Skip to main content
Question

Storing the Access Token using GET request with HTTP Caller

  • March 23, 2026
  • 3 replies
  • 47 views
fionasin
Contributor
Forum|alt.badge.img+13

I have an HTTP caller using a GET Request, to access an API site using a Web Connection for authentication. I am trying to find a way for it to return (either within the JSON response body or otherwise) the access token which is generated when the process runs

I have Accept and Content Type as my headers. 

I have tried: 

  • Storing the cookies
  • doing grant_type = client_credentials in the Query String Parameters. 
  • Creating a list for the Headers (no token content within that)

In the setting for my web connection, I have this:

But I am not returning anything called ‘access_token’ in the response body. To be clear, my process works as intended, but due to new constraints we need to store the access token that is generated every time to store it to use downstream

    3 replies

    itsmatt
    Celebrity
    Forum|alt.badge.img+47
    • itsmattCelebrity
    • Celebrity
    • March 23, 2026

    I’m not sure if I’ve 100% understood your problem but I’ll do a dump of information which may or may not be helpful 😅. 

    The stuff which happens in with web connection is not included in the _response_body, this is abstracted away in a kind of pre request. 

    Every time a web connection (like yours) get uses FME should first check to see if the token it has is expired based on the Expiry Time. If it decides it’s expired then it will generate a new token using the Access Token Request parameters. FME should automatically be storing and reusing the token.

    The required API request will then be made with the token put where it needs to be defined by the web connection (in the API Call Parameters).

    If you turn on Debug logging in FME you can see some information:
     

    938587  Retrieving connection 'localhost 80'
    938594  Retrieving web service 'FME Server'
    938550  Connection access token expiry information: Current time ('1774296539'), Expiry time ('1774900754')
    925673  HTTPCaller (HTTPFactory): Certificate verification will be disabled because verification is turned off for the 'localhost 80' web connection
    416487  HTTPCaller (HTTPFactory): Using the 'SChannel' TLS library for HTTPS/FTPS connections
    416468  HTTPCaller (HTTPFactory): [1]: HTTP info: Host localhost:80 was resolved.
    416468  HTTPCaller (HTTPFactory): [1]: HTTP info: IPv6: ::1
    416468  HTTPCaller (HTTPFactory): [1]: HTTP info: IPv4: 127.0.0.1
    416468  HTTPCaller (HTTPFactory): [1]: HTTP info:   Trying [::1]:80...
    416468  HTTPCaller (HTTPFactory): [1]: HTTP info: Connected to localhost (::1) port 80
    416468  HTTPCaller (HTTPFactory): [1]: HTTP info: using HTTP/1.x
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: GET /fmeapiv4/jobs HTTP/1.1
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: Host: localhost
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: User-Agent: FME/2025.7.54.25827  libcurl/8.15.0 (OpenSSL/3.5.4) Schannel zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 WinIDN libssh2/1.11.1 nghttp2/1.63.0
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: Accept: */*
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: Accept-Encoding: deflate, gzip, br, zstd
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: Connection: Upgrade, HTTP2-Settings
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: Upgrade: h2c
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: HTTP2-Settings: AAMAAABkAAQAAQAAAAIAAAAA
    416468  HTTPCaller (HTTPFactory): [1]: HTTP request header: Authorization:  ********
    416468  HTTPCaller (HTTPFactory): [1]: HTTP info: Request completely sent off
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: HTTP/1.1 401 
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: X-Content-Type-Options: nosniff
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: Pragma: no-cache
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: Expires: 0
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: vary: accept-encoding
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: Content-Encoding: gzip
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: Content-Type: application/json;charset=UTF-8
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: Transfer-Encoding: chunked
    416468  HTTPCaller (HTTPFactory): [1]: HTTP response header: Date: Mon, 23 Mar 2026 20:08:59 GMT
    416483  HTTPCaller (HTTPFactory): [1]: Starting HTTP download from 'localhost'
    416468  HTTPCaller (HTTPFactory): [1]: HTTP info: Connection #0 to host localhost left intact
    416455  HTTPCaller (HTTPFactory): [1]: HTTP transfer summary (localhost): status code: 401, download size: 55 bytes, DNS lookup time: 0 ms, total transfer time: 5 ms
    938587  Retrieving connection 'localhost 80'
    938594  Retrieving web service 'FME Server'
    938550  Connection access token expiry information: Current time ('1774296540'), Expiry time ('1774296539')
    929039  Updating access token in connection storage for 'localhost 80'
    925672  HTTPCaller (HTTPFactory): Sleeping for 0.5 seconds due to retry backoff
    416468  HTTPCaller (HTTPFactory): [2]: HTTP info: Re-using existing http: connection with host localhost
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: GET /fmeapiv4/jobs HTTP/1.1
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: Host: localhost
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: User-Agent: FME/2025.7.54.25827  libcurl/8.15.0 (OpenSSL/3.5.4) Schannel zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 WinIDN libssh2/1.11.1 nghttp2/1.63.0
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: Accept: */*
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: Accept-Encoding: deflate, gzip, br, zstd
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: Connection: Upgrade, HTTP2-Settings
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: Upgrade: h2c
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: HTTP2-Settings: AAMAAABkAAQAAQAAAAIAAAAA
    416468  HTTPCaller (HTTPFactory): [2]: HTTP request header: Authorization:  ********
    416468  HTTPCaller (HTTPFactory): [2]: HTTP info: Request completely sent off
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: HTTP/1.1 422 
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: X-Content-Type-Options: nosniff
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: Pragma: no-cache
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: Expires: 0
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: vary: accept-encoding
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: Content-Encoding: gzip
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: Content-Type: application/json
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: Transfer-Encoding: chunked
    416468  HTTPCaller (HTTPFactory): [2]: HTTP response header: Date: Mon, 23 Mar 2026 20:09:02 GMT
    416483  HTTPCaller (HTTPFactory): [2]: Starting HTTP download from 'localhost'
    416468  HTTPCaller (HTTPFactory): [2]: HTTP info: Connection #0 to host localhost left intact
    416455  HTTPCaller (HTTPFactory): [2]: HTTP transfer summary (localhost): status code: 422, download size: 96 bytes, DNS lookup time: 0 ms, total transfer time: 17 ms

