Error in API Recommended Practices JWT instructions

Bosmon · February 11, 2021, 2:48pm

Platform: Website

Browser: Any

URLs: https://www.inaturalist.org/pages/api+recommended+practices

Description of problem:

Under the “Authentication” section of the API recommended practices page, the instructions read "Include the JWT in an HTTP Authentication header, e.g. Authentication: YOUR_JWT"

These instructions are incorrect, and if followed, the header is ignored. The instructions should read "Include the JWT in an HTTP Authorization header, e.g. Authorization: Bearer YOUR_JWT"

This agrees with the report in posting https://forum.inaturalist.org/t/how-does-one-turn-an-authorization-code-into-a-jwt/13528 as well as the HTTP spec and I have tested it as working.

pisum · February 11, 2021, 5:31pm

the referenced post actually is talking about something slightly different than what the API recommended practices is talking about, but you’re right that the required syntax is the same and that the syntax noted on the recommended practices page is not quite right:

you need to specify an Authorization header, not an Authentication header, and
you need to specify Bearer as the Authorization type (before the token)

Topic		Replies	Views
Trouble with api_token authorization at https://api.inaturalist.org/v1/docs/#!/Comments/post_comments Bug Reports	6	494	September 22, 2020
How does one turn an authorization code into a jwt? General question	3	611	August 18, 2020
Redirect api.inaturalist.org to https://api.inaturalist.org/v1/docs/ by default Feature Requests api	2	467	July 18, 2020
API authentication help General	7	438	October 6, 2023
iNaturalist API requests? Bug Reports	4	255	September 23, 2024

Error in API Recommended Practices JWT instructions

Related topics