[Bug]: error on sending notification to android devices using curl and php about new rich api introduced the 14/11/2024

[qasmmaoui]

What happened?

the latest api always retruns the same response
{"errors": ["Access denied. Please include an 'Authorization: ...' header with a valid API key (https://documentation.onesignal.com/docs/accounts-and-keys)."]}

Steps to reproduce?

use url and latest version of rich api as mensioned in the docs ( used botyh key and Basic befor rich key )
curl --request POST \
     --url 'https://api.onesignal.com/notifications' \
     --header 'Authorization: Key NEW_RICH_KEY_API' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "app_id": "APP_ID",
  "target_channel": "push",
  "headings": {"en": "English Title", "es": "Spanish Title"},
  "contents": {"en": "English Message", "es": "Spanish Message"},
  "include_subscription_ids": [
    "SUBSCRIBER_ID"
  ]
}
'

(On the 14th of November 2024, we announced the new rich API key system described above and started deprecating legacy API keys. Legacy user API keys will be deprecated on the 1st of March 2025, and legacy app API keys will be deprecated in Q1 2026. We'll follow up with further communications closer to these dates.

To continue using the API, your apps need to migrate to using the new rich API keys described above. This migration is easy, and takes only a few minutes:

Follow the instructions above to create a new rich API key.
Update the key in your codebase so it uses the new rich key, removing the old legacy key.
Make sure your API requests are using https://api.onesignal.com and not the legacy https://onesignal.com/api/v1/ URL.
Click the "Disable Legacy Key" button in the app Keys & IDs page.)

What did you expect to happen?

receuve push on the emulator
instead im revecing error on curl execution

OneSignal Android SDK version

5.1.21

Android version

15

Specific Android models

android emulator API 33

Relevant log output

{"errors": ["Access denied.  Please include an 'Authorization: ...' header with a valid API key (https://documentation.onesignal.com/docs/accounts-and-keys)."]}

Code of Conduct

• I agree to follow this project's Code of Conduct

[jinliu9508]

Hello @qasmmaoui, it looks like you have Identity Verification turned on and when this option is on, an authorization token is required to complete the transactions. If you had this turned on by accident, you can turn it off by going to OneSignal Console -> Setting -> Key & IDs -> API Keys -> Required Identity Verification

[qasmmaoui]

hello @jinliu9508 thank you very much for your feedback , unfortunately its not enabled the only option i have mentioning identity validation is this Identity Verification for email + external_id (recommended) and its not enabled
see attachement

[jinliu9508]

@qasmmaoui Could you confirm that you are are using the key from the app not the organization?

[qasmmaoui]

yes of course see attachmenet