Response status code was not ok: 401


I cloned [](https://V2 node_orders-payments) and entered in my correct ENV tokens for my Sanbox application Order-Ahead App.

I first ran:

npm install

with no issue.

And next ran:

npm test

I am now getting the following Browser response:

and in my terminal:

Retrieving currency failed:  ApiError: Response status code was not ok: 401.
    at /Users/swim/Documents/GitHub/Square/connect-api-examples/connect-examples/v2/node_orders-payments/node_modules/@apimatic/core/lib/http/requestBuilder.js:367:23
    at DefaultRequestBuilder.<anonymous> (/Users/swim/Documents/GitHub/Square/connect-api-examples/connect-examples/v2/node_orders-payments/node_modules/@apimatic/core/lib/http/requestBuilder.js:179:50)
    at step (/Users/swim/Documents/GitHub/Square/connect-api-examples/connect-examples/v2/node_orders-payments/node_modules/@apimatic/core/node_modules/tslib/tslib.js:193:27)
    at (/Users/swim/Documents/GitHub/Square/connect-api-examples/connect-examples/v2/node_orders-payments/node_modules/@apimatic/core/node_modules/tslib/tslib.js:174:57)
    at fulfilled (/Users/swim/Documents/GitHub/Square/connect-api-examples/connect-examples/v2/node_orders-payments/node_modules/@apimatic/core/node_modules/tslib/tslib.js:164:62)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
  request: {
    method: 'GET',
    url: '',
    headers: {
      authorization: 'Bearer undefined',
      'user-agent': 'Square-TypeScript-SDK/22.0.0 (2022-09-21) node/18.14.0 (darwin) ',
      'Square-Version': '2022-09-21'
  statusCode: 401,
  headers: {
    date: 'Thu, 27 Jul 2023 18:54:52 GMT',
    'content-type': 'application/json',
    'content-length': '161',
    connection: 'close',
    'cf-ray': '7ed717ea6e04b12f-ATL',
    'cf-cache-status': 'DYNAMIC',
    'strict-transport-security': 'max-age=631152000; includeSubDomains; preload',
    vary: 'Origin, Accept-Encoding',
    'x-content-type-options': 'nosniff',
    'x-download-options': 'noopen',
    'x-frame-options': 'SAMEORIGIN',
    'x-permitted-cross-domain-policies': 'none',
    'x-sq-dc': 'sjc2b',
    'x-sq-envoy-safe-auth-decision': 'UNAUTHORIZED',
    'x-sq-region': 'sjc2b',
    'x-xss-protection': '1; mode=block',
    'set-cookie': [
      '__cf_bm=hhDEn_nS876xL9FWLUCno3B2j9gDngJ1rc60.ObNmXU-1690484092-0-AWgjVT04EfySp4vmfU2k/BJG64z9VKQ23aDSbdvuhvfq7GnofDQEPDg9ZL9aKQZikZElTSfCQmAaHMtpBlX2qOE=; path=/; expires=Thu, 27-Jul-23 19:24:52 GMT;; HttpOnly; Secure; SameSite=None'
    server: 'cloudflare'
  body: '{\n' +
    '  "errors": [\n' +
    '    {\n' +
    '      "category": "AUTHENTICATION_ERROR",\n' +
    '      "code": "UNAUTHORIZED",\n' +
    '      "detail": "This request could not be authorized."\n' +
    '    }\n' +
    '  ]\n' +
  result: [Object: null prototype] { errors: [ [Object: null prototype] ] },
  errors: [
    [Object: null prototype] {
      category: 'AUTHENTICATION_ERROR',
      code: 'UNAUTHORIZED',
      detail: 'This request could not be authorized.'

The application and account were created in the US, but I am traveling Internationally for a few weeks. I wondered if this was a location issue, so I accessed an Atlanta VPN node through NordVPN and got the same issue.

Please advise.

Hi @xocrates ,
I was also able to reproduce a similar 401 in my browser when I mistakenly used my production API credentials in my .env instead of my sandbox API credentials.

Can you confirm, what is your sandbox application id? You can get this from Developer Dashboard → Open your application → Ensure you are toggled to sandbox on the top middle, and copy the sandbox API credentials.
And please DO NOT share your access token, just the sandbox application id.

Hey @Lance-Square ,

For sure:

And in my .env:

Hi @Lance-Square,

Any thoughts on the above? If you look closely at the terminal error I provided, there are two lines that stand out to me:

    headers: {
      authorization: 'Bearer undefined',


    'x-sq-envoy-safe-auth-decision': 'UNAUTHORIZED',
    'x-sq-region': 'sjc2b',
    'x-xss-protection': '1; mode=block',

Let me know what you think, thanks

did you set your env access token?
do not share it. Are you working on an app for 3rd party use? or personal?
If only for personal use you do not have to deal with Oauth, and as such the application_id does not even need to be sent.
the Authorization: Bearer <access_token> is all that is needed.

I removed the SQUARE_LOCATION_ID key from my .env, which now works. I am able to continue messing around with the example build. Thank you. Any reason why this resolved my issue?

Hey @xocrates, it’s possible that the Location ID had an invalid value that was causing the access token to fail to set. In any case, happy to hear you’re able to work with the example!