Skip to main content

Invalid API Key

Use this page when an API request fails because the key is missing, invalid, inactive, or not recognized.

Symptoms

You may see:

  • 401 Unauthorized
  • Invalid API key
  • Missing X-API-Key header
  • SDK AuthenticationError
  • Dashboard API Testing fails before returning a result

Likely Causes

Common causes include:

  • The X-API-Key header is missing.
  • The key was copied incorrectly.
  • Extra spaces or line breaks were included.
  • The key belongs to another account or environment.
  • The key has expired.
  • The application is using an old environment variable value.

How to Check

  1. Open API Key Management.
  2. Reveal the key and copy it again.
  3. Confirm your request sends the key in the X-API-Key header.
  4. Confirm your app reads the correct environment variable.
  5. Restart your local app or server after changing environment variables.

Example header:

X-API-Key: custodian_labs_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

How to Fix

  • Copy the key again from the dashboard.
  • Remove leading or trailing spaces.
  • Use the correct header name: X-API-Key.
  • Update your .env or secret manager.
  • Restart the application after updating secrets.
  • If the key is expired, activate or renew a plan and use the current key.