How To Fix API Calls That Always Return 401 With Access Token

I stumbled across a problem when accessing the Gumroad API that always returns 401 when using an access token. Here is a solution for you!

You probably know Gumroad. Many people use it, but rather few know about their API. You can query products, sales, users, and more. They also provide instructions on how to access it properly. Or so I thought, at least. However, the web api always returns 401 HTTP status code (“Unauthorized”) when using the access token.

So, I created the app, obtained the access token, and wrote a small C# app that queries all sales using the RestSharp package. Here is the code:

Fun fact: The following cURL command works!

Join my free Medium Newsletter!

Get an overview of my new Medium content with my monthly newsletter. Save time and pick what you like to read!

Then, I used Dart because I thought that maybe C# or RestSharp had some default setting that prevented the call from working. However, my Dart example fails with the same error code.

The final solution came from ChatGPT because there aren’t really code examples for the Gumroad API available via a Google search. The AI pointed out that the standard way of including access tokens in HTTP requests is with the Authorization Bearer header field. I thought that it’s enough to use the same header fields as in the cURL request. And that was my mistake!

I should have asked an AI before using Google search. That would have saved me half an hour!

My short conversation with ChatGPT about the problem.
My short conversation with ChatGPT about the problem.

Here is the correct code:

And now, everything works as expected.


When your web API always returns 401 when using an access token, try the Authorization Bearer header. I was fooled by the cURL example that works differently.

Level up your Firebase skills!

Check out my free email course on Firebase fundamentals, and grab your copy of my Firebase ebooks. Start building amazing apps with Firebase today!

Related articles