inventory/managedObjects" -v -u "env770035/AFlores:***"

The above command “worked” fine (apart from getting a permission denied errors since I’m using a dummy password).

Thanks for the support! With this the communication worked correctly.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.