    In the above case I’ve used an FME Server web connection and called localhost/fmeapi4/jobs.

    In the first 3 lines you can see that FME has checked the expected expiry time of the token and has decided that the local one it has should still be valid (“Expiry time” is bigger than “Current time”). 

    Next it makes the request defined in the HTTPCaller. All the lines with the [1] relate to the first call. in the request headers we can see one called “Authorization *******” - This is where the token is used.

    In the response headers if we look at the Status we see a 401 error which is typical of a permissions issue - This is because I disabled/invalidated the token on FME Flow. 

    Before the next request we see some more lines relating to the web connection. This time the expiry time is smaller than the current time (presumably because it was returned a 401 error it updated the expiry time). There is then a line “Updating access token in connection storage...” - This is where we see FME using the web connection to generate a new token based on what’s defined in the connection.      

    We then see a follow up request [2]. This also has an Authorization header set but this will be with a new token. The response it a 422, which means I messed up my request but it was authenticated. 

     

    itsmatt
    Celebrity
    Forum|alt.badge.img+47
    • itsmattCelebrity
    • Celebrity
    • March 24, 2026

    FME should be keeping the latest token in the web connection storage locally, so if you’re reusing the same web connection it should be reusing it unless it’s expired. You can turn on Debug logging to see if FME is always updating the token via the web connection. You wont be able to see the actual token though, it’s usually represented with **** in the Authorization header.

    If you need to get the token then you’ll need to replicate the behavior of the web connection with HTTPCallers (without using a web connecion). 

     

      ebygomm
      Influencer
      Forum|alt.badge.img+48
      • ebygommInfluencer
      • Influencer
      • March 25, 2026

      If you need to store the access token, a possible solution is to use python to retrieve the access token using the web connection and then you can store this and use in a http caller

       

      import fme
      import fmeobjects
      import fmewebservices



      def processFeature(feature):
          ws = fmewebservices.FMENamedConnectionManager().getNamedConnection("Esri ArcGIS Oauth")
          tk = ws.getAccessToken()
          feature.setAttribute("accesstoken",tk)

       

      Community Stats

      32,397
      Posts
      123,141
      Replies
      40,505
      Members
      Terms & ConditionsCookie settingsAccessibility statement
      A product of
      Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.