Error in API Recommended Practices JWT instructions

Platform: Website

Browser: Any


Description of problem:

Under the “Authentication” section of the API recommended practices page, the instructions read "Include the JWT in an HTTP Authentication header, e.g. Authentication: YOUR_JWT"

These instructions are incorrect, and if followed, the header is ignored. The instructions should read "Include the JWT in an HTTP Authorization header, e.g. Authorization: Bearer YOUR_JWT"

This agrees with the report in posting as well as the HTTP spec and I have tested it as working.


the referenced post actually is talking about something slightly different than what the API recommended practices is talking about, but you’re right that the required syntax is the same and that the syntax noted on the recommended practices page is not quite right:

  1. you need to specify an Authorization header, not an Authentication header, and
  2. you need to specify Bearer as the Authorization type (before the token)
1 Like