Authorization: Bearer <key> header, but the key
itself didn’t resolve to an active credential — it’s malformed, has been
revoked, or was never issued.
401 application/problem+json
missing-credentials: the
header was present, so the problem is the key’s value, not its absence.
Fix it
1
Check the key you sent
Confirm you’re sending the full plaintext key exactly as issued — no
truncation, no extra whitespace, no leftover
<your-api-key> placeholder.
Keys are shown in full only once, at creation.2
Rotate the key if it was revoked or lost
If the key was deleted, or you no longer have the plaintext, create a fresh
one at
permitcore.io/account/api-keys
and update your environment. Revoked keys never reactivate.
3
Resubmit
Common causes
- The key was revoked from the dashboard (any request with it now fails).
- Only part of the key was copied, or a placeholder was never replaced.
- A key from a different environment/account was used.
- Stray characters (newline, quotes) around the key in a config file or shell.
Manage your keys
Create, view usage for, and revoke keys from the developer console.
x-request-id header — include it in any support
request.