Deploy returns 401
Q: deploy.sh (or my CI job) gets a 401. Why?
A 401 always means the deploy token wasn’t accepted. All failure modes look identical on purpose (missing, malformed, revoked, or wrong-secret tokens all give 401), so check:
- The
Authorizationheader is present and shapedBearer dpl_<id>.<secret>— the whole token, including thedpl_prefix and the dot. - The token hasn’t been revoked in your dashboard.
- No whitespace/newline crept in when you stored the secret in CI.
Tokens are shown only once at creation. If in doubt, revoke the old token and mint a fresh one from your site’s dashboard page.
Related: a 404 with a valid token usually means the INSTANCE_ID in your
deploy URL doesn’t match the site the token was minted for — tokens are
scoped to exactly one site.