When authenticating with the Chargify API, the Authorization header must be in the format specified by RFC 2617, for example:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
The word “
Basic” must be present and must be capitalized exactly as shown.
We have discovered that we were previously accepting invalid headers, for example:
Authorization: QWxhZGRpbjpvcGVuIHNlc2FtZQ== Authorization: BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==
As of Monday, March 28, 2016, these formats will no longer work, and you will receive a 401 Unauthorized response.