How to fix: 401 authentication error / invalid API key
Cause
The API key is missing, malformed, revoked, or sent the wrong way (e.g. an OAuth token in the API-key header).
The fix
- 1Confirm the key is set in the environment and loaded — not hardcoded, not an empty string.
- 2Check you’re not setting two conflicting credentials at once (e.g. both an API key and an auth token) — some SDKs send both and the API rejects it.
- 3For OAuth/bearer tokens, send them in the `Authorization: Bearer` header, not the API-key header.
- 4Verify the key hasn’t been revoked and has access to the model/workspace you’re calling.
- 5Rotate the key if it may have leaked, and move it into a secrets manager.
Prevent it
Load keys from a secrets manager, never commit them, and scope keys narrowly per service.
Frequently asked questions
What causes “401 authentication error / invalid API key”?
The API key is missing, malformed, revoked, or sent the wrong way (e.g. an OAuth token in the API-key header).
How do I prevent “401 authentication error / invalid API key” from recurring?
Load keys from a secrets manager, never commit them, and scope keys narrowly per service.