I stumbled across a problem when accessing the Gumroad API that always returns 401 when using an access token. Here is a solution for you!
You probably know Gumroad. Many people use it, but rather few know about their API. You can query products, sales, users, and more. They also provide instructions on how to access it properly. Or so I thought, at least. However, the web api always returns 401 HTTP status code (“Unauthorized”) when using the access token.
So, I created the app, obtained the access token, and wrote a small C# app that queries all sales using the RestSharp package. Here is the code:
Fun fact: The following cURL command works!
Then, I used Dart because I thought that maybe C# or RestSharp had some default setting that prevented the call from working. However, my Dart example fails with the same error code.
The final solution came from ChatGPT because there aren’t really code examples for the Gumroad API available via a Google search. The AI pointed out that the standard way of including access tokens in HTTP requests is with the Authorization Bearer header field. I thought that it’s enough to use the same header fields as in the cURL request. And that was my mistake!
I should have asked an AI before using Google search. That would have saved me half an hour!
Here is the correct code:
And now, everything works as expected.
When your web API always returns 401 when using an access token, try the Authorization Bearer header. I was fooled by the cURL example that works differently.