Get help on Discord

Error with authentication header causing 500 error on Vercel deployment

3 replies
Last updated: Nov 2, 2022
Hey everyone, I've built a blog using sanity and it works perfectly on localhost but I get this error on vercel and my custom domain
[POST] /api/createComment
11
:25:26:54Function Status:
500
Edge Status:
500
Duration:
187.70 ms
Init Duration:
452.30 ms
Memory Used:
97 MB
ID:
fra1:
:iad1::rnkqn-1667298326144-3e8618cfc162User Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36

2022-11-01T10:25:27.398Z	9d7c638c-8015-4f29-b2a9-48627dd96809	WARN	Using the Sanity client without specifying an API version is deprecated. See <https://docs.sanity.io/help/js-client-api-version>
2022-11-01T10:25:27.439Z	9d7c638c-8015-4f29-b2a9-48627dd96809	ERROR	TypeError [ERR_INVALID_CHAR]: Invalid character in header content ["authorization"]
    at ClientRequest.setHeader (node:_http_outgoing:579:3)
    at new ClientRequest (node:_http_client:262:14)
    at Object.request (node:https:353:10)
    at module.exports (/var/task/node_modules/get-it/lib-node/request/node-request.js:133:29)
    at /var/task/node_modules/get-it/lib-node/index.js:50:24
    at Object.publish (/var/task/node_modules/nano-pubsub/index.js:18:22)
    at Observable._subscribe (/var/task/node_modules/get-it/lib/middleware/observable.js:32:26)
    at Observable._trySubscribe (/var/task/node_modules/rxjs/internal/Observable.js:44:25)
    at Observable.subscribe (/var/task/node_modules/rxjs/internal/Observable.js:30:22)
    at Observable._subscribe (/var/task/node_modules/@sanity/client/lib/sanityClient.js:123:68) {
  code: 'ERR_INVALID_CHAR'
}
Any ideas
AI Update

The error you're seeing is related to an invalid character in the authorization header of your Sanity client configuration. This typically happens when there are whitespace characters (like newlines or spaces) in your token or when environment variables aren't being read correctly in production.

Here are the most common causes and solutions:

1. Check your environment variable for whitespace

The most likely culprit is extra whitespace in your Sanity token environment variable. In Vercel, go to your project settings → Environment Variables and make sure your SANITY_API_TOKEN (or whatever you named it) doesn't have any:

  • Leading or trailing spaces
  • Newline characters
  • Tab characters

Re-paste the token directly from your Sanity dashboard to ensure it's clean.

2. Trim the token in your code

As a safeguard, explicitly trim your token when initializing the client:

import {createClient} from '@sanity/client'

const client = createClient({
  projectId: process.env.NEXT_PUBLIC_SANITY_PROJECT_ID,
  dataset: process.env.NEXT_PUBLIC_SANITY_DATASET,
  apiVersion: '2023-05-03', // This also fixes your deprecation warning
  token: process.env.SANITY_API_TOKEN?.trim(),
  useCdn: false
})

3. Specify an API version

Your logs show a deprecation warning about not specifying an API version. While this isn't causing your error, you should add apiVersion to your client configuration (as shown above) using today's date or the date you want your queries to be locked to.

4. Check environment variable naming

Make sure your environment variable in Vercel matches exactly what you're calling in your code. If you're using the token in an API route, it should NOT be prefixed with NEXT_PUBLIC_ (that would expose it to the browser). Server-side environment variables should be named something like SANITY_API_TOKEN or SANITY_WRITE_TOKEN.

5. Redeploy after changing environment variables

After updating environment variables in Vercel, you need to trigger a new deployment for the changes to take effect. Simply saving them isn't enough.

The "Invalid character in header content" error specifically points to the authorization header having unexpected characters, so cleaning up that token should resolve your issue. Let me know if you're still seeing problems after trying these steps!

Hey
user M
! If you follow the link in that error it'll show you how to set an API version on your client. That should clear up the error!
I don’t think it has to do with the sanity client, as that’s only a warning.
This is the actual error:

ERROR	TypeError [ERR_INVALID_CHAR]: Invalid character in header content ["authorization"]
I’m seeing this same error on my next.js revalidate webhook endpoint on Vercel. Could it be perhaps that the authentication header of the webhooks have changed on the Sanity end?

I wonder if not more people see their webhooks failing?
Hey, thanks for the replys. Simple mistake. Just had a blank space included at the end of the API token in vercel.

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?