you likely just fluffed the syntax somewhere - if you can post a little more content around the commands you're using we can probably help.
However.... call me paranoid if you like, but I do find it quite alarming that people are happy to put something that knows your home address, movement habits, real-time location of your car and holds the token that has the ability to remotely unlock and start your car.. on the public internet with just single factor http basic auth and no rate limiting/brute-force protection etc to protect it (i.e. something that a 12 year old with an afternoon or two to spare can likely defeat). Sure, pin to drive will stop it being driven away, but still....
I would strongly advise at least looking into something a little more robust like cloudflare access/argo tunnel, zerotier etc to better protect it and not expose it all to the world.