IBM Cloudant login failed

Hi, I followed the guide in the comments of some posts on this forum to get the API key for login and I have enabled CROS but still failed to login. Here are the information and settings I have used.

Login information

The credential I have got from IBM cloud and the role is manager.

URL field for “CouchDB URL:” on noteself
apikey field for “Remote user-name:” on noteself

I am not sure about the password but it seems that it is not required.

CORS settings


Other information


Thank you very much.

I think you are missing the password. The first part of the URL is just the username so if your URL is then your user is verylongchunkoftext.
Then what you are missing is the password, when you generate an user you usually get a password from cloudant

I tried different combinations but still failed to login.

In the credentials given, it seems that there is no password. I tried to login with “username” or the apikey as the remote user-name then use the apikey, IBM cloud password and one-time password which lasts for 300 seconds. They did not work.

I am not sure what can be wrong, the details you are giving me seems correct.
All I can do is to offer you to jump on a call and take a more detailed look.

Hello, I’m experiencing the same issue.

CORS have been enabled from *.

This is an example credential file generated from Service Credentials tab in IBM Cloudant: (credentials are no more valid)

  "apikey": "9SgdXnNa4aa-LldTdaBvuwCz7b94DvRpqZuFS-zC5qLn",
  "host": "968[REDACTED]",
  "iam_apikey_description": "Auto-generated for key 1fea9853-00ca-4583-916f-f48775f3ea53",
  "iam_apikey_name": "ServiceCredentials-2",
  "iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Writer",
  "iam_serviceid_crn": "crn:v1:bluemix:public:iam-identity::a/5f41ba2949ef4a6daba1f9c11615a6da::serviceid:ServiceId-5c759f57-a419-4f8d-a051-de67de97e866",
  "url": "https://[REDACTED]",
  "username": "[REDACTED]-bluemix"

So far I tried:

  • username and apikey
  • iam_api_keyname and apikey
  • just [REDACTED] and apikey

I get a 401 Unauthorized

Request headers

POST /_session HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0
Accept: application/json
Accept-Language: en-GB
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 95
Origin: null
DNT: 1
Connection: keep-alive
Cookie: AuthSession=
Pragma: no-cache
Cache-Control: no-cache

Response headers

HTTP/2 401 Unauthorized
access-control-allow-credentials: true
access-control-allow-origin: null
access-control-expose-headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time
cache-control: must-revalidate
content-length: 67
content-type: application/json
date: Tue, 15 Sep 2020 08:38:36 GMT
server: CouchDB/2.1.1 (Erlang OTP/20)
set-cookie: AuthSession=; Version=1; Path=/; HttpOnly; Secure; SameSite=None
x-cloudant-action: cloudantnosqldb.session.write
x-frame-options: ALLOW-FROM https://[REDACTED]
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-cloudant-request-class: unlimited
x-cloudant-backend: bm-cc-eu-de-11
via: 2.0 (Glum/1.89.12)
X-Firefox-Spdy: h2

@danielo515 is there anything I can do to further debug this? I have the impression that the authentication the CouchDB library uses does not like API keys but requires username/password, but that is just an impression, I wasn’t able to determine if that’s the case from the source code.

I think this is related to Multi-User simultaneous updates possible? where login worked only after enabling Use both legacy credentials and IAM.

Hello @endorama,
Enabling legacy credentials is definitely required for this, I made that on my account long time ago (or even it was not needed because my account is very old) and forgot about it.
Can you try enabling legacy credentials?

Also try apikey-9SgdXnNa4aa-LldTdaBvuwCz7b94DvRpqZuFS-zC5qLn as remote username, just to be sure

I finally got IBM Cloudant to work.

  • Use both legacy credentials and IAM
  • Create a Service credential, Role: Manager
  • CouchDB URL:
  • Remote user-name: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-bluemix
  • Password: Service Credential: “password”: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy (57 characters)
1 Like

Glad you finally figured it out.
Legacy credentials should be the only requirement according to IBM docs, but I didn’t checked them in a way, it may have changed.


I’m a new user on noteself from Tiddlywiki.
This product seems to be great but I cannot login with my IBM Cloudant. CORS is enabled from all.
I got my service credential as @Oxyde did but my generated password was 31characters while @Oxyde said it had 57.
Also, the official doc says the “url” field in service credentials “includes the embedded legacy username and password,” then username should be apikey-v2-[44 characters] not “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-bluemix” as @Oxyde said.
There is a bundle of contradictions around the Cloudant login feature.
I would be grateful if you could give users updated how-to on Cloudant login.

I incorrectly wrote the password has 57 characters. The IBM generated password has 64 characters.

Test from the command line:

should return:

{"couchdb":"Welcome","version":"3.1.1","vendor":{"name":"IBM Cloudant","version":"8192","variant":"paas"},"features":["geo","access-ready","iam","partitioned","pluggable-storage-engines","scheduler"],"features_flags":["partitioned"]}

Yes, the curl above includes the user & password, but noteself must add user & password automatically for you. User & password isn’t needed in the CouchDB URL.

