API access always returns 401 Invalid credentials

Hello, I recently created a Hugging Face account and verified my email. I have generated multiple access tokens with read permissions, but every attempt to call the API endpoint https://huggingface.co/api/whoami fails with:

{“error”:“Invalid credentials in Authorization header”}

I’ve tried:

  • Multiple tokens
  • Logging out and logging back in
  • Deleting cookies and trying from incognito mode
  • Verifying that the token is active
  • Using curl and Python requests

But nothing works. Could you check if my account has an API restriction or if something else is wrong?

Thank you.

1 Like

Try https://huggingface.co/api/whoami-v2
Hub API Endpoints

This is actually a common problem with a simple fix. The most likely cause is the Authorization header format.

To resolve it make sure your API call uses this exact format:

Authorization: Bearer hf_your_token_here

(Note: “Bearer” with a space after it, then your token)

If that doesn’t work, then do a little effort and try this:

  1. Create one fresh token with just “READ” permissions
  2. Copy it carefully (no extra spaces)
  3. Test with this curl command:

bash

curl -H "Authorization: Bearer YOUR_NEW_TOKEN" https://huggingface.co/api/whoami

Most users solve it with the header format fix. If it still doesn’t work after trying a new token, it might be an account setting that Hugging Face support can quickly resolve.

1 Like