when you say that it worked perfectly, did it actually work perfectly with GET /v1/users/me? when working with the v1 API, you’re supposed to exchange your access token for a JWT and then use the JWT to make requests. i believe that a typical pyinaturalist script skips the exchange, and it may work anyway with some requests like GET /v1/observations because of the way some of those routes work under the hood. but i believe that not every v1 request works with the access token.
did you use your new token? i think each token gets revoked when you get a new one for the user / application combination.
i just tried using an access token on POST /v1/observations/{id}/fave, and it worked fine, whereas the token did not work with GET /v1/users/me. meanwhile, a JWT worked fine for the latter. based on that, i don’t think there’s a bug here. i think the issue is that you’re using an access token instead of a JWT.
@tiwane or @pleary may want to know about this, if they’re not already aware, in case they have a way to short circuit this. looks like this is related to https://forum.inaturalist.org/t/import-csv-photo-link/68377. there, the user indicated that they intended to copy over 60,000 obs from another site, although looking at the source site, it’s unclear if those observations would all be their own observations. it looks like their script has copied over 22,000 observations so far since 2025-08-04, although a large chunk of the 6000 created today on 2025-08-11 are almost certainly erroneous duplicates of observations that have no photo.