Icloud connect not working: HTTP error 400

What is the problem you are having with rclone?

On Ubuntu 24.04 with official Snap of rclone 1.70.3 the connection to iclouddrive does not work.

Run the command 'rclone version' and share the full output of the command.

rclone version
rclone v1.70.3

• os/version: ubuntu 24.04 (64 bit)
• os/kernel: 6.14.0-24-generic (x86_64)
• os/type: linux
• os/arch: amd64
• go/version: go1.24.4
• go/linking: static
• go/tags: snap

Which cloud storage system are you using? (eg Google Drive)

iCloud Drive

The command you were trying to run

rclone config reconnect icloud: -v
Error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
Usage:
  rclone config reconnect remote: [flags]

Flags:
  -h, --help   help for reconnect

Use "rclone [command] --help" for more information about a command.
Use "rclone help flags" for to see the global flags.
Use "rclone help backends" for a list of supported services.

2025/07/20 15:30:25 NOTICE: Fatal error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"

The rclone config contents with secrets removed.

[icloud]
type = iclouddrive
apple_id = <myappleid>
password = <mypasswordhash>
description = Linux Ubuntu24.04

A log from the command with the -vv flag

025/07/20 15:32:08 DEBUG : rclone: Version "v1.70.3" starting with parameters ["/snap/rclone/550/bin/rclone" "config" "reconnect" "icloud:" "--log-file=rclone.log" "-vv"]
2025/07/20 15:32:08 DEBUG : Using config file from "/home/hauke/snap/rclone/550/.config/rclone/rclone.conf"
2025/07/20 15:32:08 DEBUG : icloud: config in: state="", result=""
2025/07/20 15:32:08 DEBUG : icloud: Authenticating as <removed>
2025/07/20 15:32:09 DEBUG : icloud: config out: out=<nil>, err=HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
Error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
Usage:
  rclone config reconnect remote: [flags]

Flags:
  -h, --help   help for reconnect

Use "rclone [command] --help" for more information about a command.
Use "rclone help flags" for to see the global flags.
Use "rclone help backends" for a list of supported services.

2025/07/20 15:32:09 NOTICE: Fatal error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"

welcome to the forum,

the snap version has limitations as compared to the non-snap rclone executable.
test using the non-snap version.

I too have never gotten iCloud to work . I posted here in the Forum a few months ago and there were zero replies. It got moved by somebody into the bug area but then nobody ever did anything with it. Simply closed after a month.

I am having the same issue on Mac using terminal. I tried to update the token, tried deleting the remote and re-adding the remote (including clearing iCloud info from the config file). I do not even get prompted for 2FA. This is what i get when i try to add an icloud remote on Mac.

2025/07/22 19:00:25 NOTICE: Fatal error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"

rclone version

rclone v1.70.3

- os/version: darwin 13.7.6 (64 bit)

- os/kernel: 22.6.0 (x86_64)

- os/type: darwin

- os/arch: amd64

- go/version: go1.24.4

- go/linking: dynamic

- go/tags: cmount

Which cloud storage system are you using? (eg Google Drive)

iCloud Drive

The command you were trying to run

rclone config

n) new remote

61 / iCloud Drive
   \ (iclouddrive)

The rclone config contents with secrets removed.

Note: this is the entire entry for iCloud, there is no token etc.

type = iclouddrive
apple_id = xxx
password = xxx

A log from the command with the -vv flag

2025/07/22 19:14:45 DEBUG : icloud2: config in: state="*all-advanced", result="false"
2025/07/22 19:14:45 DEBUG : icloud2: config out: out=&{State:*postconfig Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/22 19:14:45 DEBUG : icloud2: config in: state="*postconfig", result=""
2025/07/22 19:14:45 DEBUG : icloud2: config in: state="", result=""
2025/07/22 19:14:46 DEBUG : icloud: Authenticating as xxxxxxxx
2025/07/22 19:14:46 DEBUG : icloud2: config out: out=<nil>, err=HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
2025/07/22 19:14:46 DEBUG : icloud2: config out: out=<nil>, err=HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
Error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
Usage:
  rclone config [flags]
  rclone config [command]

