Persistent 400 Error: "Header name must be a valid HTTP token" on Service Invocation

General
1

Dear Backendless Support Team,

I am encountering a persistent issue when trying to invoke a custom Cloud Code service method from my Flutter application and also from the Backendless Console’s “Invoke with” interface.

Problem:
When calling the service method StripeService.createCheckoutSession, the request is rejected by Backendless with an HTTP status code 400 and the following error message in the response body:
{"code":0,"message":"Header name must be a valid HTTP token [\"\"Authorization\"\"]","errorData":{}}

Context & Steps Taken:

  1. The call is intended to be an authenticated request from a user who is logged in via the Backendless Flutter SDK.
  2. In the Flutter app, I am using Backendless.userService.getUserToken() to retrieve the current user’s authentication token and setting the Authorization header in an http.post request like this: 'Authorization': 'Bearer <user_token>'. Debug prints confirm that a non-null, non-empty token is obtained and the header is formatted correctly in the client logs.
  3. Crucially, the EXACT SAME ERROR (Status 400, same message) occurs when I invoke the StripeService.createCheckoutSession method from the Backendless Console’s “Invoke with” interface AFTER successfully logging in with a user who has permissions for the service.

Backendless Configuration Verified:

  1. I have checked the Service Permissions for StripeService.
  2. Under the “Permissions” tab → “ROLES PERMISSIONS”, I have confirmed that the NotAuthenticatedUser role does NOT have “Invoke” permission for StripeService (specifically checked “All Methods” which applies, or could be checked just for createCheckoutSession).
  3. The AuthenticatedUser role DOES have “Invoke” permission for StripeService (“All Methods” or createCheckoutSession).
  4. Specific USER PERMISSIONS for relevant user emails are also set to “Invoke”.
  5. I have reviewed the Service Configuration, Operation Parameters for createCheckoutSession, and the Cloud Code logic, but the error seems to occur at the initial validation layer before the code runs.

Conclusion:
Based on these findings, it appears that the Backendless platform is incorrectly rejecting the Authorization: Bearer <token> header during the initial validation phase for this specific service method, even when the header is correctly formatted and the user is authenticated with appropriate permissions. This issue seems to be on the Backendless server side in my application instance, as it replicates in the authenticated console test.

Request:
Could you please investigate why authenticated requests to my StripeService.createCheckoutSession method are being rejected with the “Header name must be a valid HTTP token” error, despite the correct header format and valid user permissions?

Application ID: E64A3656-6C21-495E-811B-66D223AE5176
Service Name: StripeService
Method Name: createCheckoutSession
User Email Used for Console Test: kaiznkinc

Thank you for your assistance.

Best regards,

Kaiznk

2

Hello @Kaiz_Inc

Can you tell me, does the error only occur when calling a method using Flutter? If you call the method from the console in CloudCode, it works as expected?

Regards,
Inna