Hello, I recently created a Hugging Face account and verified my email. I have generated multiple access tokens with read permissions, but every attempt to call the API endpoint https://huggingface.co/api/whoami fails with:
{“error”:“Invalid credentials in Authorization header”}
I’ve tried:
- Multiple tokens
- Logging out and logging back in
- Deleting cookies and trying from incognito mode
- Verifying that the token is active
- Using curl and Python requests
But nothing works. Could you check if my account has an API restriction or if something else is wrong?
Thank you.
1 Like
This is actually a common problem with a simple fix. The most likely cause is the Authorization header format.
To resolve it make sure your API call uses this exact format:
Authorization: Bearer hf_your_token_here
(Note: “Bearer” with a space after it, then your token)
If that doesn’t work, then do a little effort and try this:
- Create one fresh token with just “READ” permissions
- Copy it carefully (no extra spaces)
- Test with this curl command:
bash
curl -H "Authorization: Bearer YOUR_NEW_TOKEN" https://huggingface.co/api/whoami
Most users solve it with the header format fix. If it still doesn’t work after trying a new token, it might be an account setting that Hugging Face support can quickly resolve.
1 Like