Passing Headers while creating External Task client

At the engine side we have few external service tasks, the engine is secured.
I want to subscribe to those external tasks
I am creating the client like this →
base-url: http://localhost:8080/engine-rest

Along with this I need to pass header
Can anyone suggest how can I pass that.

Hello @vaishaliarora ,

welcome to the forum. For Basic Auth, it is done like this (I assume you use the spring boot starter external task client):

    base-url: http://localhost:8080/engine-rest # The URL pointing to the Camunda Platform Runtime REST API
    basic-auth: # Configure if REST API is secured with basic authentication
      username: demo
      password: demo

For more information about the project, please find the source code here:

If your use case cannot be covered with the starter right now, consider using the “normal” external task client:

I hope this helps


Yeah for Basic auth I am using the same.
But I want to pass some header like “Role”,“id” some headers.

do you know how can I set that here?

Hello @vaishaliarora ,

I am not sure what these headers should help you with. The REST API will not be able to do anything with these as long as you do modify it?

What should be purpose of these headers?


These are for authentication at the engine’s end

Authenticating against what? The engine will just need a username and a password.

so I have added few roles there … if the role in the header matches to the role defined in the engine it should be able to execute the BPMN

This sounds like a custom implementation. Usually, you would assign the user to a group and the group to Authorization objects.

Yeah this is a custom implementation.
I am seeing this sort of error at my client end
Caused by: org.apache.http.client.HttpResponseException: status code: 401, reason phrase: {“timestamp”:“2021-07-14T09:52:32.389+0000”,“status”:401,“error”:“Unauthorized”,“message”:“Required header is missing (x-bpm-role).”,“path”:"/engine-rest/external-task/fetchAndLock"}

In this case, I would suggest you use the “normal” external task client. This client can be configured to also use other kinds of headers. You can find a link in my first response.

okay … I will try that out.

Thanks Lukas :slight_smile:

1 Like

Hi vaishali

I am facing same issue can you guide me please !


Yes Sure,
Can you elaborate a bit about your issue

Hi Vaishali

I wanted to add query-param in base url.

Suppose My Base Url Is “http://localhost:8080/engine-rest/external-task/fetchAndLock
I want to add query-param in that .

after adding query-param base url will be “http://localhost:8080/engine-rest/external-task/fetchAndLock?apikey=123wer

how i can achive this


Hi @jonathan.lukas,
I tried to configure basic auth this way from within a custom REST spring boot app but I am still getting an unauthorized access error. Do you have an idea what could be the reason?

Hi @hassang ,

have you checked already whether your basic auth works client-wise (the Auth header is appended correctly)? If so, debug the server.

I am sorry I cannot give you a more concrete advice, but from what I see in the source code, this configuration is still valid.


Hi @jonathan.lukas,

I forgot to mention that I am using camunda-engine-rest-client-openapi-springboot and as per the implementation, it looks like the only possible configurations are camunda.bpm.client.base-url and camunda.autoDeploy.*

Hello @hassang ,

this is because the project you mention here is a community project by @BerndRuecker and so unrelated to the “official” spring-boot-starter client.

Here is a complete client that mixes both worlds:

Still, your auth credentials will only count for the external task subscriptions.

If you want the whole client easily configurable like you describe, please contribute to this community project. I think @BerndRuecker will like it :wink: