Invalid API token generated

Following the steps in the Authentication section of the API documentation, it describes simply putting the snippet in your console while being logged in to your app, then using it in the Get Schema endpoint.

What happen?
API returns

401 Unauthorized
{"message":"jwt malformed"}

What was expected to happen?

  1. Getting a full and valid JWT from the initial token generation command.
  2. A response with the schema, as shown in the example.

I suspect that the token generated returns only a part of it. It does not conform to the JWT format of [header].[payload].[verify].
Sample (invalidated): u72eaff3.874aced889f24a44881c2g6770de3h22e8f

Hello. Could your please send XHR of the request that you execute and get “jwt malformed” as a response. Or just send body and headers of the request.


As I performed the query again to show you everything in one screenshot, I moved where token is placed and got the expected response. Confused me how it would work now, so I tested previous setup.

Seems I presumed wrong prefix for Postman’s ‘Authorization’, so it sent Authorization: Bearer {token} instead of Authorization: Token {token}. My bad, I should have tested that. Sorry for wasting your time.

TL;DR it sent Bearer {token} when Token {Token} was required, and it responded with jwt malformed.

Yep, that was the reason of the error. We do use jwt tokens internally, that’s why ‘Bearer’ schema (which is a part of jwt spec) is supported on our side. But our api tokens, that we allow users to generate, are not jwt tokens. At you’ve correctly spotted this in original question. That’s why we use ‘Token’ schema in Authorization header.