Help on C# HttpClient

Justas · February 26, 2026, 12:03pm

Can anyone help on rest request issue? For few years we used this code and it was working, today it stopped working. Response gives an error:

{StatusCode: 401, ReasonPhrase: ‘Unauthorized’, Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:{ Date: Thu, 26 Feb 2026 11:50:06 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-cache WWW-Authenticate: Basic realm=‘Epicor ICE’}}

Can not find where the issue is, in postman the same link with the same credentials works as usual.

Even tried to test HttpClient generated script from postman, but it gives the same error. Can anyone get me on track?

This is code used to get data from BAQ:

        public async Task<List<JCDeptDataModel>> GetJCDeptData(string http, string user)
        {
            string url = http;
            string authorizationHeader = $"Basic {user}";

            using (HttpClient client = new HttpClient())
            {
                client.DefaultRequestHeaders.Add("Authorization", authorizationHeader);

                try
                {
                    HttpResponseMessage response = await client.GetAsync(url);
                    if (response.IsSuccessStatusCode)
                    {

MarkBetts · February 26, 2026, 12:18pm

Do you have a redirect on the endpoint by anychance? Have you changed Epicor version at all as V1 is now a tickbox against the user

try using the AuthenticationHeaderValue class:
HttpClient _httpClient;

var password = “abcd”
var KineticUserName = “kineticusername”
var creds = Convert.ToBase64String(
System.Text.Encoding.ASCII.GetBytes($“{KineticUserName}:{password}”));
_httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue(“Basic”, creds);

Justas · February 26, 2026, 12:26pm

I dont think that we have redirect. V1 checkbox marked. Interestingly that this app used on many tablets and today it started failing, now i checked the last working tablet. The app was booted yesterday and it was still working (retrieved responses) but when i restarted app, it stopped working. Can this be related with windows framwork update?

MarkBetts · February 26, 2026, 12:35pm

Never say never but I have not had a .net update break something like this. Any firewall changes or endpoint redirects? We had the same issues Monday when we migrated as we had a redirect on the old endpoint to the new.

Justas · February 26, 2026, 12:47pm

Checked with postman, i have no knowledge here, but the result i guess says that it has been redirected?

MarkBetts · February 26, 2026, 12:54pm

Yes that looks like a redirect to me. Change the endpoint to where ever it’s moved too.

Dropping the auth header is expected behaviour in .net if it hits a redirect.

Jeff_Owens · February 26, 2026, 1:55pm

Hi folks,

As of this morning, we’re also getting this 401 Unauthorized error but only when calling BaqSvc from the REST client. We’ve made no code changes and the client has been working forever until now.

All calls direct to the endpoint work fine outside of the client (aka direct via a browser or the ResstHelp interface), or if the client calls the Erp.BO.X endpoints direct as well (are fine).

What’s the takeaway here? That something happened last night that changed now causing this issue?

BTW, we’re using the @josecgomez client.

josecgomez · February 26, 2026, 2:15pm

I’m seeing this too in a lot of places. But not in C# in Node. I think microsoft or someone did something to break.. something… I"m investigating, but its driving me crazy.

What’s the specific call that is failing on your end? And what version of Epicor or .net are you on.

Jeff_Owens · February 26, 2026, 2:18pm

We’re testing right now on a core console application to see if we can reproduce there on the latest rest client.

For now, though, it’s 100% reproducable calling any BAQ via using the V1 client:

dynamic result2 = EpicorRest.DynamicGet(“Erp.BO.CountrySvc”, “Countries”, parameters);
… returns data (including any Erp.BO.XXX call)

dynamic result3 = EpicorRest.DynamicGet(“BaqSvc”, “TI-PartPurchasedDetail”, parameters);
… returns null (no matter the BAQ called)

UPDATE: Just also got it to happen on core running the V2 client, albeit seems intermittent. Dunno, seems squirrely (how you like that descriptive @klincecum?)

utaylor · February 26, 2026, 2:25pm

Thank you in advance for your time. Looking forward to hearing what you and @Jeff_Owens find.

klincecum · February 26, 2026, 2:26pm

So You Think You Can Dance Danceonfox GIF by FOX TV

MarkBetts · February 26, 2026, 2:32pm

Check to see if you have a redirect on the endpoint.

Justas · February 26, 2026, 2:38pm

In my case it was redirect and fix was simple when MarkBetts got me on track. used this url : https://xxx.epicorsaas.com/xxx/api/v1/BaqSvc/MyBAQ

This is new one:
https://xxx.epicorsaas.com/xxx/api/v1/BaqSvc/MyBAQ/

just added / at the end of url

Jeff_Owens · February 26, 2026, 2:38pm

We tried running in Fiddler and don’t even see a call out logged. Not sure how to troubleshoot that – maybe masked by the RestClient? Dunno.

Jeff_Owens · February 26, 2026, 2:56pm

That’s interesting to note @josecgomez … when we visit the endpoint in the browser, we can see that it does a redirect to include the / before the query parameters.

…/api/v1/BaqSvc/TI-PartBOMSingleLevel?$top=1000

redirects to

…/api/v1/BaqSvc/TI-PartBOMSingleLevel/?$top=1000

which explains why our manual tests works, but not in the client.

WORK-AROUND → see this post

MarkBetts · February 26, 2026, 2:59pm

Please tell me epicor don’t change endpoints on their cloud without telling people . This will break any .net program that doesn’t handle redirects (you shouldn’t just accept a redirect as a place to send credentials)

ryanw · February 26, 2026, 3:00pm

The RestSharp RestClient class has a bool property “FollowRedirects” which appears to initialize to false by default. I am curious what would happen if setting that to true.

MarkBetts · February 26, 2026, 3:05pm

It’s not that you cannot do that in a normal .net class it’s, from a security point of view, a bad idea:

var handler = new HttpClientHandler
{
    AllowAutoRedirect = false
};

using var client = new HttpClient(handler);

var request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization =
    new AuthenticationHeaderValue("Bearer", token);

var response = await client.SendAsync(request);

if ((int)response.StatusCode >= 300 && (int)response.StatusCode < 400)
{
    var redirectUrl = response.Headers.Location;

    var redirectRequest = new HttpRequestMessage(HttpMethod.Get, redirectUrl);
    redirectRequest.Headers.Authorization =
        new AuthenticationHeaderValue("Bearer", token);

    response = await client.SendAsync(redirectRequest);
}

Jeff_Owens · February 26, 2026, 3:48pm

UPDATE: For anyone needing an immediate fix who’s using the RestClient, this was the workaround we implemented for BAQSvc calls.

dynamic result = EpicorRest.DynamicGet(“BaqSvc”, “TI-PartPurchasedDetail/”, parameters);

We just simply applied the extra “/” to the end of the BAQ name, which the RestClient then uses in the string formatting to achieve the correct URL (see previous post).

Evan_Purdy · February 26, 2026, 4:25pm

Its nice, this thread came up just before my users complained about an issue, so I instantly knew what it was.