401 Unauthorized - Invalid Token

[Edisnel C. C.]

Hello good afternoon, I hope you are doing well

Today in the middle of a download,  it was interrupted by an Invalid token error

In a 1 hour interval, we try the same credentials to authenticate against the BCDA API. Sometimes we got the token, other times we get this error when doing the post request to https://api.bcda.cms.gov/auth/token

{

    "issue": [

        {

            "code": "exception",

            "diagnostics": "Invalid Token",

            "severity": "error"

        }

    ],

    "resourceType": "OperationOutcome"

}

After rotating the credentials, we have the same pattern.  Could you help us in finding the issue?

Thank you very much

[Andrew Copeland]

Hello!

We have had the same issue on our jobs that hit the BCDA API.  Our retries eventually recovered some of the 401 errors, but wonder if there is something else.

We download data for multiple ACO's.

Thank you!

[jacob.b...@gmail.com]

+1 to this ticket. Seeing the same server-side degradation/issue in the last 7 days, and still unresolved. (Also possibly related, PACA Claim endpoints have been not throwing any errors but have been returning 0 resources for many days in a row now.)

@ BCDA Team - is there a fix in process for these server-side issues?

Standing by, let me know if anything else we can do to assist resolution.

Jake

[Andy McLaughlin]

Another +1

[Somaiya Shakil]

Experiencing the same issue for ACO D0315.

--
You received this message because you are subscribed to the Google Groups "Beneficiary Claims Data API (BCDA) Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bc-api+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bc-api/0dd99e37-4616-41d6-b413-378dc79cc26en%40googlegroups.com.

 

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please reply to the sender (only) and then delete this message from your inbox as well as any copies. Thank you.

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please reply to the sender (only) and then delete this message from your inbox as well as any copies. Thank you.

Secured by Paubox - HITRUST certified

[Beneficiary Claims Data API (BCDA) Community]

Thank you all for reaching out! 

We are working to identify the cause of these intermittent authentication failures. We appreciate your patience as we resolve the issue.

To support our investigation, please reply here or to bc...@cms.hhs.gov with: 

1. How often you are receiving this token error (e.g., about half of requests).
2. What method you are using to make these API requests (e.g., Postman, curl). 
3. The 5 character Entity ID for your organization(s). For example, ACOs in the Shared Savings Program have Entity IDs which begin with the letter 'A' followed by four numbers, like "A9999".

Please be sure to censor Personally Identifiable Information (PII) and other sensitive information in your responses.

The partially adjudicated claims issue appears to be an unrelated issue with upstream data availability beginning March 4; the issue should be resolved as of around 5:30pm Eastern today, but please let us know if you still do not see any Claim resources.

Thank you, 

The BCDA Team

[Wellvana Wellvana]

I am seeing this issue intermittently for a few days now. 

I executed:
      curl -d "" -X POST "https://api.bcda.cms.gov/auth/token" --user real_client_key:real_client_secret -H "accept: application/json"

5 times in a row 2 of them returned a real auth token and 3 returned 401 errors

[Anil Bobade]

+1 to this issue, We also faced this issue over the weekend.

[Schwindt, Adam]

Every single time.

A2973

Python HTTP Requests.

To view this discussion visit https://groups.google.com/d/msgid/bc-api/19267dc9-3853-4ce2-9e6e-9bed59c3319bn%40googlegroups.com.

This e-mail and any attachments may contain information which is confidential, proprietary, privileged or otherwise protected by law. The information is solely intended for the named addressee (or a person responsible for delivering it to the addressee). If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer.

[Somaiya Shakil]

Using curl through SAS and ACO ID is D0315.

To view this discussion visit https://groups.google.com/d/msgid/bc-api/CAF1AwdjKsbdHqbdKiZ3wRFpzv2FvDmCspdUyDXXvh6aFMhzO%2Bg%40mail.gmail.com.

 

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please reply to the sender (only) and then delete this message from your inbox as well as any copies. Thank you.

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please reply to the sender (only) and then delete this message from your inbox as well as any copies. Thank you.

[Beneficiary Claims Data API (BCDA) Community]

Hi all, 

 

Thank you for sharing the extra error information with us! The BCDA team has identified a high volume of simultaneous requests from two IP addresses as a major contributing factor to the sudden increase in 401 errors. As a reminder, we recommend following an exponential backoff approach when making automated requests to BCDA. 

We are continuing to troubleshoot the root cause of the intermittent authentication failures and apologize for any inconvenience they have caused. Please let us know if the issue persists.

 

Thank you, 

 

The BCDA Team