Available commands:
  create      Create a new remote with name, type and options.
  delete      Delete an existing remote.
  disconnect  Disconnects user from remote
  dump        Dump the config file as JSON.
  edit        Enter an interactive configuration session.
  encryption  set, remove and check the encryption for the config file
  file        Show path of configuration file in use.
  password    Update password in an existing remote.
  paths       Show paths used for configuration, cache, temp etc.
  providers   List in JSON format all the providers and options.
  reconnect   Re-authenticates user with remote.
  redacted    Print redacted (decrypted) config file, or the redacted config for a single remote.
  show        Print (decrypted) config file, or the config for a single remote.
  touch       Ensure configuration file exists.
  update      Update options in an existing remote.
  userinfo    Prints info about logged in user of remote.

Flags:
  -h, --help   help for config

Use "rclone [command] --help" for more information about a command.
Use "rclone help flags" for to see the global flags.
Use "rclone help backends" for a list of supported services.

2025/07/22 19:14:46 NOTICE: Fatal error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"

I'm getting the same error that you are.
At least we have that in common.

I tried today with advanced config, maybe there's some helpful information in here.

2025/07/23 08:17:12 DEBUG : rclone: Version "v1.70.3" starting with parameters ["rclone" "config" "edit" "-vv"]
2025/07/23 08:17:12 DEBUG : Using config file from "~/.config/rclone/rclone.conf"
Current remotes:

Name                 Type
====                 ====
box                  box
icloud2              iclouddrive

e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> e

Select remote.
Choose a number from below, or type in an existing value.
 1 > box
 2 > icloud2
remote> 2

Editing existing "icloud2" remote with options:
- type: iclouddrive
- apple_id: email@email.com
- password: *** ENCRYPTED ***

2025/07/23 08:17:19 DEBUG : icloud2: config in: state="*all", result=""
2025/07/23 08:17:19 DEBUG : icloud2: config out: out=&{State:*all-set,0,false Option:email@email.com OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:19 DEBUG : icloud2: config: reading config parameter "apple_id"
Option apple_id.
Apple ID.
Enter a value of type string. Press Enter for the default (email@email.com).
apple_id> 

2025/07/23 08:17:21 DEBUG : icloud2: config in: state="*all-set,0,false", result="email@email.com"
2025/07/23 08:17:21 DEBUG : icloud2: config out: out=&{State:*all,1,false Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:21 DEBUG : icloud2: config in: state="*all,1,false", result=""
2025/07/23 08:17:21 DEBUG : icloud2: config out: out=&{State:*all-set,1,false Option:<xxxxapple IDxxx> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:21 DEBUG : icloud2: config: reading config parameter "password"
Option password.
Password.
Choose an alternative below. Press Enter for the default (n).
y) Yes, type in my own password
g) Generate random password
n) No, keep existing (default)
y/g/n> 

2025/07/23 08:17:22 DEBUG : icloud2: config in: state="*all-set,1,false", result="<password>"
2025/07/23 08:17:22 DEBUG : icloud2: config out: out=&{State:*all,2,false Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:22 DEBUG : icloud2: config in: state="*all,2,false", result=""
2025/07/23 08:17:22 DEBUG : icloud2: config out: out=&{State:*all,3,false Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:22 DEBUG : icloud2: config in: state="*all,3,false", result=""
2025/07/23 08:17:22 DEBUG : icloud2: config out: out=&{State:*all,4,false Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:22 DEBUG : icloud2: config in: state="*all,4,false", result=""
2025/07/23 08:17:22 DEBUG : icloud2: config out: out=&{State:*all,5,false Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:22 DEBUG : icloud2: config in: state="*all,5,false", result=""
2025/07/23 08:17:22 DEBUG : icloud2: config out: out=&{State:*all,6,false Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:22 DEBUG : icloud2: config in: state="*all,6,false", result=""
2025/07/23 08:17:22 DEBUG : icloud2: config out: out=&{State:*all,7,false Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:22 DEBUG : icloud2: config in: state="*all,7,false", result=""
2025/07/23 08:17:22 DEBUG : icloud2: config out: out=&{State:*all-advanced Option:false OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:22 DEBUG : icloud2: config: reading config parameter "config_fs_advanced"
Edit advanced config?
y) Yes
n) No (default)
y/n> y

