Overview

API Key authentication failures (401/403 errors) are common issues. This article provides systematic troubleshooting and solutions.

Error Types

Troubleshooting Process

1. Check Key Existence

import os

api_key = os.getenv("API_KEY")
if not api_key:
    raise ValueError("API_KEY environment variable not set")

2. Check Header Format

import httpx

# Correct format
headers = {
    "Authorization": f"Bearer {api_key}"  # Note uppercase Bearer
}

# Wrong examples
# "bearer {api_key}"  # lowercase
# "Token {api_key}"    # wrong prefix

3. Check Key Validity

from datetime import datetime, timedelta

key_created = os.getenv("KEY_CREATED_AT")
if key_created:
    created = datetime.fromisoformat(key_created)
    expiry = created + timedelta(days=90)
    if datetime.now() > expiry:
        print("API Key has expired!")

Common Questions

Q1: Difference between Bearer and Token?

Bearer is the OAuth 2.0 standard format. Most APIs use Bearer {key}. Token prefix is for legacy systems.

Q2: API Key vs Access Token?

API Key is a static key, long-lived. Access Token is a short-lived OAuth token that needs periodic refresh.

Q3: How to store API Keys securely?

1. Use environment variables, not hardcoded
2. Use secrets management (AWS Secrets Manager)
3. Never commit to git

Best Practices

# .env file (never commit to git)
API_KEY=your-api-key-here

# Python code
from dotenv import load_dotenv
load_dotenv()
api_key = os.getenv("API_KEY")

References

• OAuth 2.0 Bearer Token Usage
• HTTP Authentication Framework