Error in API Recommended Practices JWT instructions

Bosmon · February 11, 2021, 2:48pm

Platform: Website

Browser: Any

URLs: https://www.inaturalist.org/pages/api+recommended+practices

Description of problem:

Under the “Authentication” section of the API recommended practices page, the instructions read "Include the JWT in an HTTP Authentication header, e.g. Authentication: YOUR_JWT"

These instructions are incorrect, and if followed, the header is ignored. The instructions should read "Include the JWT in an HTTP Authorization header, e.g. Authorization: Bearer YOUR_JWT"

This agrees with the report in posting https://forum.inaturalist.org/t/how-does-one-turn-an-authorization-code-into-a-jwt/13528 as well as the HTTP spec and I have tested it as working.

pisum · February 11, 2021, 5:31pm

the referenced post actually is talking about something slightly different than what the API recommended practices is talking about, but you’re right that the required syntax is the same and that the syntax noted on the recommended practices page is not quite right:

you need to specify an Authorization header, not an Authentication header, and
you need to specify Bearer as the Authorization type (before the token)

Topic		Replies	Views
How does one turn an authorization code into a jwt? General question	3	579	August 18, 2020
Redirect api.inaturalist.org to https://api.inaturalist.org/v1/docs/ by default Feature Requests api	2	440	July 18, 2020
API authentication help General	7	329	October 6, 2023
Allow API authentication without write access Feature Requests api	5	522	January 21, 2022
User-Agent header disallowed via ‘Access-Control-Allow-Headers’ in API Bug Reports api	5	3736	August 22, 2021

Error in API Recommended Practices JWT instructions

Related Topics