Prisma 1 Forum

Your token is invalid. It might have expired or you might be using a token from a different project

I’ve been building an application for students with user authentication for a while now, and I’ve spent the last week trying to debug Network Errors that I’ve been receiving when I try to issue GraphQL Queries or Mutations. Right now I’m getting this error on the front-end (on my user signup page):
“Uncaught (in promise) Error: Network error: Unexpected token < in JSON at position 0”

And this error if I try to run the server on playground:

"utils.ts:8 Error: {
  "errors": [
      "message": " Your token is invalid. It might have expired or you might be using a token from a different project.",
      "code": 3015,
      "requestId": "api:api:cjfsrta3ay74z0a42eoacdq2p"

Please help me fix this. Thank you.

This error message is returned by a Prisma API, if it is protected with a secret, but the incoming request either

  • has no Authorization header
  • uses an invalid token for the Authorization header
  • uses an expired token for the Authorization header

You can read more about authentication in a Prisma API here.

How are you connecting to the Prisma API?

The index.js file in my /server/src folder looks like this:

const { GraphQLServer } = require('graphql-yoga')
const { Prisma } = require('prisma-binding')
const { resolvers } = require('./resolvers')

const server = new GraphQLServer({
  typeDefs: './schema.graphql',
  context: req => ({
    db: new Prisma({
      typeDefs: './generated/prisma.graphql',
      endpoint: process.env.PRISMA_ENDPOINT,
      secret: process.env.PRISMA_SECRET,
      debug: true,

server.start(({ port }) => console.log('Server is running on http://localhost:${port}'))

And /server/.env is:


Is mysecret123 the secret you deployed to your service?

You can just deploy the secret again to make sure :slight_smile:

Yes, mysecret123 is the secret I deployed.

The way I have attached the Authorization headers is by setting up a middleware link in my index.js file that does the following:

const middlewareLink = new ApolloLink((operation, forward) => {
  const tokenValue = localStorage.getItem(AUTH_TOKEN)
    headers: {
      Authorization: tokenValue ? `Bearer ${tokenValue}` : '',
  return forward(operation)

Regardless, I receive the same error even when I set disableAuth: true in my prisma.yml file and deploy it.

Can you provide a minimal setup to reproduce this in a new Github repository?

I have the same problem. I double check the environment variables, If I remove the secret everything works like a charm. When I add the secret, bad thing happens.

I had the same problem, and turned out it because I use env variables in the prisma.yml file.
And for deploy i use prisma deploy --env-file ../.env which didn’t update the secret.

after some time I found out that it only work when hard coding the secret to the prisma.yml file :confused:
to solve this, I use this guy solution

in my case i change the command to env $(cat ../.env | xargs) prisma deploy , and it work.
hope this help someone.