2025/07/23 08:17:25 DEBUG : icloud2: config in: state="*all-advanced", result="true"
2025/07/23 08:17:25 DEBUG : icloud2: config out: out=&{State:*all,0,true Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:25 DEBUG : icloud2: config in: state="*all,0,true", result=""
2025/07/23 08:17:25 DEBUG : icloud2: config out: out=&{State:*all,1,true Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:25 DEBUG : icloud2: config in: state="*all,1,true", result=""
2025/07/23 08:17:25 DEBUG : icloud2: config out: out=&{State:*all,2,true Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:25 DEBUG : icloud2: config in: state="*all,2,true", result=""
2025/07/23 08:17:25 DEBUG : icloud2: config out: out=&{State:*all,3,true Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:25 DEBUG : icloud2: config in: state="*all,3,true", result=""
2025/07/23 08:17:25 DEBUG : icloud2: config out: out=&{State:*all,4,true Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:25 DEBUG : icloud2: config in: state="*all,4,true", result=""
2025/07/23 08:17:25 DEBUG : icloud2: config out: out=&{State:*all-set,4,true Option: <xxxxxx> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:25 DEBUG : icloud2: config: reading config parameter "client_id"
Option client_id.
Client id
Enter a value of type string. Press Enter for the default (xxxxxxx).
client_id> 

2025/07/23 08:17:40 DEBUG : icloud2: config in: state="*all-set,4,true", result="xxxxxxx"
2025/07/23 08:17:40 DEBUG : icloud2: config out: out=&{State:*all,5,true Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:40 DEBUG : icloud2: config in: state="*all,5,true", result=""
2025/07/23 08:17:40 DEBUG : icloud2: config out: out=&{State:*all-set,5,true Option:Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:40 DEBUG : icloud2: config: reading config parameter "encoding"
Option encoding.
The encoding for the backend.
See the [encoding section in the overview](/overview/#encoding) for more info.
Enter a value of type Encoding. Press Enter for the default (Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot).
encoding> 

2025/07/23 08:17:52 DEBUG : icloud2: config in: state="*all-set,5,true", result="Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot"
2025/07/23 08:17:52 DEBUG : icloud2: config out: out=&{State:*all,6,true Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:52 DEBUG : icloud2: config in: state="*all,6,true", result=""
2025/07/23 08:17:52 DEBUG : icloud2: config out: out=&{State:*all-set,6,true Option: OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:52 DEBUG : icloud2: config: reading config parameter "description"
Option description.
Description of the remote.
Enter a value. Press Enter to leave empty.
description> 

2025/07/23 08:17:55 DEBUG : icloud2: config in: state="*all-set,6,true", result=""
2025/07/23 08:17:55 DEBUG : icloud2: config out: out=&{State:*all,7,true Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:55 DEBUG : icloud2: config in: state="*all,7,true", result=""
2025/07/23 08:17:55 DEBUG : icloud2: config out: out=&{State:*all-advanced Option:false OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:55 DEBUG : icloud2: config: reading config parameter "config_fs_advanced"
Edit advanced config?
y) Yes
n) No (default)
y/n> 

