Has your application with the IBM Watson service suddenly stopped working without any changes to its configuration?

The application probably uses HTTP basic authentication with username and password credentials; this is also called as a Cloud Foundry service credential, and you likely see 401: Unauthorised Error in the application log:

401 Unauthorised

This blog post will outline how to resolve the issue and get your application up and running with the Watson service again.


Once you migrate a Watson service instance to move it from its current Cloud Foundry org and space to a resource group, your new instance manages authentication with Cloud Identity and Access Management (IAM). IAM is an enhanced mechanism that uses API keys instead of username and password. 

As a result, you need to change the application code, which authenticates to the Watson service with the IAM API key credential.

  1. Log in to IBM Cloud and open your Dashboard. 
  2. Select Services in the Resource summary section > your Watson service instance > Service Credentials
  3. Copy the API key in the Credentials section. 
  4. Check your application code that authenticates to the Watson service with username and password credentials and replace it with the API key you copied from Step 3.


The following Python code is using Basic Authentication to connect to the watsonx Assistant instance, and it may have failed with the 401 authentication error because the credential has deprecated.

from ibm_watson import AssistantV1 
from ibm_cloud_sdk_core.authenticators import BasicAuthenticator

username = 'd51a5b3c-fce3-4836-9d4c-e068a9e35379'
password = 'Pw0Oq3kydbzQ'

authenticator = BasicAuthenticator(username, password) 
assistant = AssistantV1( version='2018-08-01', authenticator=authenticator ) 

Note that the username of the old Cloud Foundry service credential is a string other than apikey in the above example. 

Replace the username with the word apikey and the password with the actual API key of the Watson service. 

Below, you’ll see the updated version of the example code:

username = 'apikey'
password = 'your-API-Key-goes-here'
authenticator = BasicAuthenticator(username, password) 
assistant = AssistantV1( version='2018-08-01', authenticator=authenticator ) 

Or, if you use a later version of Watson SDK to manage the IAM authentication, you can use the following code in this example:

from ibm_watson import AssistantV1 
from ibm_cloud_sdk_core.authenticators import IAMAuthenticator 

authenticator = IAMAuthenticator( 'your-API-Key-goes-here') 
assistant = AssistantV1( version='2019-08-01', authenticator=authenticator )

For different programming languages and Watson services, refer to the corresponding Watson SDK and API documents: 


Update your applications to take advantage of the improved security that Cloud Identity and Access Management (IAM) affords. After you update your apps to use the new API key approach, you won’t need the Cloud Foundry service alias and can delete it. The username and password credentials have recently been disabled, and applications must be updated to use the IAM authentication method.

For more details about the migration of your Cloud Foundry instance and the new IAM authentication, see the following: 

Was this article helpful?

More from Cloud

The recipe for RAG: How cloud services enable generative AI outcomes across industries

4 min read - According to research from IBM®, about 42 percent of enterprises surveyed have AI in use in their businesses. Of all the use cases, many of us are now extremely familiar with natural language processing AI chatbots that can answer our questions and assist with tasks such as composing emails or essays. Yet even with widespread adoption of these chatbots, enterprises are still occasionally experiencing some challenges. For example, these chatbots can produce inconsistent results as they’re pulling from large data…

Rethink IT spend in the age of generative AI

3 min read - It’s the burning question for today’s CIOs: what do you spend your IT budget on? Cloud costs were already a challenge—in a recent survey, 24% estimated they wasted software spend. The explosion of generative AI makes it critical for organizations to consider frameworks like FinOps and technology business management (TBM) for visibility and accountability of all tech spend. But what does this all mean in practice? How can organizations shift to a more disciplined, value-driven approach to IT spend? What…

Announcing Dizzion Desktop as a Service for IBM Virtual Private Cloud (VPC)

2 min read - For more than four years, Dizzion and IBM Cloud® have strategically partnered to deliver incredible digital workspace experiences to our clients. We are excited to announce that Dizzion has expanded their Desktop as a Service (DaaS) offering to now support IBM Cloud Virtual Private Cloud (VPC). Powered by Frame, Dizzion’s cloud-native DaaS platform, clients can now deploy their Windows and Linux® virtual desktops and applications on IBM Cloud VPC and enjoy fast, dynamic, infrastructure provisioning and a true consumption-based model.…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters