401 — Unauthorized

Your API key didn't authenticate. Here's how to fix it.

json
{
  "error": {
    "message": "Invalid or missing API key",
    "type": "authentication_error"
  }
}

Four common causes

  1. Missing `Bearer` prefix. The header must be Authorization: Bearer hwy_xxx, not just hwy_xxx.
  2. Key was revoked. Check Settings → API Keys. Revoked keys show a red badge. Generate a new one.
  3. Typo or truncation. Copy the key fresh from your secret manager. Keys are 51 characters long (hwy_ + 47 chars).
  4. Wrong environment variable. HIWAY_API_KEY vs HIWAY_KEY vs HWY_KEY — make sure your app reads the right one.

Keys never rotate on their own

HiWay does not expire or rotate keys automatically. If your key stopped working, either it was revoked (by you or a team member) or the value being sent is wrong. Never the server's fault.

Previous

402 — Insufficient credits

Next

429 — Rate limited