Skip to main content

invalid-api-key

HTTP status: 401 Unauthorized Type URI: https://docs.evinor.ai/problems/invalid-api-key

The request's API key could not be authenticated. For security, Evinor returns this same response whether the key is missing, malformed, unknown, or was revoked — the API never reveals which, so a key's existence can't be probed.

Common causes

  • No Authorization header, or one that doesn't use the Bearer scheme.
  • A malformed key — a typo, truncation, or a value that isn't a real Evinor key. A well-formed key starts with evnr_live_ and is 46 characters long.
  • A key that was revoked from Settings → API keys.

How to resolve

  • Send the key as Authorization: Bearer evnr_live_....
  • Verify the key wasn't truncated when copied or stored.
  • If the key may be revoked or lost, create a new one and update your integration. The raw key is shown only once at creation.

See Authentication for the full key format and header usage.