Unexpected HTTP 401 on /engine-rest call

I am going through the process of enabling HTTP Basic Authentication on the Camunda REST API.

Prior to enabling authentication, I made sure the following curls produce the expected HTTP 200 result:

curl -v http://192.168.99.100:8080/engine-rest/engine
curl -v http://192.168.99.100:8080/engine-rest/process-instance

I then enabled basic authentication using these instructions

When I retest these:

curl -v http://192.168.99.100:8080/engine-rest/engine
curl -v http://192.168.99.100:8080/engine-rest/process-instance

The engine call works as expected. The process-instance call gets a 401 as expected.

I then encode my (real) userid and password:

$ echo "jon:not_my_real_password" | base64
am9uOm5vdF9teV9yZWFsX3Bhc3N3b3JkCg==

And add this as a header to the curl:

curl -v -H “Authorization: Basic am9uOm5vdF9teV9yZWFsX3Bhc3N3b3JkCg==” http://192.168.99.100:8080/engine-rest/process-instance

However, this also yields an HTTP 401.

Obviously, I used my real password to generate the userid:password encoding I used in practice.

I don’t understand why I am still getting HTTP 401 errors since I believed I followed the configuration instructions to the letter, and I encoded the credentials in the expected manner. The user I am using (jon) is the default admin user that is created when camunda starts for the first time. If I retry the curl too many times I start getting a 500 response from the API which indicates I have to unlock the user and when I do that from the admin console, I continue to get 401 errors from the process-instance API until I lock it out again.

Is there some other configuration I need to apply somewhere to make this work?

Ok, my error - the base64 encoding pipeline needed to strip the newline first, so:

$ echo "jon:not_my_real_password" | tr -d \\012 | base64
am9uOm5vdF9teV9yZWFsX3Bhc3N3b3Jk