Thanks for your response @Oxyde!
I could find username in “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-bluemix” format but no password in 64 characters.
My generated password was 32 characters (31 was incorrect).
Where did you find your 64 characters password?

My service credential:
“apikey”: “[REDACTED]”,
“host”: “”,
“iam_apikey_description”: “Auto-generated for key [REDACTED]”,
“iam_apikey_name”: “Service credentials-1”,
“iam_role_crn”: “crn:v1:bluemix:public:iam::::serviceRole:Manager”,
“iam_serviceid_crn”: “[REDACTED]”,
“password”: “yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy”(32 characters),
“port”: 443,
“url”: “https://[username below]:[password above]”,
“username”: “apikey-v2-[44 characters]”

curl result with 32 characters password:
{“error”:“unauthorized”,“reason”:“Name or password is incorrect.”}

@sa162014 The 64 character password is shown after clicking the down arrow circled in red. See image below:

It shows 32 characters password for me there…

Make sure to enable legacy credentials:

Once you enable them you should see a password of the right length in an object like this:

  "apikey": "MxVp86XHkU82Wc97tdvDF8qM8B0Xdit2RqR1mGfVXPWz",
  "host": "",
  "iam_apikey_description": "Auto generated apikey during resource-key [...]",
  "iam_apikey_name": "auto-generated-apikey-050d21b5-5f[...]",
  "iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Manager",
  "iam_serviceid_crn": "crn:v1:staging:public:iam-identity::[...]",
  "password": "8fb6a16b48903e87b769e7f4968521e85c2394ed8f0e69b2769e56dcb27d2e76",
  "port": 443,
  "url": "https://<username>:<password>",
  "username": "apikey-v2-58B528DF5397465BB6673E1B79482A8C"

I made sure of that. But, I noticed that

my host domain is different from yours as below.
“host”: “[36 characters]”,

It seems I managed to login but database is still not updated

I read every theads about Cloudant and mostly cannot make it work. I’ll describe below the procedure I followed, the only one that worked, as it might help others.

I tried many different things using (hopefully) every possible combinations of {url/host/address} · {login/key/username} · {password}, on a few different browsers, on different OS and different devices (see Note 1, below).

Part I: configuring IBM Cloudant

  1. log in at
  2. in the left menu, click on Resource list
  3. in Services and software, click on previously created Cloudant instance
  4. in Manage » Overview, check that my Authentication Methods include Cloudant credentials
  5. in Service Credentials, create a New Credential with Manager as Role
  6. click on the down-arrow, at the left of the newly created credentials, the following [redacted] block of info appears:
    “apikey”: “[44 character long]”,
    host”: “[36 characters long]”,
    “iam_apikey_description”: “Auto-generated for key [36 characters long]”,
    “iam_apikey_name”: “[name given during credetials creation]”,
    “iam_role_crn”: “crn:v1:bluemix:public:iam::::serviceRole:Manager”,
    “iam_serviceid_crn”: “crn:v1:bluemix:public:iam-identity::a/[32 characters long]::serviceid:ServiceId-[34 characters long]”,
    password”: “[32 characters long]”,
    “port”: 443,
    “url”: “https://[username, see below]:[password, see above]@[host, see above]”,
    username”: “apikey-v2-[44 characters long]”
  7. in Manage, click on Launch Dashboard, thus opening the Cloudant Dashboard Databases page
  8. click on Create Database and enter a name with no special character (see below): [dbname]
  9. (optional: see Note 3) in this db Permissions tab, click on Generate API Key, the following info appears:
    Key: apikey-[32 characters long]
    Password: [40 characters long]

Part II: Configuring NoteSelf (

  1. click on the round Login avatar-like button and choose the Custom tab
  2. enter the following informations:
    CouchDB URL: https://[]
    Remote database name: [I.8.dbname]
    Remote user-name: [I.6.username]
    and click on the Save Config button
  3. again, click on the round Login avatar-like button and choose the Custom tab
  4. enter the remaining information:
    Password: [I.6.password]
    and click Login, then Cancel


  1. Thanks to this procedure I could login with the following browsers on the following OS & devices:
    — Brave, Firefox, Opera (on every OS/device) & Chrromium (only tested on Linux)
    — Linux/PC, Windows/PC & Android9/tablet
    Yet, step II.5 stalls indefinitely on Vivaldi (whatever OS/device).

  2. It took me a long time to understand (but why?) that the name of the db cannot contain the - character, otherwise the login procedure stalls indefinitely. So use something like dbname but avoid db-name. Capitals, digits and other special characters might work but I haven’t tried them.

  3. Whatever I try, I got a Login failed error message in NoteSelf, except when I use one of the following authentication pair (as mentionned in step 12 and 14):
    — either the Username and Password of step I.6
    — or the API Key and Password of step I.9
    Thus, one might prefer to use the API Key (I.9) as Remote user-name (II.2) and the related Password (I.9 & II.4).