Help with bulk API complete

I am working on a script to bulk complete tasks, the following is a relevant code snippet:

req.body = JSON.stringify({
  "done" : true,
  "task_ids" : [


{"message":"missing, malformed, expired or otherwise invalid token provided"}

If anyone could send help I would be very grateful :ring_buoy:

The error message states that your authentication token is not set correctly. Did you create an API token and are sending this along with your request?

I’ll share my (sanitized) script below, I use the same api key for other scripts with no problem. I will go ahead and generate a new key for testing this though and report back tonight!
Full (sanitized) script:

const url = '';

var test = url
var req = new Request(test);

req.method = 'POST';
req.body = JSON.stringify({
  "done" : true,
  "task_ids" : [
req.headers ={
  'Authorization': 'Bearer my_api_key_here'
var result = await req.loadJSON();


New API token has the same result. I am running on the Unstable build to get tosoist migrated, I can update to latest and retest later on.

The same happens when running a simple request using Postman against the try instance, so it doesn’t seem to be version related. It seems to be related to the use of API tokens.

When using the login endpoint to obtain a JWT token (you need the username and password of a user though which obviously defeats the purpose of using API tokens) and running the same bulk update it works fine.

I’m afraid I won’t be able to help much more :frowning:

1 Like

Totally okay! I’ll post an issue on git, see if that gets more eyes on it. Mostly wanted to make sure I wasn’t missing something, also included:

'Content-Type': 'application/json'

In my headers to the same result doing blind troubleshooting. :clinking_glasses:

Could you share a script for login? Trying to form one but my brain is fried.

I’m reasonably certain it has something to do with JWT / user tokens vs API tokens, because it does work when using the JWT token. I’m not using a script, I’m using postman. Its essentially like this (the variable base_url is set to

And then simply using this token to do the same request you have in your script, just with different task IDs:

I just built a python script that runs a login request and uses the token for my bulk change, thank you for the help, I just wanted to get something built for personal use so this totally works for me! Can share if anyone needs it!!

1 Like

Looks like the permissions are not checked properly for the bulk endpoint (this kinda makes sense when considering how it works under the hood). I’ll take a look