Auth0 Home Blog Docs

How to send token in header of an other API

I’m developping an API which return PDF (WsDocument). To secure this API I developped second API which create oauth access_token (WsOauth). I have no problem to create my access_token. I have also no problem to get my token from my WsOauth to my WsDocument. But when I pass my access_token in the header of my WsDocument I have have this message:

access denied

I have already tried to pass my access_token whith different syntax for the header. I really dont know what can I tried next.

Here the code to call my WsDocument :

[Route("api/test/{username}/{password}/{type}/{loc}/{docnumber}")]
[Route("ws/get_document")]
[HttpGet]
public HttpResponseMessage getDocument(string type, int docnumber, int loc, string username, string password)
{
    HttpResponseMessage zresponse = null;

    HttpResponseMessage ztokenresponse = checkAuthentification(username, password, loc);
    var jsonresult = ztokenresponse.Content.ReadAsStringAsync().Result;
    var deserializedjsonResult = JObject.Parse(jsonresult);
    string ztoken = deserializedjsonResult["access_token"].ToString();

    ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
    using (var client = new HttpClient())
    {
        if (ztoken != null)
        {
            client.DefaultRequestHeaders.Clear();
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", ztoken);

            client.BaseAddress = new Uri("https://localhost:44308/");
            string requesturi = "ws/get_documentA4/" + username + "/" + password + "/" + type + "/" + loc + "/" + docnumber;

            zresponse = client.GetAsync(requesturi).Result;
        }
    }
    return zresponse;
}

Here the code called previously

[Authorize]
[Route("ws/get_documentA4/{username}/{password}/{type}/{loc}/{docnumber}")]
[Route("ws/get_documentA4")]
[HttpGet]
public HttpResponseMessage getDocumentA4(string type, int docnumber, int loc, string username, string password)
{
    HttpResponseMessage zresponse = null;
    DocumentA4Model zdocumentmodel = new DocumentA4Model();

    IServiceDatabase zservice = WebApiConfig._allConnectedLocation.Find(x => x.Name == loc.ToString()).Database;

    if (zservice != null)
    {
        zdocumentmodel = DocumentWSModel.getDocument(zservice, type, loc, docnumber);
    }

    if (File.Exists(DocumentWSModel.Doc_file_path))
    {
        zresponse = new HttpResponseMessage(HttpStatusCode.OK);
        zresponse.Content = new StreamContent(new FileStream(DocumentWSModel.Doc_file_path, FileMode.Open, FileAccess.Read));
        zresponse.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment");
        zresponse.Content.Headers.ContentDisposition.FileName = zdocumentmodel.Doc_file_name;
        zresponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/pdf");

        return zresponse;
    }
    return null;
}

When I call my function in my WsOauth I have access to my ressource. I suppose problems come from my header and how I pass my token to my WsDocument.