401 - Unauthorized

Your API key didn't authenticate. Here's how to fix it.

json
{
  "error": {
    "code":    "authentication_error",
    "message": "Invalid or missing API key"
  }
}

Four common causes

  1. Missing `Bearer` prefix. The header must be Authorization: Bearer hw_live_..., not just hw_live_....
  2. Key was revoked. Check Dashboard → Keys. Revoked keys show a red badge. Generate a new one.
  3. Typo or truncation. Copy the key fresh from your secret manager. Keys are hw_live_ + 32 hex characters.
  4. Wrong environment variable. HIWAY_API_KEY vs HIWAY_KEY - make sure your app reads the right one.

Keys never rotate on their own

HiWay does not expire or rotate keys automatically. If your key stopped working, either it was revoked (by you or a team member) or the value being sent is wrong. Never the server's fault.

Previous

402 - Quota or budget exceeded

Next

429 - Rate limited