Okta Telephony Inline Hook with TeleSign Fails with "401 Unauthorized" Error
Last Updated:
Overview
An organization is attempting to integrate TeleSign as a third-party telephony provider for Okta SMS factors. Despite having a valid Customer ID and API Key, the setup preview returns the error mentioned below, indicating that TeleSign is rejecting the credentials provided in the hook configuration.
Remote server responded with client error, responseCode=401 message=Unauthorized
Applies To
- Okta Identity Engine (OIE)
- Telephony Inline Hook
- Initial Setup
- Credential Update
Cause
TeleSign requires Basic Authentication for its API. The error occurs when the Authorization header in the Okta Inline Hook configuration is either missing or contains a string that is not properly formatted as a Base64-encoded pair of the Customer ID and API Key.
Solution
To resolve the error, manually generate the Base64-encoded string and apply it correctly to the Inline Hook's Authorization header.
- Locate the Customer ID and API Key from the TeleSign portal.
- Combine them into a single string using the format:
CustomerID:APIKey. Ensure there is a colon punctuation mark between them. - Convert that entire string (including the colon) into a Base64 encoded format.
- Example: If the Customer ID is
123and the API Key isabc, encode123:abcto getMTIzOmFiYw==.
- Example: If the Customer ID is
- Update Okta Configuration:
- Log in to the Okta Admin Console.
- Navigate to Workflow > Inline Hooks.
- Select the TeleSign Telephony Hook.
- Under Authentication -> HTTP Headers.
- In the Authentication Secret field, enter the word
Basicfollowed by a space and the Base64 string. - Format:
Basic [Example_Base64_String].
- Test: Use the Preview tab in the Hook configuration to verify the 200 OK response.
