Skip to content

Deploy returns 401

Q: deploy.sh (or my CI job) gets a 401. Why?

A 401 always means the deploy token wasn’t accepted. All failure modes look identical on purpose (missing, malformed, revoked, or wrong-secret tokens all give 401), so check:

  1. The Authorization header is present and shaped Bearer dpl_<id>.<secret> — the whole token, including the dpl_ prefix and the dot.
  2. The token hasn’t been revoked in your dashboard.
  3. No whitespace/newline crept in when you stored the secret in CI.

Tokens are shown only once at creation. If in doubt, revoke the old token and mint a fresh one from your site’s dashboard page.

Related: a 404 with a valid token usually means the INSTANCE_ID in your deploy URL doesn’t match the site the token was minted for — tokens are scoped to exactly one site.