Receiving HTTP/2 401 respone despite specifiying Authorization header

Hi all,

I’m trying to make a cURL request from the command line as follows:

curl --verbose -L -H "Authorization: Bearer [PersonalAccessToken];" https://api.netlify.com/api/v1/sites/

The response I am receiving is as follows:

*   Trying 35.244.176.74:443...
* TCP_NODELAY set
* Connected to api.netlify.com (35.244.176.74) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=ca; L=San Francisco; O=Netlify, Inc; CN=*.netlify.com
*  start date: Jul  3 00:00:00 2019 GMT
*  expire date: Jul  7 12:00:00 2020 GMT
*  subjectAltName: host "api.netlify.com" matched cert's "*.netlify.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5577e13f5db0)
> GET /api/v1/sites/ HTTP/2
> Host: api.netlify.com
> user-agent: curl/7.68.0
> accept: */*
> authorization: Bearer [PersonalAccessToken];
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 401 
< cache-control: private, no-store
< content-type: text/html
< date: Sun, 24 May 2020 13:05:23 GMT
< pragma: no-cache
< strict-transport-security: max-age=31536000
< vary: Origin
< www-authenticate: Bearer realm="user"
< x-content-type-options: nosniff
< x-frame-options: ALLOWALL
< x-nf-srv-version: ba0109636c2f0b62dffa47b31c297cf13eace3d1
< x-request-id: 184461b3-315d-4197-a439-b75132ed5572
< x-runtime: 0.034331
< content-length: 0
< via: 1.1 google
< alt-svc: clear
< 
* Connection #0 to host api.netlify.com left intact

Now sure why this is happening. I’m new to both cURL and Netlify’s API; wondering if there is something obvious that I’m missing?

Hey @hirusi! Welcome to the forum :slight_smile:
Assuming you created your token in the UI here:
https://app.netlify.com/user/applications#personal-access-tokens

…then you should be able to successfully make that call if you delete the semicolon so it looks something like this:
curl --verbose -L -H "Authorization: Bearer jfs9df89asd" https://api.netlify.com/api/v1/sites/

Want to give that a shot and let us know if you continue to get that 401 error?

Once you get that working, this is a good guide to how to do what you want with our API:

1 Like

Thanks so much, @jen! This was it!