Using Any API Method (e.g. ./remarkable.php list) Post register is Failing with 401

[funkeyfreak]

As the title suggests, I am unable to successfully call any endpoint - even after I call remarkable.php register <valid-registration-code>.

This may even be an issue with the overall usage of remarkable's endpoints, as I have been unable to call their endpoints directly.

Steps to reproduce:

1. Query for a new token:

   	GET: https://webapp-production-dot-remarkable-production.appspot.com/token/json/2/device/new`
   

   	 { 
   	      "code": "fuzzbuzz",
   	      "deviceDesc": "desktop-windows",
   	      "deviceID": "160022F6-EA84-42C7-B413-C1F5C6C3112F"
   	 }

2. Fetch a refresh token:

   	POST: https://webapp-production-dot-remarkable-production.appspot.com/token/json/2/user/new
   	--header 'Authorization: Bearer eyJ...'
   

3. Take the token from step 2, and validate the document endpoint:

   	GET: https://service-manager-production-dot-remarkable-production.appspot.com/service/json/1/document-storage?environment=production&group=auth0%7C5a68dc51cb30df3877a1d7c4&apiVer=2
   	--header 'Authorization: Bearer eyJ...'
   

   Which returns

   	{
   	      "Status": "OK",
   	      "Host": "document-storage-production-dot-remarkable-production.appspot.com"
   	}

4. Take this endpoint, and query the docs endpoint

   	GET: https://document-storage-production-dot-remarkable-production.appspot.com/document-storage/json/2/docs
   	--header 'Authorization: Bearer eyJ...'
   

   Which returns a 401: Unauthorized status code. What am I missing?

[polletfa]

It seems all community projects are affected. See rschroll/rmfuse#42 or benoitsepe/reMarkable-typescript#34. Other projects I am using have stopped working as well. There must have been a change in the API.

[KlimaRitter]

Is this going to be fixed anytime soon? :)

[ratthing]

Bumping this up to report the same problem.

[jacks4ever]

Bumping as well, since I am experiencing the same issue.

[elvijs]

Same here

[JulienElkaim]

same issue here, missing kid

[Yury-Zakharov]

I used a Windows desktop app and Fiddler (my trial expired already, would be nice if someone pick up from here).

Looks like they changed the workflow - from what I've seen the desktop app does the following:

• on start it refreshes the token, sending the one it got on registration (my app was registered about two years ago and apparently it stores this initial token internally. This token has no expiry date but is used only to get fresh one)
• using this fresh (session) token gets the url to raw google store endpoint
• interacts with this endpoint in a very strange manner - in post request sends the operation it wants to perform (get, put, etc) and receives this operation url and some sort of security token, with very limited lifetime.
• calls the url received to get or update the actual file, security token is passed in a query string.

Did not have much time to analyse this communication, can provide the logs though...

I understand that I don't understand something - why rM folks do not provide public straightforward API to their cloud?