Unable to access REST API’s in Camunda

In our project , we are trying to use camunda BPMN. using camunda standalone distro and deployed and running in Tomcat.

login as a admin user and able to access cockpit and task lists.But,when we try access the APIs using a Java client . we are getting an unauthorized (401) error. Though we are sending JSESSIONID as a “Cookie”

Tried both DefaultHttpClient and HttpURLConnection - It didn’t work out

Note : JSESSIONID is retrieved by calling the login api with admin username and password.

Help me to solve the issue

Attached below is the client code

import java.util.HashMap;
import java.util.Map;

import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.CookieStore;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.cookie.BasicClientCookie;

import com.google.gson.Gson;

public class CamundaBMPNClient {

public static void main(String[] args) {
	CamundaBMPNClient bpmnClient = new CamundaBMPNClient();
	Map<Integer, String> cookieHeader = bpmnClient.getCookieHeader();

public Map<Integer, String> getCookieHeader() {
	String jSessionID = null;
	Map<Integer, String> headerValues = new HashMap<Integer, String>();
	HttpClient httpClient = HttpClientBuilder.create().build();
	HttpPost request = new HttpPost(
					+ "api/admin/auth/user/default/login/cockpit");
	request.addHeader("content-type", "application/x-www-form-urlencoded");
	request.addHeader("Accept", "application/json");
	String jsonString = new Gson()
	StringEntity params;
	try {
		params = new StringEntity(jsonString);
		HttpResponse response = httpClient.execute(request);
		Header[] cookieheader = response.getHeaders("Set-Cookie");

		for (Header s : cookieheader) {
			// Do your stuff here
			String[] str = s.getValue().split(";");
			int i = 1;
			for (String s1 : str) {
				headerValues.put(i, s1.trim());
		System.out.println("jSessionID::" + jSessionID);
	} catch (Exception e) {
		// TODO Auto-generated catch block
	return headerValues;

public void getListofTasks(Map<Integer, String> cookieHeader) {
	int id = 0;
	// DefaultHttpClient httpclient = new DefaultHttpClient();

	HttpPost request = new HttpPost(
	request.addHeader("Content-type", "application/json");

	String[] arrJSessionID = cookieHeader.get(1).split("=");

	System.out.println("" + arrJSessionID[1]);

	CookieStore cookieStore = new BasicCookieStore();
	BasicClientCookie cookie = new BasicClientCookie("JSESSIONID=",
	// cookie.setAttribute(ClientCookie.DOMAIN_ATTR, "true");
	// httpclient.setCookieStore(cookieStore);

	HttpClient httpclient = HttpClientBuilder.create()

	String jsonString = new Gson().toJson("{}");
	StringEntity jsonStr;
	try {
		jsonStr = new StringEntity(jsonString);
		HttpResponse response = httpclient.execute(request);
		int statusCode = response.getStatusLine().getStatusCode();
		Header[] header = response.getHeaders("Set-Cookie");

		for (Header h : header) {
		System.out.println("statusCode::" + statusCode);
	} catch (Exception e) {



Hi @krish,
I’m not so much into this Apache HttpClient thing, but the only thing that you need to do, is to set the following header to your request:

Cookie: JSESSIONID=7E72F37DD43710FE22BBD4884ECBD2E3

This part of your code, where you define the cookie store, looks like the overhead for me.

I was able to send the session id and can call the API from Advanced Rest Client. But the problem I had while calling the same from the client application.All these came up when I was using a camunda stanalone war file. Later I installed camunda bundle (shipped along with tomcat) and I didn’t see any issues. Thanks for your answer