Hi Devendra,
This error is happening because this endpoint uses a 307 Temporary Redirect to a pre-signed S3 download URL.
Your initial call to A042 (/R4/Binary/{id}) should include the normal e-RS header, as you’ve said:
Authorization: Bearer
However, when the client follows the 307 redirect and makes the second request to the Location URL, it is still sending the same Authorization: Bearer header. Since the redirect URL already contains its own authentication details (for example X-Amz-Algorithm and the signature), S3 sees two authentication mechanisms and returns:
InvalidArgument: Only one auth mechanism allowed…
To resolve this, keep the Bearer token on the first request to e-RS, but ensure the follow-up request to the redirected Location URL is made without the Authorization header.
Hope this helps,
Petko