2025/07/23 08:17:59 DEBUG : icloud2: config in: state="*all-advanced", result="false"
2025/07/23 08:17:59 DEBUG : icloud2: config out: out=&{State:*postconfig Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/23 08:17:59 DEBUG : icloud2: config in: state="*postconfig", result=""
2025/07/23 08:17:59 DEBUG : icloud2: config in: state="", result=""
2025/07/23 08:17:59 DEBUG : icloud: Authenticating as email@email.com
2025/07/23 08:17:59 DEBUG : icloud2: config out: out=<nil>, err=Post "https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true": dial tcp: lookup idmsa.apple.com: no such host
2025/07/23 08:17:59 DEBUG : icloud2: config out: out=<nil>, err=Post "https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true": dial tcp: lookup idmsa.apple.com: no such host
Error: Post "https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true": dial tcp: lookup idmsa.apple.com: no such host
Usage:
  rclone config edit [flags]

Flags:
  -h, --help   help for edit

Use "rclone [command] --help" for more information about a command.
Use "rclone help flags" for to see the global flags.
Use "rclone help backends" for a list of supported services.

2025/07/23 08:17:59 NOTICE: Fatal error: Post "https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true": dial tcp: lookup idmsa.apple.com: no such host 

perhaps a dns issue?

ping idmsa.apple.com

Pinging idmsa.idms-apple.com.akadns.net [17.179.252.64] with 32 bytes of data:
Reply from 17.179.252.64: bytes=32 time=75ms TTL=45

oh interesting thanks —i will try later on my home wifi rather than the enterprise wifi i am on now & mess with DNS settings and report back.

For what it's worth, I am getting it too on my mac at work and my Ubuntu VPS. Neither is a great test as the mac is behind a pretty intense corporate firewall and the VPS is not a mac.

For what it's worth, I am getting this error too on my HP Chromebook running Debian bookworm. I have use 'rclone config' to set this up before and it worked, but now, after deleting the drive and readding it, I get the same error as above. Is there possibly a config database that is holding an old credential that needs to be deleted?

Update: hand removed ~/.config/rclone/rclone.conf to see if it would work from scratch. It regenerated the file with a password that, I assume, is a session ID. However, the error says that it is am invalid session ID. Did Apple change the process and, thus, break Rclone?

This is a good test. I did the same, but just with defining a new config. I got the same error.

It turns out we are not alone. See Invalid Session Token while connecting to iCloud · Issue #8587 · rclone/rclone · GitHub which also has a suggested workaround. Sounds like mixed luck on the workaround.

I'm adding to the thread here mainly to stay up to date. I have the same basic issues and have tried similar fixes: Ubuntu 24.04.3 system; rclone v1.70.3; have been very happily been using iclouddrive for several months prior. I first got the same bad token error, then deleted and re-created the config, and lastly seem to be stuck with the same HTTP 400 errors. Claude says this is most likely an unexpected change on the Apple side which makes sense to me. Hoping it's resolvable.

The latest discovery on Issue #8587 was that building rclone 1.71.0-DEV from source works, whereas the prebuilt binaries did not. I tried that and it finally fixed the problem for me.

git clone https://github.com/rclone/rclone.git
cd rclone
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build

Tried this today without success.

I built rclone v1.72.0-DEV from source to run on ubuntu 24.04 (64 bit), and received this error:

``
Error: HTTP error 400 (400 Bad Request) returned body: "{"success":false,"error":"Invalid Session Token"}"
```

Most annoying!

Yeah, the community reports on that github issue have in the meantime also shown mixed success, i.e., it worked for some people, but not others. There is no clear understanding of the difference between the success and failure cases thought. Some people have started to suspect that Apple’s servers are throttling this.

24.04 here –> self compiling 1.72 dev from source worked for me

It looks like there is now an explanation of the observed behavior and a workaround on github Issue #8587 that works for most (all?) people:

Apple is apparently throttling/denying traffic based on what the request’s user-agent string is. When you compile from source, part of the user-agent string is different (i.e., the exact version number), which is why that worked for some people. If you explicitly set a random user-agent string, it seems that the request always goes through. I.e.,

rclone --user-agent="your-own-random-string" config reconnect iclouddrive:

Tried this today

I can confirm that it solved the issue for me.

This is an amazing find. I can also confirm the –user-agent flag works for me. Many thanks!