Camunda community rest client api bearer token


I want to make a REST call from my application to camunda engine via to start the process. Camunda engine REST api is secured by Keycloak and when i try to start the process by

  new StartProcessInstanceDto().businessKey("businessKey)

I get the following error Too many follow-up requests: 21

which IMO represents redirects to the keycloak server. Thus, my question is: How to add Authorization header to the or where should i put a proper interceptor?


Hello @olszewskia ,

when initializing the Api object, it requires a object of the class

For spring-boot, the ApiClient is created here:

If you need to extend it, please override this bean by using the @Primary annotation on your own bean.

I hope this helps


1 Like

Hello again @jonathan.lukas :slight_smile:

You’re 100% right, thank you again.

To make it work, I had to exclude CamundaOpenApiStarter from the application like this

@SpringBootApplication(exclude = {CamundaOpenApiStarter.class})

Then i had to add my own implementation with the required interceptors, i.e.,

public class CamundaOpenApiConfiguration {

    private String basePath;

    public ApiClient createApiClient() {
        final var client = new ApiClient(initHttpClient());
        if (basePath != null) {
        return client;

    private OkHttpClient initHttpClient() {
        return new OkHttpClient.Builder()

    private Interceptor getProgressInterceptor() {
        return (Interceptor.Chain chain) -> {
            final var request = chain.request();
            final var originalResponse = chain.proceed(request);
            if (request.tag() instanceof final ApiCallback callback) {
                return originalResponse.newBuilder()
                    .body(new ProgressResponseBody(originalResponse.body(), callback))
            return originalResponse;

    private Interceptor getTokenInterceptor() {
        return (Interceptor.Chain chain) -> {
            final var request = chain.request().newBuilder()
                .addHeader("Authorization", "Bearer myToken");
            return chain.proceed(request);

Thus, it solved my problem with the keycloak redirects.