Skip to main content
Your request included an Authorization: Bearer <key> header, but the key itself didn’t resolve to an active credential — it’s malformed, has been revoked, or was never issued.
401 application/problem+json
This is distinct from missing-credentials: the header was present, so the problem is the key’s value, not its absence.

Fix it

1

Check the key you sent

Confirm you’re sending the full plaintext key exactly as issued — no truncation, no extra whitespace, no leftover <your-api-key> placeholder. Keys are shown in full only once, at creation.
2

Rotate the key if it was revoked or lost

If the key was deleted, or you no longer have the plaintext, create a fresh one at permitcore.io/account/api-keys and update your environment. Revoked keys never reactivate.
3

Resubmit

Common causes

  • The key was revoked from the dashboard (any request with it now fails).
  • Only part of the key was copied, or a placeholder was never replaced.
  • A key from a different environment/account was used.
  • Stray characters (newline, quotes) around the key in a config file or shell.

Manage your keys

Create, view usage for, and revoke keys from the developer console.
See also Authentication and the full error catalog. Every response carries an x-request-id header — include it in any support request.