Ok, imho a proper process for any app to contact the Web API is: [h]Step 1:[/h] Request token.html WITHOUT http authentication. This is standard practice to prevent accidentally sending your credentials to a wrong recipient. You could skip this step if you wanted to. You send: GET /gui/token.html HTTP/1.1Host: response should be: If you do not get a 401 Unauthorized with an authenticate request for realm uTorrent you should abort the process. HTTP/1.1 401 UnauthorizedConnect