HTTP 500 when trying to POST

Hi all,

I’m trying to connect to the iNat API using Unity (; on Windows). My GET calls are working, even authenticated ones, but when I POST I’m getting a 500 error with no additional details. I’m trying to POST an identification, and so far I’ve verified that:

  • I’m sending the correct JSON string
  • The information is valid, as tested in the example cURL command (it works with the provided example through the API page)

I’ve also tried testing sending an empty JSON (same error) and sending a bad JSON (provides the correct error that the JSON cannot be parsed.)

Any ideas what could be going wrong? For additional details, here’s my Unity code:

public static readonly string BaseUrl = "";
static readonly string UserAgent = "iNat+Unity by Josh Aaron Miller";

public void CreateIdentification(string postData){
            byte[] bodyRaw = System.Text.Encoding.UTF8.GetBytes(postData); //postData = {"identification": { "observation_id": 123, "taxon_id": 456, "current": true, "body": "string"}
            UnityWebRequest request = new UnityWebRequest(BaseUrl + "identifications/", "POST");
            request.uploadHandler = new UploadHandlerRaw(bodyRaw);
            request.uploadHandler.contentType = "application/json";
            request.downloadHandler = new DownloadHandlerBuffer();
            request.SetRequestHeader("content-type", "application/json");
            request.SetRequestHeader("accept", "application/json");

IEnumerator DoWebRequestAsync<T>(UnityWebRequest request){

// ... rate limiting code here

request.SetRequestHeader("User-Agent", UserAgent);
request.SetRequestHeader("Authorization", apiToken); //apiToken set elsewhere

yield return request.SendWebRequest();
while (!request.isDone)
        yield return null;

byte[] result =;
string json = System.Text.Encoding.Default.GetString(result);
Debug.Log(json); // {"error":"Error","status":500}

// ...

There may be something wrong in error handling on our end, but I’m seeing an InvalidAuthenticityToken for some of your Identification create requests. So I’d double check your Authorization header and how you’re sending it. I’m also not sure if you want the trailing slash at the end of identifications - I’d try removing that

Also, FYI, the example code provided on the API page is just example code, but there is no “example” or playground site. As a result you’ve created some IDs that seem erroneous (e.g. Please make sure to delete any data that isn’t accurate, and I’d recommend testing with real data to avoid erroneous submissions in the first place.

I’m not aware of anyone using the API within a Unity app yet. Planning on making a game of sorts, or visualizations? Good luck!


Thank you very much for your response! The InvalidAuthenticityToken actually gets correctly returned to me as a 401 error, I bet the problem is the trailing slash.

I will also be sure to remove the erroneous identifications I’ve posted, sorry!

Yes I am planning on making a game using the API, but I am first planning on simply releasing this integration as a free asset on the Unity asset store and open-source code on my GitHub, here. My hope is that the free pre-written package can inspire other developers to make games with iNaturalist, and my game can be one example of what cool things you can do with it.

Thank you so much again for your help and quick response, I’m very glad that if I have any questions I can come here for support.

Hmm, removing the trailing slash didn’t work. I also tested updating an identification (PUT) which also failed with a 500 error. And again, I don’t think the issue is authentication because I’m able to call authenticated GETs. Would it be possible for the server to return more information on 500 errors?

I can look into the response errors. I checked the server logs again, and it is indeed an InvalidAuthenticityToken error again. I see the authorization header for the GET requests, but not on the PUT or POST requests. I’ve never used Unity before so I’m not prepared to give advice on the code or why GET requests would behave differently from PUT or POSTS. I can just confirm your recent PUTs and POSTs don’t have an authorization header.

Oh, how strange! Okay, I will double check that then, thank you!

Gahhh, okay this was my fault, sorry! The assurance that it was an authentication error helped, I somehow missed setting the authentication. Chalk this one up to PEBKAC, although it would be nice to get a 401 error back instead of 500 in that case.