Simpleton help with API access - 401: Unauthorized

Hi all.

I am not the greatest at programming and am sure I have missed a comma somewhere in my setup!

Trying to gain API access to a local docker deployment of HA, followed the basics of setting up a long lived token (under my own account) but when trying the curl command, I get 401: Unauthorized.

curl -k -X GET https://blah.duckdns.org:8123/api/error/all -H ‘Authorization: Bearer xyzkyvHcMtkVyQhm5kQe4irRSUqFI3avggMxLayhkoc’

Also tried with local IP but same result.

Any pointers on what to check/do/correct?

Did you manage to solve this? I am having the same issue.

curl -v https://HA_URL/api/ -H "Authorization: Bearer MY_TOKEN"

Returns a 401 unauthorized error. The unauthorized access attempt shows up in my HA notifications, so it is receiving the request, but I have no idea why it’s not accepting the authorization.

(btw - you may wish to remove your token from your post for security reasons, although I guess you have already truncated it quite severely)

Hi, I just found the same issue. Was trying to get /api/ working through Postman with Home Assistant long-lived token (Bearer token) in user profile.

EKC provided a useful clue…
Found that, when generating the token, Chrome browser was only selecting the token text to the left of the first full-stop!. So this copied only the first 36 chars; whereas full token was 183 chars.

A way you can better see if you have the full token is to click the ‘Generate QR Code’.

5 Likes

And in my case, it turned out that I had a token from a different service on my clipboard and had lost track. It’s always something :joy:

My savior!
I had the same issue using firefox.
CTRL+A and then CTRL+V did the trick for me.
Maybe the text field of the popup should be resized in order to see all the text (and see what’s selected).
Also a “copy to clipboard” button should be a default for this kind of fields!
I’ll open an issue on GitHub.

Have a great day!

3 Likes

In case anybody has the same problem as me - posting to /api/template (and others) requires that the long-lived token is for a user in the Administrators group. If they’re only in Users, it will get a 401.

1 Like