Hi,
I am getting below error with A042 endpoint to download an attachement.
<?xml version="1.0" encoding="UTF-8"?>InvalidArgumentOnly one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specifiedAuthorizationBearer hM18ZkAmUaH9ndgMKehmKoMTbzLm2TE850YR0YTC5TA3
I am adding only token in the header.
Any pointers what may be causing this would be a great help.
Thanks
Devendra
Hi Devendra,
This error is happening because this endpoint uses a 307 Temporary Redirect to a pre-signed S3 download URL.
Your initial call to A042 (/R4/Binary/{id}) should include the normal e-RS header, as you’ve said:
Authorization: Bearer
However, when the client follows the 307 redirect and makes the second request to the Location URL, it is still sending the same Authorization: Bearer header. Since the redirect URL already contains its own authentication details (for example X-Amz-Algorithm and the signature), S3 sees two authentication mechanisms and returns:
InvalidArgument: Only one auth mechanism allowed…
To resolve this, keep the Bearer token on the first request to e-RS, but ensure the follow-up request to the redirected Location URL is made without the Authorization header.
Hope this helps,
Petko
Hi Petko,
Thanks for your reply. I am getting the error in the first request only. I am not getting any Location URL in the first call and making a second call to the Redirected URL. The end point A042 seems to be making the call internally to S3. My code looks like below
HttpGet request = new HttpGet("https://int.api.service.nhs.uk/referrals/FHIR/R4/Binary/9908a42d-72fb-4a3f-bf9e-1013a14e113a");
request.addHeader("content-type", "application/json+fhir");
request.addHeader("Authorization", "Bearer "+token);
HttpResponse response = httpClient.execute(request);
for (Header h : response.getAllHeaders()) {
System.out.println("Name "+h.getName()+" Value "+h.getValue());
}
System.out.println("Response Code "+response.getStatusLine().toString());
ByteArrayOutputStream outstream = new ByteArrayOutputStream();
response.getEntity().writeTo(outstream);
byte [] responseBody = outstream.toByteArray();
System.out.println(new String(responseBody).toString());
I get the below output
Name x-amz-request-id Value DZHHB8NQWZYW4FE2
Name x-amz-id-2 Value 4nJZd0RKEGSy0TmutzoXrI7fDVA/gvgLE5E+bShZxGPSIce6OoSgpXHt79nQbru+AA5E8c+AbVEGZTc8CqAfInSxdBbJrh51
Name Content-Type Value application/xml
Name Transfer-Encoding Value chunked
Name Date Value Tue, 20 Jan 2026 18:50:04 GMT
Name Connection Value close
Name Server Value AmazonS3
Response Code HTTP/1.1 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidArgument</Code><Message>Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>Bearer Ax7goITqR6glmEvzOaGG8ZlsbvXW</ArgumentValue><RequestId>DZHHB8NQWZYW4FE2</RequestId><HostId>4nJZd0RKEGSy0TmutzoXrI7fDVA/gvgLE5E+bShZxGPSIce6OoSgpXHt79nQbru+AA5E8c+AbVEGZTc8CqAfInSxdBbJrh51</HostId></Error>