SOLVED - Error Unauthorized on API requests

I just set up cockpit with Apache.
the web interface works as it should, but i cant access the apis. i always get


i tried with the master key, with a custom token and with user tokens

does anybody have a clue? i thought that maybe it is apaches fault, but i have the .htaccess file with mod_rewrite. also url navigation in the interface works, so rewrite should be correct


<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^(.*)$ index.php?$1

apache config:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin a@a
        DocumentRoot /var/www/

        <Directory /var/www/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <IfModule mod_dir.c>
            DirectoryIndex index.php index.cgi index.html index.xhtml $

       SSLCertificateFile /etc/letsencrypt/live/
       SSLCertificateKeyFile /etc/letsencrypt/live/
       Include /etc/letsencrypt/options-ssl-apache.conf

any help is much appreciated!

Solved it by replacing my .htaccess with the one from