UNAUTHORIZED — Missing or invalid API key

Summary

The request reached the API but didn’t include a valid key in the x-api-key header. The most common cause is sending the key in Authorization: Bearer ... instead, or omitting the header entirely.

HTTP status

401 Unauthorized. Standard envelope.

Example response

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing or invalid API key. Pass it in the x-api-key header.",
    "request_id": "req_01HXJZK4ABCDEF",
    "doc_url": "https://docs.surveycoder.io/errors/unauthorized"
  }
}

Why this happens

• The x-api-key header is missing.
• The key was sent as Authorization: Bearer ... (we don’t accept that — keys go in x-api-key).
• The key value is malformed (must start with scp_live_ or scp_test_).
• A proxy or middleware stripped the custom header before the request hit our edge.

How to fix it

1. Confirm the header name is exactly x-api-key (lowercase by convention, but case-insensitive on our side).
2. Confirm the value starts with scp_live_ (production) or scp_test_ (testing) and is 40+ characters long.
3. If you use a fetch wrapper or HTTP client with Authorization-only defaults, set x-api-key explicitly:

curl

curl https://api.surveycoder.io/v1/usage \
  -H "x-api-key: $SCP_API_KEY"

TypeScript

await fetch('https://api.surveycoder.io/v1/usage', {
  headers: { 'x-api-key': process.env.SCP_API_KEY! },
});

4. If your key looks right but still fails, it may have been revoked or expired.

Tip

Rotate keys regularly. Old scp_test_... keys created during onboarding are common culprits — generate a fresh key at surveycoder.io/api-keys.

Related

• AUTH_ERROR — key looks valid but couldn’t be resolved
• KEY_REVOKED
• KEY_EXPIRED