is the API-Bearer-Token-Authorization really working?

[RowhamD]

I'm trying to use the API from the just released V2.0 from the bash-command-line.

I'm able to get a access-token:
curl --location 'https://planka.mydomain.de/api/access-tokens' --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Bearer <token>' --data-raw '{ "emailOrUsername": "demo", "password": "demo", "withHttpOnlyToken": true}'
which responds:
{"item":"longTokenStringfOXeAOUfw"}

Trying to use this token as described here:
https://documenter.getpostman.com/view/48263477/2sB3HqJebc#b9994d3d-496b-479f-af8a-ed47d6e60d49
curl --location 'https://planka.mydomain.de/api/projects' --header 'Accept: application/json' --header 'Authorization: Bearer longTokenStringfOXeAOUfw'
always returns:
{"code":"E_UNAUTHORIZED","message":"Access token is missing, invalid or expired"}

Am I doing something wrong?!

[meltyshev]

Hey! The correct way to pass the API key is using the X-Api-Key header instead of Authorization. The Authorization header is only used for session-based authorization.

[RowhamD]

For everybody else looking for API-access:

I just found this: #1254
...and I can confirm that
curl --location 'https://planka.mydomain.de/api/projects' --header 'Accept: application/json' --header 'X-Api-Key: KeyFromGUI'
is working.
So, personally I'm satisfied and can use the API.

But the question about the Bearer-Token still remains.