Error 401 Unauthorized when logging in to Freshdesk on Invantive

When connecting to Freshdesk using Invantive Query Tool, I get the following error using 20.1.532 on Invantive Query Tool and Invantive Control for Excel:

A connection to the database ‘Business Apps\Freshdesk’ could not be established as user ‘…’.
The database ‘Business Apps - Freshdesk’ could not be opened.
The authentication credentials for Freshdesk are incorrect.
The remote server returned an error: (401) Unauthorized.

The call stack is:

   at System.Net.HttpWebRequest.GetResponse()
   at Invantive.Data.Providers.Http.HttpBasedProvider.DoRequest(GlobalState owner, ExecutionOptions executionOptions, HttpWebRequest request, String url, ObjectDefinition objectDefinition, QueryObject queryObject, String partitionCode, String callSafeNameOverrule, String anonymizedPostText, Boolean allowRetryOnConnectionLoss, ParameterList parameters, Guid nativeCallUid, Boolean throwExceptionOnNonSuccessfulStatusCode, ExecutionStatistics& statistics, ODataErrorProcessingInstructions& oDataErrorProcessingInstructions)

The connection is made using user name and password. The user is agent and account administrator in Freshdesk.

A similar error occurs on Invantive Cloud:

How can I log on?

Sometimes this error may also display as:

invalid_credentials: You have to be logged in to perform this action.

with similar meaning:

Incorrect or missing API credentials. As the name suggests, it indicates that the API request was made with invalid credentials. Forgetting to apply Base64 encoding on the API key is a common cause of this error.

or as:

Could not retrieve the helpdesk settings from Freshdesk.

When the user can log on to the Freshdesk environment using these credentials, the user has insufficient privileges to use the API.

Please check the following:

  • Does the plan cover API access (currently Blossom and higher)?
  • Is the user “superuser”?

Other Causes

Other reasons can apply, but can be quite hard to analyze.

Please first check that the following command-line statement succeeds after replacing ‘user’, ‘password’ and ‘mycompany’:

curl -v -u user:password -H "Content-Type: application/json" -X GET

Successful output should resemble:

Failed output resembles:

It is recommended to contact Freshdesk when the statement fails. All apps will fail when not resolved.

Alternative: Use the API Key

As an alternative, Freshdesk traditionally offers an API key for authentication of apps.

On Invantive Cloud, the Freshdesk API key can be selected as authentication method when creating a new Freshdesk database:

Freshdesk database using API key

With on-premise products, the API key authentication is no longer displayed. A change ITGEN-5493 has been submitted to provide it again.

The API key can be found using the profile settings:

Freshdesk profile settings

And then copying the mix of characters and digits from “Your API key”:

Retrieve Freshdesk API key

Please note that Freshdesk recently announced that log on by user/password will be deprecated by August 31 (

to notify you that we will soon be deprecating username/password-based authentication for APIs. What does it mean? If you are using basic authentication using username/password in your webhooks, custom apps, or API transactions in Freshdesk, you may have to switch the authentication method to ‘API key’ based authentication. Why this change? Using API keys is more secure when you make API transactions and API keys are more immune to any external attacks. What to do next? You can start using the API key right away. You can find it on your Freshdesk Profile Settings page. Please note that we will stop supporting username/password-based authentication starting 31st August 2021. For more details, check out the support article here.