Netdata API: You need to be authorized to access this resource

On Netdata Cloud I logged in and created a token (User settings > API Tokens > Create New Token) with scope:all

My netdata web config:

[web] # ssl key = /opt/netdata/etc/netdata/ssl/key.pem # ssl certificate = /opt/netdata/etc/netdata/ssl/cert.pem # tls version = 1.3 # tls ciphers = none # ses max tg_des_window = 15 # des max tg_des_window = 15 mode = static-threaded # listen backlog = 4096 # default port = 19999 # bind to = * bearer token protection = yes # disconnect idle clients after = 1m # timeout for first request = 1m # accept a streaming request every = off # respect do not track policy = no # x-frame-options response header = # allow connections from = localhost * # allow connections by dns = heuristic # allow dashboard from = localhost * # allow dashboard by dns = heuristic # allow badges from = * # allow badges by dns = heuristic # allow streaming from = * # allow streaming by dns = heuristic # allow netdata.conf from = localhost fd* 10.* 192.168.* 172.16.* 172.17.* 172.18.* 172.19.* 172.20.* 172.21.* 172.22.* 172.23.* 172.24.* 172.25.* 172.26.* 172.27.* 172.28.* 172.29.* 172.30.* 172.31.* UNKNOWN # allow netdata.conf by dns = no # allow management from = localhost # allow management by dns = heuristic # enable gzip compression = yes # gzip compression strategy = default # gzip compression level = 3 # ssl skip certificate verification = no # web server threads = 6 # web server max sockets = 1024

Notice how only mode and bearer token protection are enabled.

I can access my Netdata through http://my-ip:19999 and public apis work fine. But when I try fetching a protected endpoint like this:

$client = new GuzzleHttp\Client(); $response = $client->get("http://my-ip:19999/api/v1/alarms", [ 'headers' => ['Authorization' => "Bearer {$this->netdataApiToken}"] ]);

I get this error:

Client error: `GET http://my-ip:19999/api/v1/alarms` resulted in a `412 Precondition Failed` response: You need to be authorized to access this resource

I tried creating several tokens and even doing curl by passing the token:

curl -H 'Accept: application/json' -H "Authorization: Bearer {TOKEN}" http://127.0.0.1:19999/api/v1/alarms

This responded with same error.

If I disable bearer token protection then it works fine, but my dashboard and apis become public.

How can I fix it?