How to Fix "Invalid API Key" (OpenAI / Claude API) — 401 Authentication Errors
Fix OpenAI, Claude, and third-party "invalid api key" or 401 authentication errors. Check key format, base URL, and headers — then verify your key instantly with APIMaster's free API Key Tester.
Published 2026-06-29
An invalid api key error (usually HTTP 401 Unauthorized) means the provider could not authenticate your request. The API never runs your prompt — it rejects the call at the front door. Common strings include Incorrect API key provided, invalid_api_key, authentication_error, and Invalid Authorization header.
Fast fixes: confirm the key is copied without extra spaces, send Authorization: Bearer YOUR_KEY, point base_url at the right host (OpenAI vs Anthropic vs your relay), and regenerate the key if it was revoked. Test in 10 seconds: paste your key into the free APIMaster API Key Tester — no signup required.
What This Error Means
OpenAI-compatible APIs expect an API key in the Authorization header:
Authorization: Bearer sk-proj-...
Anthropic's Messages API uses x-api-key instead:
x-api-key: sk-ant-...
When the key is missing, malformed, expired, or issued for a different service, you get 401 with JSON like:
{
"error": {
"message": "Incorrect API key provided: sk-****XXXX. You can find your API key at https://platform.openai.com/account/api-keys.",
"type": "invalid_request_error",
"code": "invalid_api_key"
}
}
Claude / Anthropic responses are similar (authentication_error, invalid x-api-key). Third-party relays often forward the upstream message verbatim, so you may see the same text even when the real problem is wrong base URL or a dead reseller key.
This is not a content moderation 400 and not a rate limit 429 — authentication fails before quota or safety checks matter.
Common Causes
- Typo or truncated key — copy/paste dropped characters, or the UI showed
sk-...XXXXand you pasted the masked version. - Whitespace or quotes in
.env—OPENAI_API_KEY=" sk-..."or trailing newline breaks auth silently in some SDKs. - Wrong header name — using
Beareron Anthropic, orx-api-keyon OpenAI, or forgetting the header entirely. - Wrong
base_url— OpenAI key sent to Anthropic host (or vice versa); relay key sent toapi.openai.cominstead of the reseller endpoint. - Revoked or rotated key — key deleted in the dashboard, org switched, or relay account suspended for non-payment.
- Project vs legacy key mismatch — OpenAI project-scoped keys (
sk-proj-) tied to a project ID your SDK does not pass correctly. - Expired trial / empty balance on relay — some gateways return generic
invalid api keywhen the account is disabled, even though the string format looks valid.
How to Fix It
1. Verify the key with a live request
Use the API Key Tester: enter your key, optional custom base URL, pick a model, click Test. You immediately see latency, HTTP status, and the model response — the fastest way to separate bad key from wrong endpoint or upstream outage.
2. Check header and SDK setup
OpenAI Python:
from openai import OpenAI
client = OpenAI(api_key="sk-...", base_url="https://api.openai.com/v1") # or your relay URL
client.chat.completions.create(model="gpt-4o-mini", messages=[{"role": "user", "content": "ping"}])
Anthropic Python:
import anthropic
client = anthropic.Anthropic(api_key="sk-ant-...")
client.messages.create(model="claude-sonnet-4-20250514", max_tokens=16, messages=[{"role": "user", "content": "ping"}])
Ensure the environment variable name matches what your tool reads (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.).
3. Match base URL to key source
| Key from | Typical base URL |
|---|---|
| OpenAI official | https://api.openai.com/v1 |
| Anthropic official | https://api.anthropic.com (Messages API) |
| APIMaster / relay | https://apimaster.ai/v1 (OpenAI-compatible) |
Using an APIMaster key against api.openai.com always fails — and the reverse is true for official keys on relay hosts.
4. Regenerate and update secrets
If the key was leaked, rotated, or shared in a repo, create a new key in the provider console, update CI/CD and .env, and revoke the old one.
5. Confirm account status
For official APIs: billing active, organization not suspended. For relays: balance > 0, account not banned. Some platforms mask billing failures as auth errors.
How APIMaster Helps
Still stuck, or need a fresh working key? APIMaster is an OpenAI-compatible aggregated API built around three strengths:
| Advantage | What you get |
|---|---|
| Discount | Marketplace pricing — up to ~90% off OpenAI-list and ~85% off Claude-list rates (live prices on site). |
| Stability | One endpoint https://apimaster.ai/v1 and one key for many models — fewer host/key mismatches that look like invalid API key errors; multi-channel backup. |
| Model fidelity | A valid key can still serve the wrong model — verify with fingerprint detection. Test connectivity first: API Key Tester. |
From $1 top-up, pay-as-you-go, no subscription.
Related API Errors
- api error 400 messages text content blocked — moderation, not authentication
- OpenAI rate limit exceeded — 429 after auth succeeds
- Claude / Anthropic 529 overloaded — capacity with a valid key
- ChatGPT unsupported location — region blocked
- All API error fix guides — full index
FAQ
What does "invalid api key" mean on OpenAI?
The server rejected your Authorization header — wrong key, wrong format, revoked key, or key used on the wrong API host. Regenerate the key or verify with the API Key Tester.
Why does Claude say "invalid x-api-key"?
Anthropic requires the raw key in the x-api-key header (not Bearer). Double-check the header name and that you are calling api.anthropic.com, not an OpenAI-compatible URL.
Can a valid-looking key still fail?
Yes — if the account is disabled, the project was deleted, or you hit the wrong base_url. Always test with a minimal request or the Key Tester.
Does APIMaster use OpenAI-style Bearer auth?
Yes. APIMaster is OpenAI-compatible: Authorization: Bearer <your-apimaster-key> and base_url=https://apimaster.ai/v1.